diff --git a/.github/workflows/lint-test-matrix.yaml b/.github/workflows/lint-test-matrix.yaml
index 0e085941..84d9b17e 100644
--- a/.github/workflows/lint-test-matrix.yaml
+++ b/.github/workflows/lint-test-matrix.yaml
@@ -19,7 +19,7 @@ jobs:
         - v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: "0"
 
diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml
index ea28a138..4721000b 100644
--- a/.github/workflows/lint-test.yaml
+++ b/.github/workflows/lint-test.yaml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
     - name: Install Helm
       run: |
         cd /tmp
@@ -61,7 +61,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: "0"
 
@@ -100,7 +100,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: "0"
 
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 3726cbab..522bb8ac 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: "0"
 
diff --git a/.github/workflows/test-suite.yaml b/.github/workflows/test-suite.yaml
index 9599fb08..5e4be252 100644
--- a/.github/workflows/test-suite.yaml
+++ b/.github/workflows/test-suite.yaml
@@ -40,7 +40,7 @@ jobs:
       continue-on-error: true
 
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: "0"
 
diff --git a/Makefile b/Makefile
index 5f816c15..58a6bb69 100644
--- a/Makefile
+++ b/Makefile
@@ -117,7 +117,7 @@ install-mariadb:
 		--wait \
 		--timeout $(TIMEOUT) \
 		$$($(KUBECTL) get ns mariadb > /dev/null 2>&1 && echo --set auth.rootPassword=$$($(KUBECTL) get secret --namespace mariadb mariadb -o json | $(JQ) -r '.data."mariadb-root-password" | @base64d')) \
-		--version=11.5.7 \
+		--version=12.2.9 \
 		mariadb \
 		bitnami/mariadb
 
diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml
index 61c58b79..d4262503 100644
--- a/charts/lagoon-build-deploy/Chart.yaml
+++ b/charts/lagoon-build-deploy/Chart.yaml
@@ -16,13 +16,13 @@ kubeVersion: ">= 1.21.0-0"
 
 type: application
 
-version: 0.24.0
+version: 0.25.2
 
-appVersion: v0.14.0
+appVersion: v0.15.2
 
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: update remote-controller appVersion to v0.14.0
+      description: update remote-controller appVersion to v0.15.2
     - kind: changed
-      description: updated lagoontask crd, will require crds to be re-applied
+      description: added flag support for enabling k8up v2 support
diff --git a/charts/lagoon-build-deploy/templates/deployment.yaml b/charts/lagoon-build-deploy/templates/deployment.yaml
index 67cad38b..75d678e6 100644
--- a/charts/lagoon-build-deploy/templates/deployment.yaml
+++ b/charts/lagoon-build-deploy/templates/deployment.yaml
@@ -119,6 +119,9 @@ spec:
         {{- with .Values.lagoonFeatureFlagBackupWeeklyRandom }}
         - "--lagoon-feature-flag-backup-weekly-random={{ . }}"
         {{- end }}
+        {{- with .Values.lagoonFeatureFlagSupportK8upV2 }}
+        - "--lagoon-feature-flag-support-k8upv2={{ . }}"
+        {{- end }}
         {{- with .Values.lagoonBackupDefaultSchedule }}
         - "--backup-default-schedule={{ . }}"
         {{- end }}
diff --git a/charts/lagoon-build-deploy/values.yaml b/charts/lagoon-build-deploy/values.yaml
index 684974f4..ed1d2871 100644
--- a/charts/lagoon-build-deploy/values.yaml
+++ b/charts/lagoon-build-deploy/values.yaml
@@ -48,6 +48,7 @@ namespacePrefix: ""
 # lagoonFeatureFlagDefaultInsights: disabled
 # lagoonFeatureFlagForceRWX2RWO: disabled
 # lagoonFeatureFlagDefaultRWX2RWO: disabled
+# lagoonFeatureFlagSupportK8upV2: false
 
 # It is also possible to define feature flags using `extraEnvs` by defining them like so
 # this method is useful for enabling features on the fly, ones that might not have built in support
diff --git a/charts/lagoon-remote/Chart.lock b/charts/lagoon-remote/Chart.lock
index 5bd1617b..8d13133e 100644
--- a/charts/lagoon-remote/Chart.lock
+++ b/charts/lagoon-remote/Chart.lock
@@ -1,7 +1,7 @@
 dependencies:
 - name: lagoon-build-deploy
   repository: https://uselagoon.github.io/lagoon-charts/
-  version: 0.24.0
+  version: 0.25.2
 - name: dioscuri
   repository: https://amazeeio.github.io/charts/
   version: 0.4.1
@@ -11,5 +11,5 @@ dependencies:
 - name: nats
   repository: https://nats-io.github.io/k8s/helm/charts/
   version: 0.19.17
-digest: sha256:5bf74bd117c2e5ae31d4084a588c52dd9408bbcc54cd0c86abf763d35f583412
-generated: "2023-07-28T09:49:56.393491706+08:00"
+digest: sha256:8ca3385f69f64eed0be9276ea4fb5b59e13e0caac5777e50bfae80fd6fd29cb0
+generated: "2023-10-06T10:49:35.479733592+11:00"
diff --git a/charts/lagoon-remote/Chart.yaml b/charts/lagoon-remote/Chart.yaml
index b46d57ef..56b01e09 100644
--- a/charts/lagoon-remote/Chart.yaml
+++ b/charts/lagoon-remote/Chart.yaml
@@ -19,11 +19,11 @@ type: application
 # This is the chart version. This version number should be incremented each
 # time you make changes to the chart and its templates, including the app
 # version.
-version: 0.81.0
+version: 0.83.2
 
 dependencies:
 - name: lagoon-build-deploy
-  version: ~0.24.0
+  version: ~0.25.0
   repository: https://uselagoon.github.io/lagoon-charts/
   condition: lagoon-build-deploy.enabled
 - name: dioscuri
@@ -45,6 +45,4 @@ dependencies:
 annotations:
   artifacthub.io/changes: |
     - kind: changed
-      description: update lagoon-ssh-portal to v0.30.1
-    - kind: changed
-      description: update NATS chart dependency to v0.19.17
+      description: update lagoon-build-deploy to v0.25.2
diff --git a/charts/lagoon-remote/templates/_helpers.tpl b/charts/lagoon-remote/templates/_helpers.tpl
index a0fd1b6f..56cd7263 100644
--- a/charts/lagoon-remote/templates/_helpers.tpl
+++ b/charts/lagoon-remote/templates/_helpers.tpl
@@ -155,6 +155,43 @@ app.kubernetes.io/instance: {{ .Release.Name }}
 
 
 
+{{/*
+Create the name of the service account to use for sshCore.
+*/}}
+{{- define "lagoon-remote.sshCore.serviceAccountName" -}}
+{{- default (include "lagoon-remote.sshCore.fullname" .) .Values.sshCore.serviceAccount.name }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name for sshCore.
+*/}}
+{{- define "lagoon-remote.sshCore.fullname" -}}
+{{- include "lagoon-remote.fullname" . }}-ssh-core
+{{- end }}
+
+{{/*
+Common labels sshCore.
+*/}}
+{{- define "lagoon-remote.sshCore.labels" -}}
+helm.sh/chart: {{ include "lagoon-remote.chart" . }}
+{{ include "lagoon-remote.sshCore.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels sshCore.
+*/}}
+{{- define "lagoon-remote.sshCore.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "lagoon-remote.name" . }}
+app.kubernetes.io/component: {{ include "lagoon-remote.sshCore.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+
+
 {{/*
 Create the name of the service account to use for sshPortal.
 */}}
diff --git a/charts/lagoon-remote/templates/ssh-core.clusterrole.yaml b/charts/lagoon-remote/templates/ssh-core.clusterrole.yaml
new file mode 100644
index 00000000..97250394
--- /dev/null
+++ b/charts/lagoon-remote/templates/ssh-core.clusterrole.yaml
@@ -0,0 +1,36 @@
+{{- if .Values.sshCore.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "lagoon-remote.sshCore.fullname" . }}
+  labels:
+    {{- include "lagoon-remote.sshCore.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - apps
+  resources:
+  - deployments/scale
+  verbs:
+  - get
+  - update
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - pods/exec
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/lagoon-remote/templates/ssh-core.clusterrolebinding.yaml b/charts/lagoon-remote/templates/ssh-core.clusterrolebinding.yaml
new file mode 100644
index 00000000..bb48fb8d
--- /dev/null
+++ b/charts/lagoon-remote/templates/ssh-core.clusterrolebinding.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.sshCore.enabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "lagoon-remote.sshCore.fullname" . }}
+  labels:
+    {{- include "lagoon-remote.sshCore.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "lagoon-remote.sshCore.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace | quote }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "lagoon-remote.sshCore.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{- end }}
diff --git a/charts/lagoon-remote/templates/ssh-core.secret.yaml b/charts/lagoon-remote/templates/ssh-core.secret.yaml
new file mode 100644
index 00000000..750190e8
--- /dev/null
+++ b/charts/lagoon-remote/templates/ssh-core.secret.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.sshCore.enabled -}}
+apiVersion: v1
+kind: Secret
+type: kubernetes.io/service-account-token
+metadata:
+  name: {{ include "lagoon-remote.sshCore.serviceAccountName" . }}-token
+  labels:
+    {{- include "lagoon-remote.sshCore.labels" . | nindent 4 }}
+  annotations:
+    kubernetes.io/service-account.name: {{ include "lagoon-remote.sshCore.serviceAccountName" . }}
+{{- end }}
diff --git a/charts/lagoon-remote/templates/ssh-core.serviceaccount.yaml b/charts/lagoon-remote/templates/ssh-core.serviceaccount.yaml
new file mode 100644
index 00000000..a8d2f6bb
--- /dev/null
+++ b/charts/lagoon-remote/templates/ssh-core.serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.sshCore.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "lagoon-remote.sshCore.serviceAccountName" . }}
+  labels:
+    {{- include "lagoon-remote.sshCore.labels" . | nindent 4 }}
+  {{- with .Values.sshCore.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/charts/lagoon-remote/values.yaml b/charts/lagoon-remote/values.yaml
index 9b0640b1..084cdac2 100644
--- a/charts/lagoon-remote/values.yaml
+++ b/charts/lagoon-remote/values.yaml
@@ -113,6 +113,17 @@ kubernetesBuildDeploy:
     # If not set, a name is generated using the fullname template.
     name:
 
+# sshCore creates a restricted, non-expiring ServiceAccount token for use by
+# lagoon-core.
+sshCore:
+  enabled: false
+  serviceAccount:
+    annotations: {}
+    # The name of the service account to use.
+    # If not set, a name is generated using the fullname
+    # template
+    name: ""
+
 # sshPortal is an optional service providing low-latency SSH connectivity to
 # Lagoon environments.
 sshPortal: