diff --git a/containers/apps/db-wait-mongodb/Dockerfile b/containers/apps/db-wait-mongodb/Dockerfile
index 680ce75fbf133..617ec22b6dd0e 100644
--- a/containers/apps/db-wait-mongodb/Dockerfile
+++ b/containers/apps/db-wait-mongodb/Dockerfile
@@ -1,5 +1,5 @@
 # hadolint ignore=DL3007
-FROM ubuntu:latest
+FROM ubuntu:latest@sha256:80dd3c3b9c6cecb9f1667e9290b3bc61b78c2678c02cbdae5f0fea92cc6734ab
 
 ARG TARGETPLATFORM
 ARG VERSION
@@ -8,12 +8,66 @@ USER root
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
+ENV \
+    DEBCONF_NONINTERACTIVE_SEEN=true \
+    DEBIAN_FRONTEND="noninteractive" \
+    APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn \
+    UMASK="0002" \
+    TZ="Etc/UTC"
+
+WORKDIR /app
+
+RUN \
+    set -eux \
+    && echo 'APT::Install-Recommends "false";' >/etc/apt/apt.conf.d/00recommends \
+    && echo 'APT::Install-Suggests "false";' >>/etc/apt/apt.conf.d/00recommends \
+    && echo 'APT::Get::Install-Recommends "false";' >>/etc/apt/apt.conf.d/00recommends \
+    && echo 'APT::Get::Install-Suggests "false";' >>/etc/apt/apt.conf.d/00recommends \
+    && \
+    apt-get -qq update \
+    && \
+    apt-get install -y \
+        bash \
+        ca-certificates \
+        curl \
+        dnsutils \
+        iputils-ping \
+        jo \
+        jq \
+        gnupg \
+        locales \
+        moreutils \
+        pv \
+        tini \
+    nano \
+        tzdata \
+        vim-tiny \
+        unrar \
+        unzip \
+        wget \
+        redis-server \
+        postgresql-client \
+        mariadb-client \
+        libicu74 \
+        pv \
+    git \
+    && \
+    localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 \
+    && ln -s /usr/bin/vim.tiny /usr/local/bin/vi \
+    && ln -s /usr/bin/vim.tiny /usr/local/bin/vim \
+    && ln -s /usr/bin/vim.tiny /usr/local/bin/nano \
+    && ln -s /usr/bin/vim.tiny /usr/local/bin/emacs
+    
+ENV LANG en_US.UTF-8
+
+VOLUME ["/config"]
+
+COPY ./containers/apps/db-wait-mongodb/shim /shim
+
 # hadolint ignore=DL3008,DL3015,SC2086,SC2155,DL4001
 RUN \
   curl -fsSLo /usr/share/keyrings/kubernetes-archive-keyring.gpg https://packages.cloud.google.com/apt/doc/apt-key.gpg \
   && \
-  echo "deb [signed-by=/usr/share/keyrings/kubernetes-archive-keyring.gpg] https://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list \
-  && \
   wget -qO - https://www.mongodb.org/static/pgp/server-6.0.asc | apt-key add - \
   && \
   echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu jammy/mongodb-org/6.0 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-6.0.list \
diff --git a/containers/apps/db-wait-mongodb/shim/sleep.sh b/containers/apps/db-wait-mongodb/shim/sleep.sh
new file mode 100644
index 0000000000000..4cd308d50565e
--- /dev/null
+++ b/containers/apps/db-wait-mongodb/shim/sleep.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+min_seconds="${1:-1}"
+max_seconds="${2:-3600}"
+seconds="$(shuf -i "${min_seconds}"-"${max_seconds}" -n 1)"
+function logz {
+    msg="${1}"
+    level="${2:-info}"
+    printf "\e[1;32m%-6s\e[m\n" "timestamp=\"$(date +"%Y-%m-%dT%H:%M:%S%z")\" level=\"${level}\" msg=\"${msg}\""
+}
+function datez {
+    secs="${1}"
+    printf "%dh%dm%ds" $((secs/3600)) $((secs%3600/60)) $((secs%60))
+}
+printf "\e[1;32m%-6s\e[m\n" "$(logz "min seconds set to ${min_seconds}" "debug")"
+printf "\e[1;32m%-6s\e[m\n" "$(logz "max seconds set to ${max_seconds}" "debug")"
+printf "\e[1;32m%-6s\e[m\n" "$(logz "sleeping for $(datez "${seconds}")" "info")"
+for ((i=seconds;i>0;i--)); do
+    printf "\e[1;32m%-6s\e[m\n" "$(logz "sleeping for $(datez "${i}")" "info")"
+    sleep 1
+done
+printf "\e[1;32m%-6s\e[m\n" "$(logz "done" "debug")"
diff --git a/containers/apps/db-wait-mongodb/shim/steppingstone.sh b/containers/apps/db-wait-mongodb/shim/steppingstone.sh
new file mode 100644
index 0000000000000..02c85c3e4a599
--- /dev/null
+++ b/containers/apps/db-wait-mongodb/shim/steppingstone.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+#shellcheck disable=SC1091
+source "/shim/umask.sh"
+source "/shim/vpn.sh"
+echo "---Checking for optional user script---"
+if [ -f /custom/user.sh ]; then
+    echo "---Found optional script, executing---"
+    chmod +x /custom/user.sh
+    /custom/user.sh
+else
+    echo "---No optional user script found, continuing---"
+fi
+echo "---Checking for container script---"
+if [ -f /custom/start.sh ]; then
+    echo "---Found container script, executing---"
+    chmod +x /custom/start.sh
+    /custom/start.sh
+else
+    echo "---No container script found, continuing---"
+fi
diff --git a/containers/apps/db-wait-mongodb/shim/umask.sh b/containers/apps/db-wait-mongodb/shim/umask.sh
new file mode 100644
index 0000000000000..bea3cc3535eac
--- /dev/null
+++ b/containers/apps/db-wait-mongodb/shim/umask.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+
+umask "${UMASK:-0002}"
diff --git a/containers/apps/db-wait-mongodb/shim/vpn.sh b/containers/apps/db-wait-mongodb/shim/vpn.sh
new file mode 100644
index 0000000000000..936ed5096c50d
--- /dev/null
+++ b/containers/apps/db-wait-mongodb/shim/vpn.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+if [[ "${WAIT_FOR_VPN:-"false"}" == "true" ]]; then
+    echo "Waiting for VPN to be connected..."
+    while ! grep -s -q "connected" /shared/vpnstatus; do
+        echo "VPN not connected"
+        sleep 2
+    done
+    echo "VPN Connected, starting application..."
+fi