diff --git a/cluster/cluster.yaml b/cluster/cluster.yaml
index a3f4b17dcd..47b0c91e4b 100644
--- a/cluster/cluster.yaml
+++ b/cluster/cluster.yaml
@@ -83,7 +83,11 @@ Resources:
           ToPort: {{ $element.ToPort }}
 {{- end }}
 {{- end }}
-        - CidrIp: {{ if eq .Cluster.ConfigItems.kube_aws_ingress_controller_nlb_enabled "true" }}"0.0.0.0/0"{{else}}"{{.Values.vpc_ipv4_cidr}}"{{end}}
+        - CidrIp: "0.0.0.0/0"
+          FromPort: 9998
+          IpProtocol: tcp
+          ToPort: 9999
+        - CidrIpv6: "::/0"
           FromPort: 9998
           IpProtocol: tcp
           ToPort: 9999
@@ -882,7 +886,7 @@ Resources:
           ToPort: {{ $element.ToPort }}
 {{- end }}
 {{- end }}
-        - CidrIp: {{ if eq .Cluster.ConfigItems.kube_aws_ingress_controller_nlb_enabled "true" }}"0.0.0.0/0"{{else}}"{{.Values.vpc_ipv4_cidr}}"{{end}}
+        - CidrIp: "0.0.0.0/0"
           FromPort: 9998
           IpProtocol: tcp
           ToPort: 9999
diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
index 5ab0d8ae00..e2896b6115 100644
--- a/cluster/config-defaults.yaml
+++ b/cluster/config-defaults.yaml
@@ -64,8 +64,6 @@ kube_aws_ingress_controller_ssl_policy: "ELBSecurityPolicy-TLS13-1-2-Res-2021-06
 kube_aws_ingress_controller_idle_timeout: "1m"
 kube_aws_ingress_controller_deregistration_delay_timeout: "10s"
 # allow using NLBs for ingress
-# This opens skipper-ingress ports 9998 and 9999 on all worker nodes
-kube_aws_ingress_controller_nlb_enabled: "true"
 kube_aws_ingress_controller_nlb_cross_zone: "true"
 kube_aws_ingress_controller_nlb_zone_affinity: "any_availability_zone"
 kube_aws_ingress_controller_cert_polling_interval: "2m"
diff --git a/cluster/manifests/02-skipper-validation-webhook/deployment.yaml b/cluster/manifests/02-skipper-validation-webhook/deployment.yaml
index bb3501c736..f1848fa241 100644
--- a/cluster/manifests/02-skipper-validation-webhook/deployment.yaml
+++ b/cluster/manifests/02-skipper-validation-webhook/deployment.yaml
@@ -32,7 +32,7 @@ spec:
       priorityClassName: system-cluster-critical
       containers:
       - name: skipper-admission-webhook
-        image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.119
+        image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/skipper:v0.22.142
         args:
           - webhook
           - --address=:9085
diff --git a/cluster/manifests/sandbox-controller/30-deployment.yaml b/cluster/manifests/sandbox-controller/30-deployment.yaml
index 120762b8a2..88e9d44645 100644
--- a/cluster/manifests/sandbox-controller/30-deployment.yaml
+++ b/cluster/manifests/sandbox-controller/30-deployment.yaml
@@ -1,4 +1,4 @@
-# {{ $image := "container-registry.zalando.net/gwproxy/sandbox-controller:main-31" }}
+# {{ $image := "container-registry.zalando.net/gwproxy/sandbox-controller:main-34" }}
 # {{ $version := index (split $image ":") 1 }}
 
 {{ if eq .Cluster.ConfigItems.sandbox_controller_enabled "true" }}
diff --git a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml
index 093b561a28..f133262242 100644
--- a/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml
+++ b/cluster/manifests/skipper-canary-controller/canary-cronjob.yaml
@@ -29,7 +29,7 @@ spec:
           containers:
           - name: skipper-canary-controller
             terminationMessagePolicy: FallbackToLogsOnError
-            image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-33
+            image: container-registry.zalando.net/gwproxy/skipper-canary-controller:main-34
             env:
             - name: POD_NAME
               valueFrom:
diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml
index 6aa76ce097..e261c8dbc8 100644
--- a/cluster/node-pools/master-default/userdata.yaml
+++ b/cluster/node-pools/master-default/userdata.yaml
@@ -287,7 +287,7 @@ write_files:
             - mountPath: /etc/kubernetes/ssl
               name: ssl-certs-kubernetes
               readOnly: true
-        - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/k8s-authnz-webhook:master-152
+        - image: 926694233939.dkr.ecr.eu-central-1.amazonaws.com/production_namespace/teapot/k8s-authnz-webhook:master-155
           name: webhook
           ports:
           - containerPort: 8081
diff --git a/test/e2e/cluster_config.sh b/test/e2e/cluster_config.sh
index 9f9a963601..c992be6093 100755
--- a/test/e2e/cluster_config.sh
+++ b/test/e2e/cluster_config.sh
@@ -34,7 +34,6 @@ clusters:
     skipper_ingress_refuse_payload: "refused-pattern-1[cf724afc]refused-pattern-2"
     efs_id: ${EFS_ID}
     webhook_id: ${INFRASTRUCTURE_ACCOUNT}:${REGION}:kube-aws-test
-    kube_aws_ingress_controller_nlb_enabled: "true"
     nlb_switch: "pre"
     vm_dirty_bytes: 134217728
     vm_dirty_background_bytes: 67108864