We recently introduced two new LDAP readonly replicas which are behind LVS, the Cloud VPS instances are in the process of migrating fully towards those. This task tracks the migration of our web-based services (where applicable).
Once all readonly consumers are migrated we can doublecheck via tcpdump for a few days and restrict access to serpens/seaborgium to the services performing actual write changes.