diff --git a/chart/assets/operations/instance_groups.yaml b/chart/assets/operations/instance_groups.yaml
new file mode 100644
index 0000000000..2c1a4c16ad
--- /dev/null
+++ b/chart/assets/operations/instance_groups.yaml
@@ -0,0 +1,18 @@
+{{/*
+ This sets labels on the generated StatefulSets to include the information about
+ the helm chart.
+*/}}
+{{- include "_config.load" $ }}
+{{- range $ig_name, $ig := .Values.jobs }}
+  {{- $included := false }}
+  {{- range $job := $ig }}
+    {{- $included = list $ $job.condition | include "_config.condition" | eq "true" | or $included }}
+  {{- end }}
+  {{- if $included }}
+    {{- range $key, $value := list $ $ig_name | include "component.labels" | fromYaml }}
+- type: replace
+  path: /instance_groups/name={{ $ig_name }}/env?/bosh/agent/settings/labels/{{ $key | replace "/" "~1" }}
+  value: {{ $value | quote }}
+    {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/chart/assets/scripts/jobs/pxc/active_passive_probe.sh b/chart/assets/scripts/jobs/pxc/active_passive_probe.sh
deleted file mode 100644
index 77a8ab9baa..0000000000
--- a/chart/assets/scripts/jobs/pxc/active_passive_probe.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-
-leader=$(mysql -sN <<EOF
-  USE kubecf;
-  insert ignore into db_leader_election ( anchor, host, last_seen_active )
-    values ( 1, '${HOSTNAME}', now() ) on duplicate key update host = if(last_seen_active < now() - interval 20 second,
-    values(host), host), last_seen_active = if(host = values(host), values(last_seen_active), last_seen_active);
-    select host from db_leader_election;
-EOF
-)
-
-# shellcheck disable=SC2181
-if [[ $? != 0 ]]; then
-  # the kubecf database doesn't seem to be ready. make the first node the master
-  [[ ${HOSTNAME} == *-0 ]] || exit 2
-else
-  [[ "${leader}" == "${HOSTNAME}" ]]
-fi
diff --git a/chart/assets/scripts/jobs/pxc/entrypoint.sh b/chart/assets/scripts/jobs/pxc/entrypoint.sh
index e1acb1d2d2..b798d4e194 100644
--- a/chart/assets/scripts/jobs/pxc/entrypoint.sh
+++ b/chart/assets/scripts/jobs/pxc/entrypoint.sh
@@ -26,32 +26,11 @@ fi
 # shellcheck disable=SC1091
 . /startup-scripts/functions.sh
 
-ipaddr=$(hostname -i | awk ' { print $1 } ')
-hostname=$(hostname)
-echo "I AM $hostname - $ipaddr"
-
 # if command starts with an option, prepend mysqld
 if [ "${1:0:1}" = '-' ]; then
     CMDARG=( "$@" )
 fi
 
-cluster_join=$(resolveip -s "${K8S_SERVICE_NAME}" || echo "")
-if [[ -z "${cluster_join}" ]]; then
-    echo "I am the Primary Node"
-    init_mysql
-    write_password_file
-    exec mysqld --user=mysql --wsrep_cluster_name="$SHORT_CLUSTER_NAME" --wsrep_node_name="$hostname" \
-    --wsrep_cluster_address=gcomm:// --wsrep_sst_method=xtrabackup-v2 \
-    --wsrep_sst_auth="xtrabackup:$XTRABACKUP_PASSWORD" \
-    --wsrep_node_address="$ipaddr" --pxc_strict_mode="$PXC_STRICT_MODE" "${CMDARG[@]}"
-else
-    echo "I am not the Primary Node"
-    chown -R mysql:mysql /var/lib/mysql || true # default is root:root 777
-    touch /var/log/mysqld.log
-    chown mysql:mysql /var/log/mysqld.log
-    write_password_file
-    exec mysqld --user=mysql --wsrep_cluster_name="$SHORT_CLUSTER_NAME" --wsrep_node_name="$hostname" \
-    --wsrep_cluster_address="gcomm://$cluster_join" --wsrep_sst_method=xtrabackup-v2 \
-    --wsrep_sst_auth="xtrabackup:$XTRABACKUP_PASSWORD" \
-    --wsrep_node_address="$ipaddr" --pxc_strict_mode="$PXC_STRICT_MODE" "${CMDARG[@]}"
-fi
+init_mysql
+write_password_file
+exec mysqld --user=mysql --pxc_strict_mode="$PXC_STRICT_MODE" "${CMDARG[@]}"
diff --git a/chart/config/unsupported.yaml b/chart/config/unsupported.yaml
index 357073da45..9222d61958 100644
--- a/chart/config/unsupported.yaml
+++ b/chart/config/unsupported.yaml
@@ -26,3 +26,10 @@ unsupported:
     You are reusing an old and incompatible configuration, either via a values.yaml file from an
     older release, or by using the --reuse-values option. Please start with a fresh configuration,
     only changing settings relative to the defaults in the current release.
+
+  # Do not allow replicas for the database; doing this well in Kubernetes is
+  # more effort than we can expend, and is better handled by external databases.
+  sizing.database.instances: >
+    Database replicas are not supported.
+    KubeCF does not support highly available database configurations;
+    please use an external database instead.
diff --git a/chart/templates/_stacks.tpl b/chart/templates/_stacks.tpl
index 74aa130a90..4ae0506f42 100644
--- a/chart/templates/_stacks.tpl
+++ b/chart/templates/_stacks.tpl
@@ -55,6 +55,7 @@
 
   {{- /* *** Create "$stack.install_buildpacks" and "$stack.releases" from the "api" buildpack jobs *** */}}
   {{- $_ := set $stack "install_buildpacks" list }}
+  {{- $condition := printf "stacks.%s.enabled" $cc_stack.name }}
 
   {{- $_ := include "_config.lookupManifest" (list $ "instance_groups/name=api/jobs") }}
   {{- range $job := $.kubecf.retval }}
@@ -66,10 +67,17 @@
         {{- $_ := set $stack.releases $job.release dict }}
       {{- end }}
       {{- /* Set job condition so no spurious references are generated when the stack is disabled  */}}
-      {{- $_ := set $.Values.jobs.api $job.name (dict "condition" (printf "stacks.%s.enabled" $cc_stack.name) "processes" list) }}
+      {{- $_ := set $.Values.jobs.api $job.name (dict "condition" $condition "processes" list) }}
     {{- end }}
   {{- end }}
 
+  {{- /* Make sure the rootfs-setup job is not referenced when the stack is disabled */}}
+  {{- $diego_cell := index $.Values.jobs "diego-cell" }}
+  {{- /* Both stack condition and diego-cell condition must be true to enable rootfs-setup job */}}
+  {{- $condition = printf "(%s) && (%s)" $condition (index $diego_cell "$default") }}
+  {{- $job_name := printf "%s-rootfs-setup" $cc_stack.name }}
+  {{- $_ := set $diego_cell $job_name (dict "condition" $condition "processes" list) }}
+
   {{- /* +----------------------------------------------------------------------------------------------+ */}}
   {{- /* | Setup the additional stacks in .config.stacks and merge their releases into .config.releases | */}}
   {{- /* +----------------------------------------------------------------------------------------------+ */}}
diff --git a/chart/templates/database/db-configmaps.yaml b/chart/templates/database/db-configmaps.yaml
index b1f6cb6ba8..4a3e8f6162 100644
--- a/chart/templates/database/db-configmaps.yaml
+++ b/chart/templates/database/db-configmaps.yaml
@@ -24,10 +24,7 @@ data:
     innodb_file_per_table           = 1
     innodb_autoinc_lock_mode=2
     bind_address = 0.0.0.0
-    wsrep_slave_threads=2
-    wsrep_cluster_address=gcomm://
-    wsrep_provider=/usr/lib/galera3/libgalera_smm.so
-    wsrep_sst_method=xtrabackup-v2
+    wsrep_on = off
   charset.cnf: |-
     [client]
     default_character_set           = utf8
diff --git a/chart/templates/database/db-secrets.yaml b/chart/templates/database/db-secrets.yaml
index 5c5a80e31d..122de7d9cf 100644
--- a/chart/templates/database/db-secrets.yaml
+++ b/chart/templates/database/db-secrets.yaml
@@ -22,16 +22,5 @@ metadata:
 spec:
   type: password
   secretName: var-pxc-password
----
-apiVersion: quarks.cloudfoundry.org/v1alpha1
-kind: QuarksSecret
-metadata:
-  name: var-xtrabackup-password
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- list . "database" | include "component.labels" | nindent 4 }}
-spec:
-  type: password
-  secretName: var-xtrabackup-password
 
 {{- end }}{{/* .Values.features.embedded_database.enabled */}}
diff --git a/chart/templates/database/db-services.yaml b/chart/templates/database/db-services.yaml
index 76dce593e1..ae7615b8f7 100644
--- a/chart/templates/database/db-services.yaml
+++ b/chart/templates/database/db-services.yaml
@@ -15,25 +15,5 @@ spec:
     targetPort: mysql
   selector:
     {{- list . "database" | include "component.selector" | nindent 4 }}
-    quarks.cloudfoundry.org/pod-active: active
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: database-repl
-  namespace: {{ .Release.Namespace | quote }}
-  labels:
-    {{- list . "database" | include "component.labels" | nindent 4 }}
-spec:
-  clusterIP: None
-  ports:
-  - name: galera
-    port: 4567
-  - name: state-xfer
-    port: 4568
-  - name: state-snap
-    port: 4444
-  selector:
-    {{- list . "database" | include "component.selector" | nindent 4 }}
 
 {{- end }}{{/* .Values.features.embedded_database.enabled */}}
diff --git a/chart/templates/database/db-statefulset.yaml b/chart/templates/database/db-statefulset.yaml
index 6e5feed7f8..cd82d5025e 100644
--- a/chart/templates/database/db-statefulset.yaml
+++ b/chart/templates/database/db-statefulset.yaml
@@ -10,15 +10,6 @@ metadata:
     {{- list . "database" | include "component.labels" | nindent 4 }}
 spec:
   updateOnConfigChange: true
-  activePassiveProbes:
-    database:
-      periodSeconds: 5
-      exec:
-        command:
-          - /bin/bash
-          - -c
-          - |
-            {{- .Files.Get "assets/scripts/jobs/pxc/active_passive_probe.sh" | nindent 12 }}
   template:
     metadata:
       name: database
@@ -26,19 +17,15 @@ spec:
       labels:
         {{- list . "database" | include "component.labels" | nindent 8 }}
     spec:
-      {{- $replicas := 1 }}
-      {{- if $.Values.sizing.database.instances }}
-        {{- $replicas = $.Values.sizing.database.instances }}
-      {{- else if $.Values.high_availability }}
-        {{- $replicas = 3 }}
-      {{- end }}
-      {{- if eq (mod $replicas 2) 0 }}
-        {{- include "_config.fail" "The number of database instances must be odd to avoid split-brain" }}
-      {{- end }}
-      replicas: {{ $replicas }}
+      # Database replicas are not allowed.
+      # High-availability is not currently feasible to support in k8s.
+      # Galera replication on rolling updates of the statefulset is hard to get
+      # right and to maintain as part of KubeCF. For an HA database, prefer
+      # using a specialized external one.
+      replicas: 1
       selector:
         matchLabels:
-          {{- list . "database" | include "component.labels" | nindent 10 }}
+          {{- list . "database" | include "component.selector" | nindent 10 }}
       serviceName: database
       template:
         metadata:
@@ -47,19 +34,6 @@ spec:
         spec:
           {{- if $.Values.sizing.database.affinity }}
           affinity: {{ $.Values.sizing.database.affinity | toJson }}
-          {{- else }}
-          affinity:
-            podAntiAffinity:
-              preferredDuringSchedulingIgnoredDuringExecution:
-              - weight: 100
-                podAffinityTerm:
-                  labelSelector:
-                    matchExpressions:
-                    - key: quarks.cloudfoundry.org/quarks-statefulset-name
-                      operator: In
-                      values:
-                      - database
-                  topologyKey: kubernetes.io/hostname
           {{- end }}
           initContainers:
           - name: remove-lost-found
@@ -89,30 +63,13 @@ spec:
                 secretKeyRef:
                   name: var-pxc-password
                   key: password
-            - name: XTRABACKUP_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: var-xtrabackup-password
-                  key: password
             - name: ALLOW_ROOT_FROM
               value: "%"
-            - name: CLUSTER_NAME
-              value: {{ .Release.Name }}-database
-            - name: SHORT_CLUSTER_NAME
-              value: {{ .Release.Name }}-database
-            - name: K8S_SERVICE_NAME
-              value: database-repl
             - name: PXC_STRICT_MODE
               value: ENFORCING
             ports:
             - name: mysql
               containerPort: 3306
-            - name: galera-repl
-              containerPort: 4567
-            - name: state-transfer
-              containerPort: 4568
-            - name: state-snapshot
-              containerPort: 4444
             livenessProbe:
               exec:
                 command:
diff --git a/chart/values.yaml b/chart/values.yaml
index ccf68d78fd..9c819cc0a1 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -102,7 +102,6 @@ sizing:
   credhub:
     instances: ~
   database:
-    instances: ~
     persistence:
       size: 20Gi
   diego_api:
diff --git a/dependencies.yaml b/dependencies.yaml
index b27386401f..ab5078388d 100644
--- a/dependencies.yaml
+++ b/dependencies.yaml
@@ -103,9 +103,9 @@ binaries:
 # Additional files we need to download; see http_file() invocation in WORKSPACE.
 external_files:
   cf_operator:
-    sha256: b45835a3b629cf099901ba37d1ba99744d99ac32a41b35aafc2e445fd74ad016
+    sha256: cb8893522bd1b81878186d866becb01bcc67f6c7dacb71e3e0a6e48e9b014410
     url: https://s3.amazonaws.com/cf-operators/release/helm-charts/cf-operator-{version}.tgz
-    version: 6.1.12%2B0.gfc4e8327
+    version: 6.1.15%2B0.g89a56300
   kube_dashboard:
     sha256: f849252870818a2971dfc3c4f8a8c5f58a57606bc2b5f221d7ab693e1d1190e0
     url: https://raw.githubusercontent.com/kubernetes/dashboard/{version}/aio/deploy/recommended.yaml