diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 6df72c9..85271b1 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -76,6 +76,7 @@ jobs:
           GKE_CLUSTER_ZONE: us-central1-a
           GKE_CLUSTER_TYPE: n1-standard-2
           GKE_CLUSTER_NUM_NODES: 1
+          K8S_VERSION: ${{ vars.NSM_KUBERNETES_VERSION }}
           KUBECONFIG: /tmp/config1
           USE_GKE_GCLOUD_AUTH_PLUGIN: true
         working-directory: ${{ github.workspace }}/src/github.com/${{ github.repository }}
@@ -89,6 +90,7 @@ jobs:
           AWS_CLUSTER_NAME: aws-${{ github.run_id }}-${{ github.run_number }}
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          K8S_VERSION: ${{ vars.NSM_KUBERNETES_VERSION }}
         working-directory: ${{ github.workspace }}/src/github.com/${{ github.repository }}
 
       - name: Setup aks
@@ -102,8 +104,14 @@ jobs:
           AZURE_SERVICE_PRINCIPAL: ${{ secrets.AZURE_SERVICE_PRINCIPAL }}
           AZURE_SERVICE_PRINCIPAL_SECRET: ${{ secrets.AZURE_SERVICE_PRINCIPAL_SECRET }}
           AZURE_TENANT: ${{ secrets.AZURE_TENANT }}
+          K8S_VERSION: ${{ vars.NSM_KUBERNETES_VERSION }}
         working-directory: ${{ github.workspace }}/src/github.com/${{ github.repository }}
 
+      - name: Install kubectl
+        run: |
+            curl -LO https://dl.k8s.io/release/${{ vars.NSM_KUBERNETES_VERSION }}/bin/linux/amd64/kubectl
+            chmod +x ./kubectl
+            mv ./kubectl /usr/local/bin/kubectl
       - name: Run interdomain testing
         run: |
           go test -count 1 -timeout 2h -race -v ./... -parallel 4
diff --git a/scripts/aks/aks-start.sh b/scripts/aks/aks-start.sh
index be98349..c71661a 100755
--- a/scripts/aks/aks-start.sh
+++ b/scripts/aks/aks-start.sh
@@ -8,10 +8,13 @@ if [[ -z "$1" ]] || [[ -z "$2" ]] || [[ -z "$3" ]]; then
     exit 1
 fi
 
+AKS_K8S_VERSION=$(echo "$K8S_VERSION" | cut -d '.' -f 1,2 | cut -c 2-)
+
 echo -n "Creating AKS cluster '$AZURE_CLUSTER_NAME'..."
 az aks create \
     --resource-group "$AZURE_RESOURCE_GROUP" \
     --name "$AZURE_CLUSTER_NAME" \
+    --kubernetes-version "$AKS_K8S_VERSION" \
     --node-count 1 \
     --node-vm-size Standard_B2s \
     --enable-node-public-ip \
diff --git a/scripts/aws/aws-start.sh b/scripts/aws/aws-start.sh
index 932b1a5..2f7314c 100755
--- a/scripts/aws/aws-start.sh
+++ b/scripts/aws/aws-start.sh
@@ -6,23 +6,19 @@ export IAM_NAME=ebs-csi-controller-sa
 
 apt-get update && apt-get -y install curl dnsutils
 
-curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.23.6/bin/linux/amd64/kubectl
-chmod +x kubectl
-mkdir -p ~/.local/bin
-mv ./kubectl ~/.local/bin/kubectl
-
 
 curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp; \
     mv /tmp/eksctl /usr/local/bin; \
     eksctl version
 
-curl -o aws-iam-authenticator https://s3.us-west-2.amazonaws.com/amazon-eks/1.21.2/2021-07-05/bin/linux/amd64/aws-iam-authenticator; \
+curl -Lo aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v0.6.22/aws-iam-authenticator_0.6.22_"$(uname -s)"_amd64; \
     chmod 755 aws-iam-authenticator; \
     mv ./aws-iam-authenticator /usr/local/bin
 
+AWS_K8S_VERSION=$(echo "$K8S_VERSION" | cut -d "." -f 1-2 | cut -c 2-)
 eksctl create cluster  \
       --name "${AWS_CLUSTER_NAME}" \
-      --version 1.27 \
+      --version "${AWS_K8S_VERSION}" \
       --nodegroup-name "${AWS_CLUSTER_NAME}-workers" \
       --node-type t3.xlarge \
       --nodes 1
diff --git a/scripts/gke/gke-start.sh b/scripts/gke/gke-start.sh
index ab5afd2..061398d 100755
--- a/scripts/gke/gke-start.sh
+++ b/scripts/gke/gke-start.sh
@@ -1,8 +1,22 @@
 #!/bin/bash
 
+K8S_VERSION=$(echo "$K8S_VERSION" | cut -d '.' -f 1,2 | cut -c 2-)
+GKE_CLUSTER_VERSION=$(gcloud container get-server-config --zone="$GKE_CLUSTER_ZONE" --format=json \
+    | jq '.channels[] | select (.channel=="REGULAR") | .validVersions[]' \
+    | grep -m 1 "$K8S_VERSION" | tr -d '"')
+if [ -z "$GKE_CLUSTER_VERSION" ]; then
+    echo "GKE cluster version is not valid: $GKE_CLUSTER_VERSION"
+    exit 1
+fi
+
 gcloud components install gke-gcloud-auth-plugin
 gcloud components update
-time gcloud container clusters create "${GKE_CLUSTER_NAME}" --project="${GKE_PROJECT_ID}" --machine-type="${GKE_CLUSTER_TYPE}" --num-nodes=1 --zone="${GKE_CLUSTER_ZONE}" -q
+time gcloud container clusters create "${GKE_CLUSTER_NAME}" \
+--project="${GKE_PROJECT_ID}" \
+--machine-type="${GKE_CLUSTER_TYPE}" \
+--num-nodes=1 \
+--zone="${GKE_CLUSTER_ZONE}" \
+--cluster-version="${GKE_CLUSTER_VERSION}" -q
 echo "Writing config to ${KUBECONFIG}"
 gcloud container clusters get-credentials "${GKE_CLUSTER_NAME}" --project="${GKE_PROJECT_ID}" --zone="${GKE_CLUSTER_ZONE}"
 kubectl create clusterrolebinding cluster-admin-binding  --clusterrole cluster-admin --user "$(gcloud config get-value account)"