diff --git a/attic/policy.hujson b/attic/policy.hujson
index 830daad6..7ebb297a 100644
--- a/attic/policy.hujson
+++ b/attic/policy.hujson
@@ -2,10 +2,6 @@
   // groups are collections of users having a common scope. A user can be in multiple groups
   // groups cannot be composed of groups
   "groups": {
-    "group:hpc-clusters": [
-      "ekman",
-      "rossby",
-    ],
     "group:admin": [
       "jonas.juselius@oceanbox.io",
       "Moritz.Jorg@oceanbox.io",
@@ -59,11 +55,10 @@
     "printer.office.tos": "10.132.46.108/32",
     "net.office.tos": "10.132.46.0/24",
     "net.dc.tos": "10.255.241.0/24",
-    "net.ceph.tos": "10.255.244.0/24",
+    "net.100gbe.tos": "10.255.244.0/24",
     "net.mgmt.tos": "10.255.240.0/24",
-    "net.rossby": "172.16.239.0/24",
-    "net.mgmt.rossby": "172.16.238.0/24",
-    "net.k8s.svc": "10.96.0.0/12",
+    "net.dc.vtn": "172.16.239.0/24",
+    "net.mgmt.vtn": "172.16.238.0/24",
   },
   "acls": [
     {
@@ -74,29 +69,28 @@
         "group:oceanographer",
         "group:manager",
         "group:dev",
-        "group:hpc-clusters",
       ],
       "dst": [
-        "mumindalen:0",
-        "relay-vtn:0",
-        "rossby-manage:22",
-        "rossby:22",
-        "ekman:22",
-        "ekman-manage:22",
+        "100.64.0.0/24:0",
+        "100.64.0.0/24:22",
       ]
     },
     {
       "action": "accept",
-      "src": [ "group:hpc-clusters" ],
+      "src": [ "ekman", "net.dc.tos" ],
+      "dst": [
+        "net.dc.vtn:*",
+        "100.64.0.0/24:0",
+        "100.64.0.0/24:22",
+      ]
+    },
+    {
+      "action": "accept",
+      "src": [ "rossby", "net.dc.vtn" ],
       "dst": [
         "net.dc.tos:*",
-        "net.mgmt.tos:*",
-        "net.ceph.tos:*",
-        "net.office.tos:*",
-        "net.rossby:*",
-        "net.mgmt.rossby:*",
-        "net.dc.tos:*",
-        "net.k8s.svc:*",
+        "100.64.0.0/24:0",
+        "100.64.0.0/24:22",
       ]
     },
     {
@@ -105,11 +99,10 @@
       "dst": [
          "net.dc.tos:*",
          "net.mgmt.tos:*",
-         "net.ceph.tos:*",
+         "net.100gbe.tos:*",
          "net.office.tos:*",
-         "net.rossby:*",
-         "net.mgmt.rossby:*",
-         "net.k8s.svc:*",
+         "net.dc.vtn:*",
+         "net.mgmt.vtn:*",
       ]
     },
     {
@@ -147,7 +140,7 @@
           "group:dev",
       ],
       "dst": [
-         "100.64.0.1/24:*",
+         "100.64.0.0/24:*",
          "autogroup:internet:*",
       ]
     },
diff --git a/values/velero/values/velero.yaml.gotmpl b/values/velero/values/velero.yaml.gotmpl
index c6d89ec2..86583e25 100644
--- a/values/velero/values/velero.yaml.gotmpl
+++ b/values/velero/values/velero.yaml.gotmpl
@@ -72,3 +72,6 @@ metrics:
        for: 15m
        labels:
          severity: critical
+kubectl:
+  image:
+    repository: docker.io/bitnamilegacy/kubectl