diff --git a/bundle/next/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml b/bundle/next/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml
index 329b56e34..7be730fdf 100644
--- a/bundle/next/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml
+++ b/bundle/next/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml
@@ -75,7 +75,7 @@ metadata:
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
     repository: https://github.com/eclipse-che/che-operator
     support: Eclipse Foundation
-  name: eclipse-che-preview-openshift.v7.48.0-444.next
+  name: eclipse-che-preview-openshift.v7.48.0-445.next
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -972,7 +972,7 @@ spec:
                       - name: RELATED_IMAGE_devfile_registry
                         value: quay.io/eclipse/che-devfile-registry:next
                       - name: RELATED_IMAGE_pvc_jobs
-                        value: registry.access.redhat.com/ubi8-minimal:8.5-243.1651231653
+                        value: registry.access.redhat.com/ubi8-minimal:8.6-751
                       - name: RELATED_IMAGE_postgres
                         value: quay.io/eclipse/che--centos--postgresql-96-centos7:9.6-b681d78125361519180a6ac05242c296f8906c11eab7e207b5ca9a89b6344392
                       - name: RELATED_IMAGE_postgres_13_3
@@ -1278,4 +1278,4 @@ spec:
   maturity: stable
   provider:
     name: Eclipse Foundation
-  version: 7.48.0-444.next
+  version: 7.48.0-445.next
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
index 3fc32e462..ae44c8a15 100644
--- a/config/manager/manager.yaml
+++ b/config/manager/manager.yaml
@@ -72,7 +72,7 @@ spec:
             - name: RELATED_IMAGE_che_tls_secrets_creation_job
               value: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34
             - name: RELATED_IMAGE_pvc_jobs
-              value: registry.access.redhat.com/ubi8-minimal:8.5-243.1651231653
+              value: registry.access.redhat.com/ubi8-minimal:8.6-751
             - name: RELATED_IMAGE_postgres
               value: quay.io/eclipse/che--centos--postgresql-96-centos7:9.6-b681d78125361519180a6ac05242c296f8906c11eab7e207b5ca9a89b6344392
             - name: RELATED_IMAGE_postgres_13_3
diff --git a/controllers/usernamespace/controller.go b/controllers/usernamespace/controller.go
index 1aba2be57..832d93d2d 100644
--- a/controllers/usernamespace/controller.go
+++ b/controllers/usernamespace/controller.go
@@ -226,7 +226,7 @@ func (r *CheUserNamespaceReconciler) Reconcile(ctx context.Context, req ctrl.Req
 	}
 
 	if err = r.reconcileTrustedCerts(ctx, deployContext, req.Name, checluster); err != nil {
-		logrus.Errorf("Failed to reconcile self-signed certificate into namespace '%s': %v", req.Name, err)
+		logrus.Errorf("Failed to reconcile trusted certificates into namespace '%s': %v", req.Name, err)
 		return ctrl.Result{}, err
 	}
 
@@ -273,6 +273,10 @@ func findManagingCheCluster(key types.NamespacedName) *v2alpha1.CheCluster {
 }
 
 func (r *CheUserNamespaceReconciler) reconcileSelfSignedCert(ctx context.Context, deployContext *deploy.DeployContext, targetNs string, checluster *v2alpha1.CheCluster) error {
+	if err := deleteLegacyObject("server-cert", &corev1.Secret{}, targetNs, checluster, deployContext); err != nil {
+		return err
+	}
+
 	targetCertName := prefixedName("server-cert")
 
 	delSecret := func() error {
@@ -323,10 +327,14 @@ func (r *CheUserNamespaceReconciler) reconcileSelfSignedCert(ctx context.Context
 }
 
 func (r *CheUserNamespaceReconciler) reconcileTrustedCerts(ctx context.Context, deployContext *deploy.DeployContext, targetNs string, checluster *v2alpha1.CheCluster) error {
+	if err := deleteLegacyObject("trusted-ca-certs", &corev1.ConfigMap{}, targetNs, checluster, deployContext); err != nil {
+		return err
+	}
+
 	targetConfigMapName := prefixedName("trusted-ca-certs")
 
 	delConfigMap := func() error {
-		_, err := deploy.Delete(deployContext, client.ObjectKey{Name: targetConfigMapName, Namespace: targetNs}, &corev1.Secret{})
+		_, err := deploy.Delete(deployContext, client.ObjectKey{Name: targetConfigMapName, Namespace: targetNs}, &corev1.ConfigMap{})
 		return err
 	}
 
@@ -375,6 +383,10 @@ func addToFirst(first map[string]string, second map[string]string) map[string]st
 }
 
 func (r *CheUserNamespaceReconciler) reconcileProxySettings(ctx context.Context, targetNs string, checluster *v2alpha1.CheCluster, deployContext *deploy.DeployContext) error {
+	if err := deleteLegacyObject("proxy-settings", &corev1.ConfigMap{}, targetNs, checluster, deployContext); err != nil {
+		return err
+	}
+
 	proxyConfig, err := che.GetProxyConfiguration(deployContext)
 	if err != nil {
 		return err
@@ -442,9 +454,13 @@ func (r *CheUserNamespaceReconciler) reconcileProxySettings(ctx context.Context,
 }
 
 func (r *CheUserNamespaceReconciler) reconcileGitTlsCertificate(ctx context.Context, targetNs string, checluster *v2alpha1.CheCluster, deployContext *deploy.DeployContext) error {
+	if err := deleteLegacyObject("git-tls-creds", &corev1.ConfigMap{}, targetNs, checluster, deployContext); err != nil {
+		return err
+	}
+
 	targetName := prefixedName("git-tls-creds")
 	delConfigMap := func() error {
-		_, err := deploy.Delete(deployContext, client.ObjectKey{Name: targetName, Namespace: targetNs}, &corev1.Secret{})
+		_, err := deploy.Delete(deployContext, client.ObjectKey{Name: targetName, Namespace: targetNs}, &corev1.ConfigMap{})
 		return err
 	}
 
@@ -545,3 +561,29 @@ func (r *CheUserNamespaceReconciler) reconcileNodeSelectorAndTolerations(ctx con
 func prefixedName(name string) string {
 	return "che-" + name
 }
+
+// Deletes object with a legacy name to avoid mounting several ones under the same path
+// See https://github.com/eclipse/che/issues/21385
+func deleteLegacyObject(name string, objectMeta client.Object, targetNs string, checluster *v2alpha1.CheCluster, deployContext *deploy.DeployContext) error {
+	legacyPrefixedName := checluster.Name + "-" + checluster.Namespace + "-" + name
+	key := client.ObjectKey{Name: legacyPrefixedName, Namespace: targetNs}
+
+	err := deployContext.ClusterAPI.Client.Get(context.TODO(), key, objectMeta)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return nil
+		}
+		return err
+	}
+
+	err = deployContext.ClusterAPI.Client.Delete(context.TODO(), objectMeta)
+	if err != nil {
+		if errors.IsNotFound(err) {
+			return nil
+		}
+		return err
+	}
+
+	logrus.Infof("Deleted legacy workspace object: %s name: %s, namespace: %s", deploy.GetObjectType(objectMeta), legacyPrefixedName, targetNs)
+	return nil
+}
diff --git a/helmcharts/next/templates/manager.yaml b/helmcharts/next/templates/manager.yaml
index 3fc32e462..ae44c8a15 100644
--- a/helmcharts/next/templates/manager.yaml
+++ b/helmcharts/next/templates/manager.yaml
@@ -72,7 +72,7 @@ spec:
             - name: RELATED_IMAGE_che_tls_secrets_creation_job
               value: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34
             - name: RELATED_IMAGE_pvc_jobs
-              value: registry.access.redhat.com/ubi8-minimal:8.5-243.1651231653
+              value: registry.access.redhat.com/ubi8-minimal:8.6-751
             - name: RELATED_IMAGE_postgres
               value: quay.io/eclipse/che--centos--postgresql-96-centos7:9.6-b681d78125361519180a6ac05242c296f8906c11eab7e207b5ca9a89b6344392
             - name: RELATED_IMAGE_postgres_13_3