diff --git a/services/veles/backend-deployment.yaml b/services/veles/backend-deployment.yaml
index 2ecbbe00..b4763249 100644
--- a/services/veles/backend-deployment.yaml
+++ b/services/veles/backend-deployment.yaml
@@ -7,7 +7,7 @@ metadata:
   labels:
     app: veles-backend
 spec:
-  replicas: 0
+  replicas: 1
   revisionHistoryLimit: 2
   selector:
     matchLabels:
@@ -27,7 +27,8 @@ spec:
           value: "true"
           effect: NoSchedule
       securityContext:
-        fsGroup: 1000
+        fsGroup: 10001
+        fsGroupChangePolicy: OnRootMismatch
         seccompProfile:
           type: RuntimeDefault
       containers:
@@ -38,6 +39,18 @@ spec:
             - name: http
               containerPort: 8796
               protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /api/v1/ready
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /api/v1/live
+              port: http
+            initialDelaySeconds: 20
+            periodSeconds: 20
           envFrom:
             - configMapRef:
                 name: veles-app-config
@@ -52,8 +65,8 @@ spec:
               memory: 4Gi
           securityContext:
             runAsNonRoot: true
-            runAsUser: 1000
-            runAsGroup: 1000
+            runAsUser: 10001
+            runAsGroup: 10001
             allowPrivilegeEscalation: false
             capabilities:
               drop: ["ALL"]
diff --git a/services/veles/configmap.yaml b/services/veles/configmap.yaml
index 36c20903..c7f26545 100644
--- a/services/veles/configmap.yaml
+++ b/services/veles/configmap.yaml
@@ -6,12 +6,19 @@ metadata:
   namespace: veles
 data:
   VELES_ENV: alpha
+  VELES_PROFILE: cluster
+  VELES_AUTH_MODE: oidc
+  VELES_SIM_RUNNER: kubernetes-job
+  VELES_PUBLIC_URL: https://veles.bstein.dev
   VELES_PUBLIC_BASE_URL: https://veles.bstein.dev
   VELES_BACKEND_HTTP_PORT: "8796"
   VELES_FRONTEND_HTTP_PORT: "8080"
+  VELES_OIDC_ISSUER_URL: https://sso.bstein.dev/realms/veles
   VELES_OIDC_ISSUER: https://sso.bstein.dev/realms/veles
   VELES_OIDC_CLIENT_ID: veles-web
+  VELES_OIDC_ALLOWED_GROUPS: alpha,admin
   VELES_OIDC_REQUIRED_GROUPS: alpha,admin
+  VELES_OIDC_ADMIN_GROUPS: admin
   VELES_OIDC_GROUPS_CLAIM: groups
   VELES_OIDC_ROLES_CLAIM: realm_access.roles
   VELES_DATABASE_HOST: veles-postgres.veles.svc.cluster.local
@@ -19,12 +26,30 @@ data:
   VELES_DATABASE_NAME: veles
   VELES_ARTIFACTS_PATH: /data/veles-artifacts
   VELES_ARTIFACTS_MODE: rwo-backend-owned
+  VELES_LOG_ROOT: /data/veles-artifacts/logs
+  VELES_REPORT_ROOT: /data/veles-artifacts/reports
+  VELES_ARTIFACT_ROOT: /data/veles-artifacts/artifacts
+  VELES_RETENTION_DAYS: "30"
   VELES_SIM_NAMESPACE: veles
+  VELES_NAMESPACE: veles
+  VELES_SIM_IMAGE: registry.bstein.dev/veles/veles-sim-worker:0.1.0-0 # {"$imagepolicy": "veles:veles-sim-worker"}
   VELES_SIM_SERVICE_ACCOUNT: veles-sim
   VELES_SIM_PRIORITY_CLASS: veles-sim
-  VELES_SIM_NODE_SELECTOR: veles.bstein.dev/simulation=true
+  VELES_SIM_NODE_SELECTOR: veles.bstein.dev/node-pool=oceanus,kubernetes.io/arch=amd64
+  VELES_SIM_TOLERATIONS: veles.bstein.dev/simulation=true:NoSchedule
   VELES_SIM_TOLERATION_KEY: veles.bstein.dev/simulation
   VELES_SIM_TOLERATION_VALUE: "true"
+  VELES_SIM_ACTIVE_DEADLINE_SECONDS: "7200"
+  VELES_SIM_TTL_SECONDS: "3600"
+  VELES_SIM_CPU_REQUEST: 500m
+  VELES_SIM_CPU_LIMIT: "2"
+  VELES_SIM_MEMORY_REQUEST: 1Gi
+  VELES_SIM_MEMORY_LIMIT: 4Gi
+  VELES_SIM_ARTIFACT_PVC: veles-artifacts
+  VELES_SIM_ARTIFACT_MOUNT_PATH: /data/veles-artifacts
+  VELES_SIM_FS_GROUP: "10001"
+  VELES_MAX_ACTIVE_SIMS_PER_USER: "1"
+  VELES_MAX_ACTIVE_SIMS_GLOBAL: "4"
   VELES_RETENTION_NODE_SELECTOR: veles.bstein.dev/simulation=true
   VELES_RETENTION_TOLERATION_KEY: veles.bstein.dev/simulation
   VELES_RETENTION_TOLERATION_VALUE: "true"
diff --git a/services/veles/frontend-deployment.yaml b/services/veles/frontend-deployment.yaml
index b4215e4c..a886c7fd 100644
--- a/services/veles/frontend-deployment.yaml
+++ b/services/veles/frontend-deployment.yaml
@@ -7,7 +7,7 @@ metadata:
   labels:
     app: veles-frontend
 spec:
-  replicas: 0
+  replicas: 2
   revisionHistoryLimit: 2
   selector:
     matchLabels:
@@ -42,7 +42,8 @@ spec:
                     operator: In
                     values: ["rpi5"]
       securityContext:
-        fsGroup: 1000
+        fsGroup: 101
+        fsGroupChangePolicy: OnRootMismatch
         seccompProfile:
           type: RuntimeDefault
       containers:
@@ -53,6 +54,18 @@ spec:
             - name: http
               containerPort: 8080
               protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 3
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+            initialDelaySeconds: 20
+            periodSeconds: 20
           envFrom:
             - configMapRef:
                 name: veles-app-config
@@ -65,8 +78,8 @@ spec:
               memory: 512Mi
           securityContext:
             runAsNonRoot: true
-            runAsUser: 1000
-            runAsGroup: 1000
+            runAsUser: 101
+            runAsGroup: 101
             allowPrivilegeEscalation: false
             capabilities:
               drop: ["ALL"]