diff --git a/kubernetes/home-lab/apps/networking/cert-manager/app/helm-release.yaml b/kubernetes/home-lab/apps/networking/cert-manager/app/helm-release.yaml
index d242e548..63864128 100644
--- a/kubernetes/home-lab/apps/networking/cert-manager/app/helm-release.yaml
+++ b/kubernetes/home-lab/apps/networking/cert-manager/app/helm-release.yaml
@@ -8,7 +8,7 @@ spec:
   chart:
     spec:
       chart: cert-manager
-      version: v1.16.1
+      version: v1.16.2
       sourceRef:
         kind: HelmRepository
         name: jetstack
@@ -27,7 +27,7 @@ spec:
   values:
     image:
       repository: quay.io/jetstack/cert-manager-controller
-      tag: v1.16.1@sha256:ae5e14401cde4dec8bccce7594f829cd491044aa66944272e1d4fccc941ec77c
+      tag: v1.16.2@sha256:ae5e14401cde4dec8bccce7594f829cd491044aa66944272e1d4fccc941ec77c
     installCRDs: true
     # webhook:
     extraArgs:
diff --git a/kubernetes/home-lab/apps/networking/envoy-gateway/app/config.yaml b/kubernetes/home-lab/apps/networking/envoy-gateway/app/config.yaml
new file mode 100644
index 00000000..7d31f0dd
--- /dev/null
+++ b/kubernetes/home-lab/apps/networking/envoy-gateway/app/config.yaml
@@ -0,0 +1,44 @@
+---
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyProxy
+metadata:
+  name: config
+  namespace: networking
+spec:
+  telemetry:
+    metrics:
+      prometheus: {}
+  # shutdown:
+  #   drainTimeout: 300s
+  logging:
+    level:
+      default: debug
+  provider:
+    type: Kubernetes
+    kubernetes:
+      envoyDeployment:
+        replicas: 1
+        container:
+          image: envoyproxy/envoy:distroless-dev-bc0e51128f80b2c1b48fd80038779b242e8345d7
+          resources:
+            requests:
+              cpu: 150m
+              memory: 640Mi
+            limits:
+              cpu: 500m
+              memory: 1Gi
+---
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: ClientTrafficPolicy
+metadata:
+  name: enable-mtls
+  namespace: networking
+spec:
+  targetRef:
+    group: gateway.networking.k8s.io
+    kind: Gateway
+    name: eg
+    namespace: default
+  tls:
+    clientValidation:
+      optional: true
diff --git a/kubernetes/home-lab/apps/networking/envoy-gateway/app/gateway-class.yaml b/kubernetes/home-lab/apps/networking/envoy-gateway/app/gateway-class.yaml
index 095a10f5..ba91b61a 100644
--- a/kubernetes/home-lab/apps/networking/envoy-gateway/app/gateway-class.yaml
+++ b/kubernetes/home-lab/apps/networking/envoy-gateway/app/gateway-class.yaml
@@ -5,4 +5,9 @@ metadata:
   name: envoy-gateway
   namespace: networking
 spec:
-  controllerName: gateway.envoyproxy.io/gatewayclass-controller
\ No newline at end of file
+  controllerName: gateway.envoyproxy.io/gatewayclass-controller
+  parametersRef:
+    group: gateway.envoyproxy.io
+    kind: EnvoyProxy
+    name: config
+    namespace: networking
\ No newline at end of file
diff --git a/kubernetes/home-lab/apps/networking/envoy-gateway/app/helm-release.yaml b/kubernetes/home-lab/apps/networking/envoy-gateway/app/helm-release.yaml
index 0e9f3932..67db532c 100644
--- a/kubernetes/home-lab/apps/networking/envoy-gateway/app/helm-release.yaml
+++ b/kubernetes/home-lab/apps/networking/envoy-gateway/app/helm-release.yaml
@@ -21,8 +21,10 @@ spec:
   uninstall:
     keepHistory: false
   values:
-    config:
+    deployment:
       envoyGateway:
-        logging:
-          level:
-            default: debug
+        image:
+          repository: docker.io/envoyproxy/gateway
+          tag: v1.2.1
+        rbac:
+          cluster: true
diff --git a/kubernetes/home-lab/apps/networking/envoy-gateway/app/kustomization.yaml b/kubernetes/home-lab/apps/networking/envoy-gateway/app/kustomization.yaml
index 5a536b54..96dd8b17 100644
--- a/kubernetes/home-lab/apps/networking/envoy-gateway/app/kustomization.yaml
+++ b/kubernetes/home-lab/apps/networking/envoy-gateway/app/kustomization.yaml
@@ -3,4 +3,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - helm-release.yaml
+  - config.yaml
   - gateway-class.yaml
diff --git a/kubernetes/home-lab/apps/networking/gateway-api/app/kustomization.yaml b/kubernetes/home-lab/apps/networking/gateway-api/app/kustomization.yaml
index cff8e4c6..49f4b5ac 100644
--- a/kubernetes/home-lab/apps/networking/gateway-api/app/kustomization.yaml
+++ b/kubernetes/home-lab/apps/networking/gateway-api/app/kustomization.yaml
@@ -2,4 +2,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - github.com/kubernetes-sigs/gateway-api/config/crd?ref=v1.0.0
+  - https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.2.0/experimental-install.yaml
diff --git a/kubernetes/home-lab/flux/repositories/oci/envoy-gateway.yaml b/kubernetes/home-lab/flux/repositories/oci/envoy-gateway.yaml
index 8b174b7c..49ac8a2e 100644
--- a/kubernetes/home-lab/flux/repositories/oci/envoy-gateway.yaml
+++ b/kubernetes/home-lab/flux/repositories/oci/envoy-gateway.yaml
@@ -8,5 +8,5 @@ spec:
   interval: 1h
   url: oci://docker.io/envoyproxy/gateway-helm
   ref:
-    tag: v1.0.2
+    tag: v1.2.1
   timeout: 3m