diff --git a/deploy/charts/emailsender/templates/emailsender-secret.yaml b/deploy/charts/emailsender/templates/emailsender-secret.yaml
index 6df2d86a1c..ed0f0f526f 100644
--- a/deploy/charts/emailsender/templates/emailsender-secret.yaml
+++ b/deploy/charts/emailsender/templates/emailsender-secret.yaml
@@ -1,5 +1,5 @@
-{{- if and (.Capabilities.APIVersions.Has "external-secrets.io/v1beta1") .Values.createExternalSecrets }}
-apiVersion: external-secrets.io/v1beta1
+{{- if and (.Capabilities.APIVersions.Has "external-secrets.io/v1") .Values.createExternalSecrets }}
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
   name: emailsender-db-secret
diff --git a/deploy/charts/fleetshard-sync/templates/secret.yaml b/deploy/charts/fleetshard-sync/templates/secret.yaml
index 590098759a..3b2779e57b 100644
--- a/deploy/charts/fleetshard-sync/templates/secret.yaml
+++ b/deploy/charts/fleetshard-sync/templates/secret.yaml
@@ -1,5 +1,5 @@
-{{- if and (.Capabilities.APIVersions.Has "external-secrets.io/v1beta1") .Values.createExternalSecrets }}
-apiVersion: external-secrets.io/v1beta1
+{{- if and (.Capabilities.APIVersions.Has "external-secrets.io/v1") .Values.createExternalSecrets }}
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
   name: fleetshard-sync-ext-secret
@@ -29,7 +29,7 @@ spec:
 {{- with .Values.tenantImagePullSecret }}
 {{- if and .create .name }}
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
   name: {{ .name }}
diff --git a/deploy/test/fleetshard_sync_chart_test.go b/deploy/test/fleetshard_sync_chart_test.go
index 426c7d4b1d..7191d23efa 100644
--- a/deploy/test/fleetshard_sync_chart_test.go
+++ b/deploy/test/fleetshard_sync_chart_test.go
@@ -52,7 +52,7 @@ func renderTemplate(t *testing.T, values map[string]string, template string) str
 	}
 
 	extraHelmArgs := []string{
-		"--api-versions", "external-secrets.io/v1beta1",
+		"--api-versions", "external-secrets.io/v1",
 	}
 	output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{template}, extraHelmArgs...)
 	return output
diff --git a/dev/env/defaults/00-defaults.env b/dev/env/defaults/00-defaults.env
index beb23c7b3d..940adda887 100644
--- a/dev/env/defaults/00-defaults.env
+++ b/dev/env/defaults/00-defaults.env
@@ -14,14 +14,15 @@ export ENABLE_FM_PORT_FORWARDING_DEFAULT="false"
 export INSTALL_OPENSHIFT_ROUTER_DEFAULT="true"
 # In some openshift environments the router is already installed but not exposed by default.
 export EXPOSE_OPENSHIFT_ROUTER_DEFAULT="false"
-export INSTALL_VERTICAL_POD_AUTOSCALER_DEFAULT="true"
+export INSTALL_VERTICAL_POD_AUTOSCALER_DEFAULT="false"
 export INSTALL_VERTICAL_POD_AUTOSCALER_OLM_DEFAULT="false"
 export INSTALL_ARGOCD="true"
 export INSTALL_OPENSHIFT_GITOPS="false"
 export ARGOCD_NAMESPACE="argocd"
 export ARGOCD_TENANT_APP_TARGET_REVISION_DEFAULT="HEAD"
 export INSTALL_EXTERNAL_SECRETS_DEFAULT="true" # pragma: allowlist secret
-export EXTERNAL_SECRETS_VERSION_DEFAULT="v0.14.4" # pragma: allowlist secret
+export EXTERNAL_SECRETS_VERSION_DEFAULT="v1.2.1" # pragma: allowlist secret
+export INSTALL_EXTERNAL_DNS_DEFAULT="false"
 
 export ENABLE_EMAIL_SENDER_DEFAULT="false"
 export EMAIL_SENDER_IMAGE_DEFAULT=""
diff --git a/dev/env/defaults/cluster-type-crc/env b/dev/env/defaults/cluster-type-crc/env
index c48d4f1162..12563131a3 100644
--- a/dev/env/defaults/cluster-type-crc/env
+++ b/dev/env/defaults/cluster-type-crc/env
@@ -1,3 +1,6 @@
 export ENABLE_CENTRAL_EXTERNAL_DOMAIN="true"
 export ENABLE_EXTERNAL_CONFIG_DEFAULT="true"
 export AWS_AUTH_HELPER_DEFAULT="aws-saml"
+export INSTALL_EXTERNAL_DNS_DEFAULT="false"
+export INSTALL_VERTICAL_POD_AUTOSCALER_DEFAULT="false"
+export INSTALL_VERTICAL_POD_AUTOSCALER_OLM_DEFAULT="false"
diff --git a/dev/env/defaults/cluster-type-openshift/env b/dev/env/defaults/cluster-type-openshift/env
index 3bd3f44606..465ef35b35 100644
--- a/dev/env/defaults/cluster-type-openshift/env
+++ b/dev/env/defaults/cluster-type-openshift/env
@@ -7,3 +7,4 @@ export ENABLE_EXTERNAL_CONFIG_DEFAULT="false"
 export INSTALL_ARGOCD="false"
 export INSTALL_OPENSHIFT_GITOPS="true"
 export ARGOCD_NAMESPACE="openshift-gitops"
+export INSTALL_EXTERNAL_DNS_DEFAULT="true"
diff --git a/dev/env/manifests/external-secrets/01-clustersecretstore.yaml b/dev/env/manifests/external-secrets/01-clustersecretstore.yaml
index 6d30daacba..8939e5dce5 100644
--- a/dev/env/manifests/external-secrets/01-clustersecretstore.yaml
+++ b/dev/env/manifests/external-secrets/01-clustersecretstore.yaml
@@ -1,5 +1,5 @@
 ---
-apiVersion: external-secrets.io/v1beta1
+apiVersion: external-secrets.io/v1
 kind: ClusterSecretStore
 metadata:
   name: secrets-manager-secret-store
diff --git a/dev/env/scripts/bootstrap.sh b/dev/env/scripts/bootstrap.sh
index caa05abd24..92dc482689 100755
--- a/dev/env/scripts/bootstrap.sh
+++ b/dev/env/scripts/bootstrap.sh
@@ -124,7 +124,7 @@ else
 fi
 apply "${MANIFESTS_DIR}/addons/acs-fleetshard"
 
-if is_openshift_cluster "$CLUSTER_TYPE"; then
+if [[ "$INSTALL_EXTERNAL_DNS" == "true" ]]; then
     log "Installing ExternalDNS for OpenShift"
     apply "${MANIFESTS_DIR}/external-dns-operator"
     wait_for_crd externaldnses.externaldns.olm.openshift.io
@@ -133,7 +133,7 @@ if is_openshift_cluster "$CLUSTER_TYPE"; then
     export EXTERNAL_DNS_NAME=${INFRASTRUCTURE_NAME}
     chamber exec e2e-external-dns -- apply "${MANIFESTS_DIR}/external-dns"
 else
-    log "Skipping installation of ExternalDNS (only installed on openshift)"
+    log "Skipping installation of ExternalDNS"
 fi
 
 if [[ "$CLUSTER_TYPE"  == "kind" ]]; then
diff --git a/dev/env/scripts/lib.sh b/dev/env/scripts/lib.sh
index f604cf1ba6..3613853855 100644
--- a/dev/env/scripts/lib.sh
+++ b/dev/env/scripts/lib.sh
@@ -88,6 +88,7 @@ init() {
     export INSTALL_VERTICAL_POD_AUTOSCALER_OLM="${INSTALL_VERTICAL_POD_AUTOSCALER_OLM:-$INSTALL_VERTICAL_POD_AUTOSCALER_OLM_DEFAULT}"
     export INSTALL_EXTERNAL_SECRETS="${INSTALL_EXTERNAL_SECRETS:-$INSTALL_EXTERNAL_SECRETS_DEFAULT}"
     export EXTERNAL_SECRETS_VERSION="${EXTERNAL_SECRETS_VERSION:-$EXTERNAL_SECRETS_VERSION_DEFAULT}"
+    export INSTALL_EXTERNAL_DNS="${INSTALL_EXTERNAL_DNS:-$INSTALL_EXTERNAL_DNS_DEFAULT}"
     export OCM_SERVICE_CLIENT_ID=${OCM_SERVICE_CLIENT_ID:-$OCM_SERVICE_CLIENT_ID_DEFAULT}
     export OCM_SERVICE_CLIENT_SECRET=${OCM_SERVICE_CLIENT_SECRET:-$OCM_SERVICE_CLIENT_SECRET_DEFAULT}
     export OCM_SERVICE_TOKEN=${OCM_SERVICE_TOKEN:-$OCM_SERVICE_TOKEN_DEFAULT}
@@ -152,6 +153,7 @@ INSTALL_ARGOCD: ${INSTALL_ARGOCD}
 INSTALL_OPENSHIFT_GITOPS: ${INSTALL_OPENSHIFT_GITOPS}
 INSTALL_EXTERNAL_SECRETS: ${INSTALL_EXTERNAL_SECRETS}
 EXTERNAL_SECRETS_VERSION: ${EXTERNAL_SECRETS_VERSION}
+INSTALL_EXTERNAL_DNS: ${INSTALL_EXTERNAL_DNS}
 ARGOCD_NAMESPACE: ${ARGOCD_NAMESPACE}
 ARGOCD_TENANT_APP_TARGET_REVISION: ${ARGOCD_TENANT_APP_TARGET_REVISION}
 OCM_SERVICE_CLIENT_ID: ********
diff --git a/scripts/ci/central_compatibility/run_compatibility_test.sh b/scripts/ci/central_compatibility/run_compatibility_test.sh
index 527b9aec3d..0151f9ea21 100755
--- a/scripts/ci/central_compatibility/run_compatibility_test.sh
+++ b/scripts/ci/central_compatibility/run_compatibility_test.sh
@@ -53,7 +53,7 @@ if [ "$GITHUB_REPOSITORY" = "stackrox/stackrox" ]; then
   STACKROX_DIR="$(cd "$ROOT_DIR/../stackrox" && pwd)"
   ACS_VERSION="$(make --no-print-directory -C "$STACKROX_DIR" tag)"
 else
-  ACS_VERSION="$(git ls-remote --tags https://github.com/stackrox/stackrox | grep -E '.*-nightly-[0-9]{8}$' | tail -n 1 | awk '{print $2}' | sed 's|refs/tags/||')"
+  ACS_VERSION="$(git ls-remote --tags https://github.com/stackrox/stackrox | grep -E '.*-nightly-[0-9]{8}$' | awk '{print $2}' | sed 's|refs/tags/||' | sort -V | tail -n 1)"
 fi
 
 log "ACS version: $ACS_VERSION"