diff --git a/cluster/config-defaults.yaml b/cluster/config-defaults.yaml
index eaff23ac62..f0c13cd321 100644
--- a/cluster/config-defaults.yaml
+++ b/cluster/config-defaults.yaml
@@ -740,8 +740,8 @@ tracing_coredns_local_zone_traces_endpoint: ""
 # AMI id given the image name and the Image AWS account owner.
 #
 # [0]: https://github.com/zalando-incubator/cluster-lifecycle-manager/blob/8a9bd1cb2d094038a9e23e646421f8146b48886a/provisioner/template.go#L116
-kuberuntu_image_v1_31_jammy_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.1-amd64-master-357" "861068367966" }}
-kuberuntu_image_v1_31_jammy_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.1-arm64-master-357" "861068367966" }}
+kuberuntu_image_v1_31_jammy_amd64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.4-amd64-master-359" "861068367966" }}
+kuberuntu_image_v1_31_jammy_arm64: {{ amiID "zalando-ubuntu-jammy-22.04-kubernetes-production-v1.31.4-arm64-master-359" "861068367966" }}
 
 # Which distro from the previous config items should be used. Valid options are only `jammy` for now. Can be set for each node pool.
 kuberuntu_distro_master: "jammy"
@@ -833,7 +833,7 @@ kubelet_registry_burst: "40"
 #  - upstream: official Kubernetes version
 #  - zalando:  internal Zalando build with our custom patches
 kubernetes_scheduler_image: "zalando"
-kubernetes_controller_manager_image: "zalando"
+kubernetes_controller_manager_image: "upstream"
 
 # when set to true, service account tokens can be used from outside the cluster
 allow_external_service_accounts: "false"
diff --git a/cluster/manifests/01-aws-node/daemonset.yaml b/cluster/manifests/01-aws-node/daemonset.yaml
index 5c9948dd93..32c8f1df3c 100644
--- a/cluster/manifests/01-aws-node/daemonset.yaml
+++ b/cluster/manifests/01-aws-node/daemonset.yaml
@@ -238,7 +238,7 @@ spec:
           type: ""
         name: cni-bin-dir
       - hostPath:
-          path: /etc/kubernetes/cni/net.d #/etc/cni/net.d
+          path: /etc/cni/net.d
           type: ""
         name: cni-net-dir
       - hostPath:
diff --git a/cluster/node-pools/master-default/userdata.yaml b/cluster/node-pools/master-default/userdata.yaml
index 8c5d7a23b1..e04b06179f 100644
--- a/cluster/node-pools/master-default/userdata.yaml
+++ b/cluster/node-pools/master-default/userdata.yaml
@@ -928,6 +928,7 @@ write_files:
       {{- end}}
 {{- end}}
 
+  # TODO: Remove this once all nodes are running an AMI compatible with /etc/cni/net.d/10-flannel.conflist
   - owner: root:root
     path: /etc/kubernetes/cni/net.d/10-flannel.conflist
     content: |
@@ -944,3 +945,20 @@ write_files:
           }
         ]
       }
+
+  - owner: root:root
+    path: /etc/cni/net.d/10-flannel.conflist
+    content: |
+      {
+        "name": "podnet",
+        "cniVersion": "0.3.1",
+        "plugins": [
+          {
+            "type": "flannel",
+            "delegate": {
+              "isDefaultGateway": true,
+              "hairpinMode": true
+            }
+          }
+        ]
+      }
diff --git a/cluster/node-pools/worker-splitaz/userdata.yaml b/cluster/node-pools/worker-splitaz/userdata.yaml
index 7e44a58230..8b112841b6 100644
--- a/cluster/node-pools/worker-splitaz/userdata.yaml
+++ b/cluster/node-pools/worker-splitaz/userdata.yaml
@@ -158,6 +158,7 @@ write_files:
 {{- end}}
 
 {{- if ne .Cluster.Provider "zalando-eks" }}
+  # TODO: Remove this once all nodes are running an AMI compatible with /etc/cni/net.d/10-flannel.conflist
   - owner: root:root
     path: /etc/kubernetes/cni/net.d/10-flannel.conflist
     content: |
@@ -174,4 +175,21 @@ write_files:
           }
         ]
       }
+
+  - owner: root:root
+    path: /etc/cni/net.d/10-flannel.conflist
+    content: |
+      {
+        "name": "podnet",
+        "cniVersion": "0.3.1",
+        "plugins": [
+          {
+            "type": "flannel",
+            "delegate": {
+              "isDefaultGateway": true,
+              "hairpinMode": true
+            }
+          }
+        ]
+      }
 {{- end}}