diff --git a/roles/openshift-apps/websites/templates/buildconfig.yml b/roles/openshift-apps/websites/templates/buildconfig.yml
index eb7bd3e8c7..a223741365 100644
--- a/roles/openshift-apps/websites/templates/buildconfig.yml
+++ b/roles/openshift-apps/websites/templates/buildconfig.yml
@@ -7,9 +7,10 @@ metadata:
 spec:
   source:
     dockerfile: |-
-      FROM fedora:latest
+      FROM fedora:34
       RUN dnf -y install \
         git \
+        nss_wrapper \
         python-unversioned-command \
         python3-flask \
         python3-frozen-flask \
diff --git a/roles/openshift-apps/websites/templates/cm-updatepot.yml b/roles/openshift-apps/websites/templates/cm-updatepot.yml
new file mode 100644
index 0000000000..ad1abc34a8
--- /dev/null
+++ b/roles/openshift-apps/websites/templates/cm-updatepot.yml
@@ -0,0 +1,9 @@
+{% macro load_file(filename) %}{% include filename %}{%- endmacro -%}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: updatepot-scripts
+data:
+  updatepot.sh: |-
+    {{ load_file('updatepot.sh') | indent() }}
diff --git a/roles/openshift-apps/websites/templates/cron-updatepot.yml b/roles/openshift-apps/websites/templates/cron-updatepot.yml
index 799a783c2a..3b3e5e2b68 100644
--- a/roles/openshift-apps/websites/templates/cron-updatepot.yml
+++ b/roles/openshift-apps/websites/templates/cron-updatepot.yml
@@ -20,20 +20,9 @@ spec:
           containers:
           - name: pushpot
             image: docker-registry.default.svc:5000/websites/builder:latest
-            command: ["/bin/bash", "-c"]
-            args: 
-            - |
-              cd /tmp
-              git clone https://pagure.io/fedora-web/websites.git
-              cd websites
-              
-              for i in getfedora.org; do
-                pushd sites/$i/scripts
-                ./translations-source.sh
-                [ -f $i.pot ] && ./push-pot.sh
-                popd
-              done
-            env: []
+            command: 
+            - /bin/bash
+            - /scripts/updatepot.sh
             volumeMounts: 
             - mountPath: /.gitconfig
               name: gitconfig
@@ -42,6 +31,8 @@ spec:
             - name: sshconfig
               mountPath: /.ssh
               readOnly: true
+            - name: scripts
+              mountPath: /scripts
           restartPolicy: Never
           startingDeadlineSeconds: 600
           volumes: 
@@ -51,3 +42,6 @@ spec:
           - name: gitconfig
             configMap:
               name: gitconfig
+          - name: scripts
+            configMap:
+              name: updatepot-scripts
diff --git a/roles/openshift-apps/websites/templates/sshconfig.yml b/roles/openshift-apps/websites/templates/sshconfig.yml
index 4d99e9bf41..7930b71dd4 100644
--- a/roles/openshift-apps/websites/templates/sshconfig.yml
+++ b/roles/openshift-apps/websites/templates/sshconfig.yml
@@ -6,7 +6,7 @@ metadata:
   labels:
     app: websites
 stringData:
-  id_rsa_web_trans: |-
+  id_rsa_web_trans: |
     {{ lookup('file', ssh_key_path) | indent(4) }}
   config: |-
     Host pagure.io
diff --git a/roles/openshift-apps/websites/templates/updatepot.sh b/roles/openshift-apps/websites/templates/updatepot.sh
new file mode 100644
index 0000000000..7976267ce2
--- /dev/null
+++ b/roles/openshift-apps/websites/templates/updatepot.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+# Add OCP user to passwd
+USER_ID=$(id -u)
+grep -Ev ":x:${USER_ID}:" /etc/passwd > /tmp/passwd
+echo "ocpuser:x:${USER_ID}:0:ocp user:/:/sbin/nologin" >> /tmp/passwd
+export LD_PRELOAD=/usr/lib64/libnss_wrapper.so
+export NSS_WRAPPER_PASSWD=/tmp/passwd
+export NSS_WRAPPER_GROUP=/etc/group
+
+
+cd /tmp
+git clone https://pagure.io/fedora-web/websites.git
+cd websites
+
+for i in getfedora.org; do
+  pushd sites/$i/scripts
+  ./translations-source.sh
+  [ -f $i.pot ] && ./push-pot.sh
+  popd
+done