diff --git a/cli/internal/helm/overrides.go b/cli/internal/helm/overrides.go
index caf56e8cb93..b4119081bce 100644
--- a/cli/internal/helm/overrides.go
+++ b/cli/internal/helm/overrides.go
@@ -42,11 +42,19 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou
 		}
 	}
 
+	strictMode := map[string]any{
+		"enabled":      true,
+		"nodeCIDRList": []string{output.IPCidrNode},
+	}
+
 	extraVals["k8sServiceHost"] = output.InClusterEndpoint
 	extraVals["k8sServicePort"] = constants.KubernetesPort
 	if provider == cloudprovider.GCP {
 		extraVals["ipv4NativeRoutingCIDR"] = output.GCP.IPCidrPod
-		extraVals["strictModeCIDR"] = output.GCP.IPCidrPod
+		strictMode["podCIDRList"] = []string{output.GCP.IPCidrPod}
+	}
+	extraVals["encryption"] = map[string]any{
+		"strictMode": strictMode,
 	}
 	return extraVals
 }
@@ -63,9 +71,6 @@ func extraConstellationServicesValues(
 	extraVals["verification-service"] = map[string]any{
 		"attestationVariant": cfg.GetAttestationConfig().GetVariant().String(),
 	}
-	extraVals["konnectivity"] = map[string]any{
-		"loadBalancerIP": output.ClusterEndpoint,
-	}
 
 	extraVals["key-service"] = map[string]any{
 		"masterSecret": base64.StdEncoding.EncodeToString(masterSecret.Key),
diff --git a/cli/internal/helm/values.go b/cli/internal/helm/values.go
index 71edad78711..f9ae43f2d17 100644
--- a/cli/internal/helm/values.go
+++ b/cli/internal/helm/values.go
@@ -19,9 +19,8 @@ var ciliumVals = map[string]map[string]any{
 			"type":           "wireguard",
 			"nodeEncryption": true,
 			"strictMode": map[string]any{
-				"enabled":      true,
-				"podCIDRList":  []string{"10.244.0.0/16"},
-				"nodeCIDRList": []string{"192.168.179.0/24"},
+				"enabled":     true,
+				"podCIDRList": []string{"10.244.0.0/16"},
 			},
 		},
 		"l7Proxy": false,
@@ -61,9 +60,8 @@ var ciliumVals = map[string]map[string]any{
 			"type":           "wireguard",
 			"nodeEncryption": true,
 			"strictMode": map[string]any{
-				"enabled":      true,
-				"podCIDRList":  []string{"10.244.0.0/16"},
-				"nodeCIDRList": []string{"10.9.0.0/24"},
+				"enabled":     true,
+				"podCIDRList": []string{"10.244.0.0/16"},
 			},
 		},
 		"l7Proxy": false,
@@ -106,9 +104,7 @@ var ciliumVals = map[string]map[string]any{
 			"type":           "wireguard",
 			"nodeEncryption": true,
 			"strictMode": map[string]any{
-				"enabled":      true,
-				"podCIDRList":  []string{"10.244.0.0/16"},
-				"nodeCIDRList": []string{"192.168.178.0/24"},
+				"enabled": true,
 			},
 		},
 		"image": map[string]any{
@@ -144,9 +140,8 @@ var ciliumVals = map[string]map[string]any{
 			"type":           "wireguard",
 			"nodeEncryption": true,
 			"strictMode": map[string]any{
-				"enabled":      true,
-				"podCIDRList":  []string{"10.244.0.0/16"},
-				"nodeCIDRList": []string{"192.168.178.0/24"},
+				"enabled":     true,
+				"podCIDRList": []string{"10.244.0.0/16"},
 			},
 		},
 		"l7Proxy": false,
@@ -186,9 +181,8 @@ var ciliumVals = map[string]map[string]any{
 			"type":           "wireguard",
 			"nodeEncryption": true,
 			"strictMode": map[string]any{
-				"enabled":      true,
-				"podCIDRList":  []string{"10.244.0.0/16"},
-				"nodeCIDRList": []string{},
+				"enabled":     true,
+				"podCIDRList": []string{"10.244.0.0/16"},
 			},
 		},
 		"image": map[string]any{