diff --git a/jsonnet/jsonnetfile.json b/jsonnet/jsonnetfile.json
index bfce3b69..38f667a0 100644
--- a/jsonnet/jsonnetfile.json
+++ b/jsonnet/jsonnetfile.json
@@ -46,7 +46,7 @@
           "subdir": "jsonnet/lib"
         }
       },
-      "version": "release-2.5"
+      "version": "main"
     }
   ],
   "legacyImports": true
diff --git a/jsonnet/jsonnetfile.lock.json b/jsonnet/jsonnetfile.lock.json
index 7541956e..8710d143 100644
--- a/jsonnet/jsonnetfile.lock.json
+++ b/jsonnet/jsonnetfile.lock.json
@@ -246,8 +246,8 @@
           "subdir": "jsonnet/lib"
         }
       },
-      "version": "2df9e7bc65394014cc7a1b61f37e0f8837f9ac91",
-      "sum": "axYSi0irj4BhHKYqQ9U575vNaX1Xo8IapJ/BpQUuzQI="
+      "version": "3ee4cccbb8a9f3fdc2ad0a0984897e079aedf368",
+      "sum": "Z2RAxkn9U5rcNqj+3vNLVR5lKZSGW/QoRKHT8EG2ebk="
     },
     {
       "source": {
diff --git a/jsonnet/obs-operator.jsonnet b/jsonnet/obs-operator.jsonnet
index 656bd552..a5a7f7a5 100644
--- a/jsonnet/obs-operator.jsonnet
+++ b/jsonnet/obs-operator.jsonnet
@@ -153,6 +153,9 @@ local operatorObs = obs {
         operatorObs.loki.manifests['distributor-http-service'].metadata.namespace,
         operatorObs.loki.manifests['distributor-http-service'].spec.ports[0].port,
       ],
+     tls: {
+       cipherSuites: 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305',
+     }
     } else {},
   }),
 };
diff --git a/jsonnet/vendor/github.com/stolostron/observatorium/jsonnet/lib/observatorium-api.libsonnet b/jsonnet/vendor/github.com/stolostron/observatorium/jsonnet/lib/observatorium-api.libsonnet
index 09daa09a..37c535ba 100644
--- a/jsonnet/vendor/github.com/stolostron/observatorium/jsonnet/lib/observatorium-api.libsonnet
+++ b/jsonnet/vendor/github.com/stolostron/observatorium/jsonnet/lib/observatorium-api.libsonnet
@@ -25,6 +25,7 @@ local defaults = {
   tls: {},
   rateLimiter: {},
   internal: {},
+  securityContext: {},
 
   commonLabels:: {
     'app.kubernetes.io/name': 'observatorium-api',
@@ -107,6 +108,7 @@ function(params) {
               name: 'observatorium-api',
               image: api.config.image,
               imagePullPolicy: api.config.imagePullPolicy,
+              securityContext: api.config.securityContext,
               args: [
                 '--web.listen=0.0.0.0:%s' % api.config.ports.public,
                 '--web.internal.listen=0.0.0.0:%s' % api.config.ports.internal,
@@ -149,6 +151,12 @@ function(params) {
                         '--tls.healthchecks.server-name=' + api.config.tls.serverName,
                       ]
                     else []
+                  ) + (
+                    if std.objectHas(api.config.tls, 'cipherSuites') then
+                      [
+                        '--tls.cipher-suites=' + api.config.tls.cipherSuites,
+                      ]
+                    else []
                   )
                 else []
               ) + (