diff --git a/.github/in-cluster-test-scripts/aks-azure-ipam-install.sh b/.github/in-cluster-test-scripts/aks-azure-ipam-install.sh
index e5dcb5c153..b4ca56ee13 100644
--- a/.github/in-cluster-test-scripts/aks-azure-ipam-install.sh
+++ b/.github/in-cluster-test-scripts/aks-azure-ipam-install.sh
@@ -14,4 +14,6 @@ cilium install \
   --azure-client-id "${AZURE_CLIENT_ID}" \
   --azure-client-secret "${AZURE_CLIENT_SECRET}" \
   --wait=false \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --config monitor-aggregation=none
diff --git a/.github/in-cluster-test-scripts/aks-byocni-install.sh b/.github/in-cluster-test-scripts/aks-byocni-install.sh
index 8cd5560bd7..3a5794a8fe 100644
--- a/.github/in-cluster-test-scripts/aks-byocni-install.sh
+++ b/.github/in-cluster-test-scripts/aks-byocni-install.sh
@@ -9,4 +9,6 @@ cilium install \
   --disable-check=az-binary \
   --datapath-mode=aks-byocni \
   --wait=false \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --config monitor-aggregation=none
diff --git a/.github/in-cluster-test-scripts/eks-tunnel.sh b/.github/in-cluster-test-scripts/eks-tunnel.sh
index 7b3149ef4b..669fe26a06 100644
--- a/.github/in-cluster-test-scripts/eks-tunnel.sh
+++ b/.github/in-cluster-test-scripts/eks-tunnel.sh
@@ -10,6 +10,8 @@ cilium install \
   --wait=false \
   --config monitor-aggregation=none \
   --datapath-mode=tunnel \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --ipam cluster-pool
 
 # Enable Relay
diff --git a/.github/in-cluster-test-scripts/eks.sh b/.github/in-cluster-test-scripts/eks.sh
index 12f7f43edf..7aa22918a1 100644
--- a/.github/in-cluster-test-scripts/eks.sh
+++ b/.github/in-cluster-test-scripts/eks.sh
@@ -8,6 +8,8 @@ cilium install \
   --version "${CILIUM_VERSION}" \
   --cluster-name "${CLUSTER_NAME}" \
   --wait=false \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --config monitor-aggregation=none
 
 # Enable Relay
diff --git a/.github/in-cluster-test-scripts/external-workloads-install.sh b/.github/in-cluster-test-scripts/external-workloads-install.sh
index af2802fbce..9e6b92a339 100644
--- a/.github/in-cluster-test-scripts/external-workloads-install.sh
+++ b/.github/in-cluster-test-scripts/external-workloads-install.sh
@@ -10,6 +10,8 @@ cilium install \
   --config monitor-aggregation=none \
   --config tunnel=vxlan \
   --kube-proxy-replacement=strict \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --ipv4-native-routing-cidr="${CLUSTER_CIDR}"
 
 # Enable Relay
diff --git a/.github/in-cluster-test-scripts/gke.sh b/.github/in-cluster-test-scripts/gke.sh
index b87e5f9152..974a1837c1 100644
--- a/.github/in-cluster-test-scripts/gke.sh
+++ b/.github/in-cluster-test-scripts/gke.sh
@@ -8,7 +8,9 @@ cilium install \
   --version "${CILIUM_VERSION}" \
   --cluster-name "${CLUSTER_NAME}" \
   --config monitor-aggregation=none \
-  --ipv4-native-routing-cidr="${CLUSTER_CIDR}"
+  --ipv4-native-routing-cidr="${CLUSTER_CIDR}" \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s
 
 # Enable Relay
 cilium hubble enable
diff --git a/.github/in-cluster-test-scripts/multicluster.sh b/.github/in-cluster-test-scripts/multicluster.sh
index 3a6c47bddd..88dada2140 100644
--- a/.github/in-cluster-test-scripts/multicluster.sh
+++ b/.github/in-cluster-test-scripts/multicluster.sh
@@ -11,6 +11,8 @@ CONTEXT2=$(kubectl config view | grep "${CLUSTER_NAME_2}" | head -1 | awk '{prin
 cilium install \
   --version "${CILIUM_VERSION}" \
   --context "${CONTEXT1}" \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --cluster-name "${CLUSTER_NAME_1}" \
   --cluster-id 1 \
   --config monitor-aggregation=none \
@@ -20,6 +22,8 @@ cilium install \
 cilium install \
   --version "${CILIUM_VERSION}" \
   --context "${CONTEXT2}" \
+  --helm-set loadBalancer.l7.backend=envoy \
+  --helm-set tls.secretsBackend=k8s \
   --cluster-name "${CLUSTER_NAME_2}" \
   --cluster-id 2 \
   --config monitor-aggregation=none \
diff --git a/.github/workflows/kind.yaml b/.github/workflows/kind.yaml
index 28448748fe..14fc8c4c09 100644
--- a/.github/workflows/kind.yaml
+++ b/.github/workflows/kind.yaml
@@ -60,7 +60,9 @@ jobs:
             --version=${{ env.cilium_version }} \
             --wait=false \
             --config monitor-aggregation=none \
-            --helm-set cni.chainingMode=portmap
+            --helm-set cni.chainingMode=portmap \
+            --helm-set loadBalancer.l7.backend=envoy \
+            --helm-set tls.secretsBackend=k8s
 
       - name: Enable Relay
         run: |
@@ -85,7 +87,10 @@ jobs:
 
       - name: Install Cilium with IPsec Encryption
         run: |
-          cilium install --version=${{ env.cilium_version}} --encryption=ipsec --kube-proxy-replacement=disabled
+          cilium install \
+          --version=${{ env.cilium_version}} \
+          --encryption=ipsec \
+          --kube-proxy-replacement=disabled
 
       - name: Enable Relay
         run: |