diff --git a/images/capi/ansible/roles/kubernetes/tasks/debian.yml b/images/capi/ansible/roles/kubernetes/tasks/debian.yml
index 9c491e1661..e55c37f1dd 100644
--- a/images/capi/ansible/roles/kubernetes/tasks/debian.yml
+++ b/images/capi/ansible/roles/kubernetes/tasks/debian.yml
@@ -13,13 +13,14 @@
 # limitations under the License.
 ---
 - name: Add the Kubernetes repo key
-  apt_key:
+  get_url:
     url: "{{ kubernetes_deb_gpg_key }}"
-    state: present
+    checksum: "{{ kubernetes_deb_key_checksum }}"
+    dest: /etc/apt/keyrings/kubernetes-apt-keyring.asc
 
 - name: Add the Kubernetes repo
   apt_repository:
-    repo: "deb {{ kubernetes_deb_repo }} main"
+    repo: "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.asc] {{ kubernetes_deb_repo }} /"
     update_cache: True
     state: present
     mode: 0644
diff --git a/images/capi/ansible/roles/kubernetes/tasks/mariner.yml b/images/capi/ansible/roles/kubernetes/tasks/mariner.yml
index e88e063137..4c0d92dc09 100644
--- a/images/capi/ansible/roles/kubernetes/tasks/mariner.yml
+++ b/images/capi/ansible/roles/kubernetes/tasks/mariner.yml
@@ -31,7 +31,7 @@
       - "kubelet-{{ kubernetes_rpm_version }}"
       - "kubeadm-{{ kubernetes_rpm_version }}"
       - "kubectl-{{ kubernetes_rpm_version }}"
-      - "kubernetes-cni-{{kubernetes_cni_rpm_version }}"
+      - "kubernetes-cni-{{ kubernetes_cni_rpm_version }}"
 
 - name: Allow Kubernetes API server through iptables
   iptables:
diff --git a/images/capi/ansible/roles/kubernetes/tasks/redhat.yml b/images/capi/ansible/roles/kubernetes/tasks/redhat.yml
index 3f5eb859c5..e028e6747a 100644
--- a/images/capi/ansible/roles/kubernetes/tasks/redhat.yml
+++ b/images/capi/ansible/roles/kubernetes/tasks/redhat.yml
@@ -31,4 +31,4 @@
       - "kubelet-{{ kubernetes_rpm_version }}"
       - "kubeadm-{{ kubernetes_rpm_version }}"
       - "kubectl-{{ kubernetes_rpm_version }}"
-      - "kubernetes-cni-{{kubernetes_cni_rpm_version }}"
+      - "kubernetes-cni-{{ kubernetes_cni_rpm_version }}"
diff --git a/images/capi/packer/ami/packer.json b/images/capi/packer/ami/packer.json
index 3117354cd7..bb334074c1 100644
--- a/images/capi/packer/ami/packer.json
+++ b/images/capi/packer/ami/packer.json
@@ -174,6 +174,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/azure/packer.json b/images/capi/packer/azure/packer.json
index 5defd67838..3cc60f8484 100644
--- a/images/capi/packer/azure/packer.json
+++ b/images/capi/packer/azure/packer.json
@@ -235,6 +235,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/config/ansible-args.json b/images/capi/packer/config/ansible-args.json
index f28889c44e..7adee874ed 100644
--- a/images/capi/packer/config/ansible-args.json
+++ b/images/capi/packer/config/ansible-args.json
@@ -1,5 +1,5 @@
 {
   "ansible_common_ssh_args": "-o IdentitiesOnly=yes",
-  "ansible_common_vars": "containerd_url={{user `containerd_url`}} containerd_sha256={{user `containerd_sha256`}} pause_image={{user `pause_image`}} containerd_additional_settings={{user `containerd_additional_settings`}} containerd_cri_socket={{user `containerd_cri_socket`}} containerd_version={{user `containerd_version`}} containerd_wasm_shims_url={{user `containerd_wasm_shims_url`}} containerd_wasm_shims_version={{user `containerd_wasm_shims_version`}} containerd_wasm_shims_sha256={{user `containerd_wasm_shims_sha256`}} containerd_wasm_shims_runtimes=\"{{user `containerd_wasm_shims_runtimes`}}\" crictl_url={{user `crictl_url`}} crictl_sha256={{user `crictl_sha256`}} crictl_source_type={{user `crictl_source_type`}} custom_role_names=\"{{user `custom_role_names`}}\" firstboot_custom_roles_pre=\"{{user `firstboot_custom_roles_pre`}}\" firstboot_custom_roles_post=\"{{user `firstboot_custom_roles_post`}}\" node_custom_roles_pre=\"{{user `node_custom_roles_pre`}}\" node_custom_roles_post=\"{{user `node_custom_roles_post`}}\" disable_public_repos={{user `disable_public_repos`}} extra_debs=\"{{user `extra_debs`}}\" extra_repos=\"{{user `extra_repos`}}\" extra_rpms=\"{{user `extra_rpms`}}\" http_proxy={{user `http_proxy`}} https_proxy={{user `https_proxy`}} kubeadm_template={{user `kubeadm_template`}} kubernetes_apiserver_port={{user `kubernetes_apiserver_port`}} kubernetes_cni_http_source={{user `kubernetes_cni_http_source`}} kubernetes_cni_http_checksum={{user `kubernetes_cni_http_checksum`}} kubernetes_goarch={{user `kubernetes_goarch`}} kubernetes_http_source={{user `kubernetes_http_source`}} kubernetes_container_registry={{user `kubernetes_container_registry`}} kubernetes_rpm_repo={{user `kubernetes_rpm_repo`}} kubernetes_rpm_gpg_key={{user `kubernetes_rpm_gpg_key`}} kubernetes_rpm_gpg_check={{user `kubernetes_rpm_gpg_check`}} kubernetes_deb_repo={{user `kubernetes_deb_repo`}} kubernetes_deb_gpg_key={{user `kubernetes_deb_gpg_key`}} kubernetes_cni_deb_version={{user `kubernetes_cni_deb_version`}} kubernetes_cni_rpm_version={{user `kubernetes_cni_rpm_version`}} kubernetes_cni_semver={{user `kubernetes_cni_semver`}} kubernetes_cni_source_type={{user `kubernetes_cni_source_type`}} kubernetes_semver={{user `kubernetes_semver`}} kubernetes_source_type={{user `kubernetes_source_type`}} kubernetes_load_additional_imgs={{user `kubernetes_load_additional_imgs`}} kubernetes_deb_version={{user `kubernetes_deb_version`}} kubernetes_rpm_version={{user `kubernetes_rpm_version`}} no_proxy={{user `no_proxy`}} pip_conf_file={{user `pip_conf_file`}} python_path={{user `python_path`}} redhat_epel_rpm={{user `redhat_epel_rpm`}} epel_rpm_gpg_key={{user `epel_rpm_gpg_key`}} reenable_public_repos={{user `reenable_public_repos`}} remove_extra_repos={{user `remove_extra_repos`}} systemd_prefix={{user `systemd_prefix`}} sysusr_prefix={{user `sysusr_prefix`}} sysusrlocal_prefix={{user `sysusrlocal_prefix`}} load_additional_components={{ user `load_additional_components`}} additional_registry_images={{ user `additional_registry_images`}} additional_registry_images_list={{ user `additional_registry_images_list`}} additional_url_images={{ user `additional_url_images`}} additional_url_images_list={{ user `additional_url_images_list`}} additional_executables={{ user `additional_executables`}} additional_executables_list={{ user `additional_executables_list`}} additional_executables_destination_path={{ user `additional_executables_destination_path`}} additional_s3={{ user `additional_s3`}} build_target={{ user `build_target`}} amazon_ssm_agent_rpm={{ user `amazon_ssm_agent_rpm` }} enable_containerd_audit={{ user `enable_containerd_audit` }}",
+  "ansible_common_vars": "containerd_url={{user `containerd_url`}} containerd_sha256={{user `containerd_sha256`}} pause_image={{user `pause_image`}} containerd_additional_settings={{user `containerd_additional_settings`}} containerd_cri_socket={{user `containerd_cri_socket`}} containerd_version={{user `containerd_version`}} containerd_wasm_shims_url={{user `containerd_wasm_shims_url`}} containerd_wasm_shims_version={{user `containerd_wasm_shims_version`}} containerd_wasm_shims_sha256={{user `containerd_wasm_shims_sha256`}} containerd_wasm_shims_runtimes=\"{{user `containerd_wasm_shims_runtimes`}}\" crictl_url={{user `crictl_url`}} crictl_sha256={{user `crictl_sha256`}} crictl_source_type={{user `crictl_source_type`}} custom_role_names=\"{{user `custom_role_names`}}\" firstboot_custom_roles_pre=\"{{user `firstboot_custom_roles_pre`}}\" firstboot_custom_roles_post=\"{{user `firstboot_custom_roles_post`}}\" node_custom_roles_pre=\"{{user `node_custom_roles_pre`}}\" node_custom_roles_post=\"{{user `node_custom_roles_post`}}\" disable_public_repos={{user `disable_public_repos`}} extra_debs=\"{{user `extra_debs`}}\" extra_repos=\"{{user `extra_repos`}}\" extra_rpms=\"{{user `extra_rpms`}}\" http_proxy={{user `http_proxy`}} https_proxy={{user `https_proxy`}} kubeadm_template={{user `kubeadm_template`}} kubernetes_apiserver_port={{user `kubernetes_apiserver_port`}} kubernetes_cni_http_source={{user `kubernetes_cni_http_source`}} kubernetes_cni_http_checksum={{user `kubernetes_cni_http_checksum`}} kubernetes_goarch={{user `kubernetes_goarch`}} kubernetes_http_source={{user `kubernetes_http_source`}} kubernetes_container_registry={{user `kubernetes_container_registry`}} kubernetes_rpm_repo={{user `kubernetes_rpm_repo`}} kubernetes_rpm_gpg_key={{user `kubernetes_rpm_gpg_key`}} kubernetes_rpm_gpg_check={{user `kubernetes_rpm_gpg_check`}} kubernetes_deb_repo={{user `kubernetes_deb_repo`}} kubernetes_deb_gpg_key={{user `kubernetes_deb_gpg_key`}} kubernetes_deb_key_checksum={{user `kubernetes_deb_key_checksum`}} kubernetes_cni_deb_version={{user `kubernetes_cni_deb_version`}} kubernetes_cni_rpm_version={{user `kubernetes_cni_rpm_version`}} kubernetes_cni_semver={{user `kubernetes_cni_semver`}} kubernetes_cni_source_type={{user `kubernetes_cni_source_type`}} kubernetes_semver={{user `kubernetes_semver`}} kubernetes_source_type={{user `kubernetes_source_type`}} kubernetes_load_additional_imgs={{user `kubernetes_load_additional_imgs`}} kubernetes_deb_version={{user `kubernetes_deb_version`}} kubernetes_rpm_version={{user `kubernetes_rpm_version`}} no_proxy={{user `no_proxy`}} pip_conf_file={{user `pip_conf_file`}} python_path={{user `python_path`}} redhat_epel_rpm={{user `redhat_epel_rpm`}} epel_rpm_gpg_key={{user `epel_rpm_gpg_key`}} reenable_public_repos={{user `reenable_public_repos`}} remove_extra_repos={{user `remove_extra_repos`}} systemd_prefix={{user `systemd_prefix`}} sysusr_prefix={{user `sysusr_prefix`}} sysusrlocal_prefix={{user `sysusrlocal_prefix`}} load_additional_components={{ user `load_additional_components`}} additional_registry_images={{ user `additional_registry_images`}} additional_registry_images_list={{ user `additional_registry_images_list`}} additional_url_images={{ user `additional_url_images`}} additional_url_images_list={{ user `additional_url_images_list`}} additional_executables={{ user `additional_executables`}} additional_executables_list={{ user `additional_executables_list`}} additional_executables_destination_path={{ user `additional_executables_destination_path`}} additional_s3={{ user `additional_s3`}} build_target={{ user `build_target`}} amazon_ssm_agent_rpm={{ user `amazon_ssm_agent_rpm` }} enable_containerd_audit={{ user `enable_containerd_audit` }}",
   "ansible_scp_extra_args": "{{env `ANSIBLE_SCP_EXTRA_ARGS`}}"
 }
diff --git a/images/capi/packer/config/cni.json b/images/capi/packer/config/cni.json
index 3ae265ff41..1b1fd3d0b7 100644
--- a/images/capi/packer/config/cni.json
+++ b/images/capi/packer/config/cni.json
@@ -1,9 +1,9 @@
 {
-  "kubernetes_cni_deb_version": "1.2.0-00",
+  "kubernetes_cni_deb_version": "1.2.0-2.1",
   "kubernetes_cni_http_checksum": "sha256:https://storage.googleapis.com/k8s-artifacts-cni/release/v1.2.0/cni-plugins-linux-{{user `kubernetes_cni_http_checksum_arch`}}-v1.2.0.tgz.sha256",
   "kubernetes_cni_http_checksum_arch": "amd64",
   "kubernetes_cni_http_source": "https://github.com/containernetworking/plugins/releases/download",
-  "kubernetes_cni_rpm_version": "1.2.0-0",
+  "kubernetes_cni_rpm_version": "1.2.0",
   "kubernetes_cni_semver": "v1.2.0",
   "kubernetes_cni_source_type": "pkg"
 }
diff --git a/images/capi/packer/config/kubernetes.json b/images/capi/packer/config/kubernetes.json
index df7651a370..a39b9328a8 100644
--- a/images/capi/packer/config/kubernetes.json
+++ b/images/capi/packer/config/kubernetes.json
@@ -7,17 +7,18 @@
   "kubeadm_template": "etc/kubeadm.yml",
   "kubernetes_apiserver_port": "6443",
   "kubernetes_container_registry": "registry.k8s.io",
-  "kubernetes_deb_gpg_key": "https://packages.cloud.google.com/apt/doc/apt-key.gpg",
-  "kubernetes_deb_repo": "\"https://apt.kubernetes.io/ kubernetes-xenial\"",
-  "kubernetes_deb_version": "1.26.7-00",
+  "kubernetes_deb_gpg_key": "https://pkgs.k8s.io/core:/stable:/{{ user `kubernetes_series` }}/deb/Release.key",
+  "kubernetes_deb_key_checksum": "sha256:5fe267a9ae47ffd566624057f2c8f64ab8a786a9c650e92cc22135381b04f12b",
+  "kubernetes_deb_repo": "https://pkgs.k8s.io/core:/stable:/{{ user `kubernetes_series` }}/deb/",
+  "kubernetes_deb_version": "1.26.7-1.1",
   "kubernetes_goarch": "amd64",
   "kubernetes_http_source": "https://dl.k8s.io/release",
   "kubernetes_load_additional_imgs": "false",
   "kubernetes_rpm_gpg_check": "True",
-  "kubernetes_rpm_gpg_key": "\"https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg\"",
-  "kubernetes_rpm_repo": "https://packages.cloud.google.com/yum/repos/kubernetes-el7-{{user `kubernetes_rpm_repo_arch`}}",
+  "kubernetes_rpm_gpg_key": "https://pkgs.k8s.io/core:/stable:/{{ user `kubernetes_series` }}/rpm/repodata/repomd.xml.key",
+  "kubernetes_rpm_repo": "https://pkgs.k8s.io/core:/stable:/{{ user `kubernetes_series` }}/rpm/",
   "kubernetes_rpm_repo_arch": "x86_64",
-  "kubernetes_rpm_version": "1.26.7-0",
+  "kubernetes_rpm_version": "1.26.7",
   "kubernetes_semver": "v1.26.7",
   "kubernetes_series": "v1.26",
   "kubernetes_source_type": "pkg",
diff --git a/images/capi/packer/digitalocean/packer.json b/images/capi/packer/digitalocean/packer.json
index 64f465bfe7..876f030f92 100644
--- a/images/capi/packer/digitalocean/packer.json
+++ b/images/capi/packer/digitalocean/packer.json
@@ -67,6 +67,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/gce/packer.json b/images/capi/packer/gce/packer.json
index e729702a21..2fa6b48f29 100644
--- a/images/capi/packer/gce/packer.json
+++ b/images/capi/packer/gce/packer.json
@@ -97,6 +97,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/hcloud/packer-flatcar.json b/images/capi/packer/hcloud/packer-flatcar.json
index 33c5e99bc7..ae0355099e 100644
--- a/images/capi/packer/hcloud/packer-flatcar.json
+++ b/images/capi/packer/hcloud/packer-flatcar.json
@@ -159,6 +159,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/hcloud/packer.json b/images/capi/packer/hcloud/packer.json
index 24ab6cf591..822ee5ff66 100644
--- a/images/capi/packer/hcloud/packer.json
+++ b/images/capi/packer/hcloud/packer.json
@@ -141,6 +141,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/nutanix/packer.json b/images/capi/packer/nutanix/packer.json
index b27eb7d86a..a40bc3405a 100644
--- a/images/capi/packer/nutanix/packer.json
+++ b/images/capi/packer/nutanix/packer.json
@@ -131,6 +131,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/oci/packer.json b/images/capi/packer/oci/packer.json
index 79a6130ed5..0d0fe8a436 100644
--- a/images/capi/packer/oci/packer.json
+++ b/images/capi/packer/oci/packer.json
@@ -123,6 +123,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/openstack/packer.json b/images/capi/packer/openstack/packer.json
index b7854a43b4..fd3e98a83f 100644
--- a/images/capi/packer/openstack/packer.json
+++ b/images/capi/packer/openstack/packer.json
@@ -118,6 +118,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/outscale/packer.json b/images/capi/packer/outscale/packer.json
index c20bdc4af3..1cfd779977 100644
--- a/images/capi/packer/outscale/packer.json
+++ b/images/capi/packer/outscale/packer.json
@@ -101,6 +101,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/ova/packer-node.json b/images/capi/packer/ova/packer-node.json
index f045447336..40113e76d4 100644
--- a/images/capi/packer/ova/packer-node.json
+++ b/images/capi/packer/ova/packer-node.json
@@ -490,6 +490,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/powervs/packer.json b/images/capi/packer/powervs/packer.json
index a7051c799d..5bc42a60d8 100644
--- a/images/capi/packer/powervs/packer.json
+++ b/images/capi/packer/powervs/packer.json
@@ -85,6 +85,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/qemu/packer.json b/images/capi/packer/qemu/packer.json
index 728879af6a..963f08cba8 100644
--- a/images/capi/packer/qemu/packer.json
+++ b/images/capi/packer/qemu/packer.json
@@ -175,6 +175,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,
diff --git a/images/capi/packer/raw/packer.json b/images/capi/packer/raw/packer.json
index 152041455e..d50c65efa4 100644
--- a/images/capi/packer/raw/packer.json
+++ b/images/capi/packer/raw/packer.json
@@ -160,6 +160,7 @@
     "kubernetes_cni_source_type": null,
     "kubernetes_container_registry": null,
     "kubernetes_deb_gpg_key": null,
+    "kubernetes_deb_key_checksum": null,
     "kubernetes_deb_repo": null,
     "kubernetes_deb_version": null,
     "kubernetes_http_source": null,