diff --git a/.drone.yml b/.drone.yml
index 73c07540d7..1e52a32c4f 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -48,7 +48,7 @@ steps:
         from_secret: AWS_SECRET_ACCESS_KEY-rke2-ci-uploader     
     commands:
       - docker pull --quiet rancher/hardened-build-base:v1.19.7b1
-      - docker pull --quiet alpine:3.15
+      - docker pull --quiet alpine:3.17
       - dapper -f Dockerfile --target dapper make dapper-ci
     volumes:
       - name: docker
diff --git a/Dockerfile b/Dockerfile
index c8cfa1e76c..44bd6d8590 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -121,12 +121,12 @@ RUN CHART_VERSION="1.13.000"                  CHART_FILE=/charts/rke2-cilium.yam
 RUN CHART_VERSION="v3.25.0-build2023020902"   CHART_FILE=/charts/rke2-canal.yaml          CHART_BOOTSTRAP=true   /charts/build-chart.sh
 RUN CHART_VERSION="v3.25.002"                 CHART_FILE=/charts/rke2-calico.yaml         CHART_BOOTSTRAP=true   /charts/build-chart.sh
 RUN CHART_VERSION="v3.25.002"                 CHART_FILE=/charts/rke2-calico-crd.yaml     CHART_BOOTSTRAP=true   /charts/build-chart.sh
-RUN CHART_VERSION="1.19.401"                  CHART_FILE=/charts/rke2-coredns.yaml        CHART_BOOTSTRAP=true   /charts/build-chart.sh
+RUN CHART_VERSION="1.19.402"                  CHART_FILE=/charts/rke2-coredns.yaml        CHART_BOOTSTRAP=true   /charts/build-chart.sh
 RUN CHART_VERSION="4.5.201"                   CHART_FILE=/charts/rke2-ingress-nginx.yaml  CHART_BOOTSTRAP=false  /charts/build-chart.sh
 RUN CHART_VERSION="2.11.100-build2022101107"  CHART_FILE=/charts/rke2-metrics-server.yaml CHART_BOOTSTRAP=false  /charts/build-chart.sh
 RUN CHART_VERSION="v3.9.3-build2023010902"    CHART_FILE=/charts/rke2-multus.yaml         CHART_BOOTSTRAP=true   /charts/build-chart.sh
-RUN CHART_VERSION="1.4.100"                   CHART_FILE=/charts/rancher-vsphere-cpi.yaml CHART_BOOTSTRAP=true   /charts/build-chart.sh
-RUN CHART_VERSION="2.6.2-rancher100"          CHART_FILE=/charts/rancher-vsphere-csi.yaml CHART_BOOTSTRAP=true   /charts/build-chart.sh
+RUN CHART_VERSION="1.4.200"                   CHART_FILE=/charts/rancher-vsphere-cpi.yaml CHART_BOOTSTRAP=true   /charts/build-chart.sh
+RUN CHART_VERSION="2.6.2-rancher200"          CHART_FILE=/charts/rancher-vsphere-csi.yaml CHART_BOOTSTRAP=true   /charts/build-chart.sh
 RUN CHART_VERSION="0.1.1400"                  CHART_FILE=/charts/harvester-cloud-provider.yaml CHART_BOOTSTRAP=true /charts/build-chart.sh
 RUN CHART_VERSION="0.1.1600"                  CHART_FILE=/charts/harvester-csi-driver.yaml     CHART_BOOTSTRAP=true /charts/build-chart.sh
 RUN CHART_VERSION="1.7.201"                   CHART_FILE=/charts/rke2-snapshot-controller.yaml CHART_BOOTSTRAP=false /charts/build-chart.sh
@@ -139,9 +139,9 @@ RUN rm -vf /charts/*.sh /charts/*.md
 # must be placed in bin/ of the file image and subdirectories of bin/ will be flattened during installation.
 # This means bin/foo/bar will become bin/bar when rke2 installs this to the host
 FROM rancher/hardened-kubernetes:v1.26.3-rke2r1-build20230317 AS kubernetes
-FROM rancher/hardened-containerd:v1.6.19-k3s1-build20230310 AS containerd
-FROM rancher/hardened-crictl:v1.24.0-build20221011 AS crictl
-FROM rancher/hardened-runc:v1.1.4-build20221012 AS runc
+FROM rancher/hardened-containerd:v1.6.19-k3s1-build20230406 AS containerd
+FROM rancher/hardened-crictl:v1.26.1-build20230406 AS crictl
+FROM rancher/hardened-runc:v1.1.5-build20230406 AS runc
 
 FROM scratch AS runtime-collect
 COPY --from=runc \
diff --git a/Dockerfile.windows b/Dockerfile.windows
index 19d3854a3b..b79f4ce25d 100644
--- a/Dockerfile.windows
+++ b/Dockerfile.windows
@@ -1,4 +1,4 @@
-FROM alpine:3.15 AS build
+FROM alpine:3.17 AS build
 
 RUN apk --no-cache add \
     curl \
@@ -38,7 +38,7 @@ RUN curl -sL https://raw.githubusercontent.com/golangci/golangci-lint/master/ins
 WORKDIR /source
 # End Dapper stuff
 
-FROM rancher/hardened-containerd:v1.6.19-k3s1-build20230310-amd64-windows AS containerd
+FROM rancher/hardened-containerd:v1.6.19-k3s1-build20230406-amd64-windows AS containerd
 FROM build as windows-runtime-collect
 ARG KUBERNETES_VERSION=dev
 
diff --git a/scripts/build-binary b/scripts/build-binary
index 009ca9e89d..4ea62891a5 100755
--- a/scripts/build-binary
+++ b/scripts/build-binary
@@ -24,7 +24,7 @@ VERSION_FLAGS="
         -X ${K3S_PKG}/pkg/version.Program=${PROG}
         -X ${K3S_PKG}/pkg/version.Version=${VERSION}
         -X ${RKE2_PKG}/pkg/images.DefaultRegistry=${REGISTRY}
-        -X ${RKE2_PKG}/pkg/images.DefaultEtcdImage=rancher/hardened-etcd:${ETCD_VERSION}-build20221129
+        -X ${RKE2_PKG}/pkg/images.DefaultEtcdImage=rancher/hardened-etcd:${ETCD_VERSION}-build20230406
         -X ${RKE2_PKG}/pkg/images.DefaultKubernetesImage=rancher/hardened-kubernetes:${KUBERNETES_IMAGE_TAG}
         -X ${RKE2_PKG}/pkg/images.DefaultPauseImage=rancher/pause:${PAUSE_VERSION}
         -X ${RKE2_PKG}/pkg/images.DefaultRuntimeImage=${REPO}/${PROG}-runtime:${DOCKERIZED_VERSION}
diff --git a/scripts/build-images b/scripts/build-images
index b282ce7442..265beb95a7 100755
--- a/scripts/build-images
+++ b/scripts/build-images
@@ -13,13 +13,13 @@ EOF
 
 xargs -n1 -t docker image pull --quiet << EOF >> build/images-core.txt
     ${REGISTRY}/rancher/hardened-kubernetes:${KUBERNETES_IMAGE_TAG}
-    ${REGISTRY}/rancher/hardened-coredns:v1.9.3-build20221011
-    ${REGISTRY}/rancher/hardened-cluster-autoscaler:v1.8.5-build20221011
-    ${REGISTRY}/rancher/hardened-dns-node-cache:1.21.2-build20221011
-    ${REGISTRY}/rancher/hardened-etcd:${ETCD_VERSION}-build20221129
+    ${REGISTRY}/rancher/hardened-coredns:v1.10.1-build20230406
+    ${REGISTRY}/rancher/hardened-cluster-autoscaler:v1.8.6-build20230406
+    ${REGISTRY}/rancher/hardened-dns-node-cache:1.22.20-build20230406
+    ${REGISTRY}/rancher/hardened-etcd:${ETCD_VERSION}-build20230406
     ${REGISTRY}/rancher/hardened-k8s-metrics-server:v0.6.2-build20221202
     ${REGISTRY}/rancher/klipper-helm:v0.7.6-build20230223
-    ${REGISTRY}/rancher/klipper-lb:v0.4.0
+    ${REGISTRY}/rancher/klipper-lb:v0.4.3
     ${REGISTRY}/rancher/pause:${PAUSE_VERSION}
     ${REGISTRY}/rancher/mirrored-ingress-nginx-kube-webhook-certgen:v20230312-helm-chart-4.5.2-28-g66a760794
     ${REGISTRY}/rancher/nginx-ingress-controller:nginx-1.6.4-hardened4
diff --git a/scripts/version.sh b/scripts/version.sh
index 6078b40243..a81a70da4e 100755
--- a/scripts/version.sh
+++ b/scripts/version.sh
@@ -33,9 +33,9 @@ RELEASE=${PROG}.${PLATFORM}
 # hardcode versions unless set specifically
 KUBERNETES_VERSION=${KUBERNETES_VERSION:-v1.26.3}
 KUBERNETES_IMAGE_TAG=${KUBERNETES_IMAGE_TAG:-v1.26.3-rke2r1-build20230317}
-ETCD_VERSION=${ETCD_VERSION:-v3.5.5-k3s1}
+ETCD_VERSION=${ETCD_VERSION:-v3.5.7-k3s1}
 PAUSE_VERSION=${PAUSE_VERSION:-3.6}
-CCM_VERSION=${CCM_VERSION:-v1.26.1-build20230210}
+CCM_VERSION=${CCM_VERSION:-v1.26.3-build20230406}
 
 if [ -d .git ]; then
     if [ -z "$GIT_TAG" ]; then