diff --git a/.github/workflows/zz_generated.create_release.yaml b/.github/workflows/zz_generated.create_release.yaml
index af85b3605..2fb628cf5 100644
--- a/.github/workflows/zz_generated.create_release.yaml
+++ b/.github/workflows/zz_generated.create_release.yaml
@@ -266,7 +266,7 @@ jobs:
           - windows-amd64
     env:
       GITHUB_TOKEN: "${{ secrets.TAYLORBOT_GITHUB_ACTION }}"
-      GO_VERSION: 1.20.8
+      GO_VERSION: 1.19.6
       ARTIFACT_DIR: bin-dist
       TAG: v${{ needs.gather_facts.outputs.version }}
       CODE_SIGNING_CERT_BUNDLE_BASE64: ${{ secrets.CODE_SIGNING_CERT_BUNDLE_BASE64 }}
diff --git a/cmd/template/cluster/flag.go b/cmd/template/cluster/flag.go
index a7625c791..d6e88b412 100644
--- a/cmd/template/cluster/flag.go
+++ b/cmd/template/cluster/flag.go
@@ -94,6 +94,7 @@ const (
 	flagVSphereControlPlaneIP          = "vsphere-control-plane-ip"
 	flagVSphereServiceLoadBalancerCIDR = "vsphere-service-load-balancer-cidr"
 	flagVSphereNetworkName             = "vsphere-network-name"
+	flagVSphereSvcLbIpPool             = "vsphere-service-lb-pool"
 	flagVSphereControlPlaneDiskGiB     = "vsphere-control-plane-disk-gib"
 	flagVSphereControlPlaneIpPool      = "vsphere-control-plane-ip-pool"
 	flagVSphereControlPlaneMemoryMiB   = "vsphere-control-plane-memory-mib"
@@ -239,10 +240,11 @@ func (f *flag) Init(cmd *cobra.Command) {
 	cmd.Flags().IntVar(&f.OpenStack.WorkerReplicas, flagOpenStackWorkerReplicas, 0, "Default worker node pool replicas (OpenStack only).")
 
 	// VSphere only
-	cmd.Flags().StringVar(&f.VSphere.ControlPlane.IP, flagVSphereControlPlaneIP, "", "Control plane IP, leave empty for auto allocation.")
+	cmd.Flags().StringVar(&f.VSphere.ControlPlane.Ip, flagVSphereControlPlaneIP, "", "Control plane IP, leave empty for auto allocation.")
 	cmd.Flags().StringVar(&f.VSphere.ServiceLoadBalancerCIDR, flagVSphereServiceLoadBalancerCIDR, "", "CIDR for Service LB for new cluster")
 	cmd.Flags().StringVar(&f.VSphere.NetworkName, flagVSphereNetworkName, "", "Network name in vcenter that should be used for the new VMs")
-	cmd.Flags().StringVar(&f.VSphere.ControlPlane.IPPoolName, flagVSphereControlPlaneIpPool, "wc-cp-ips", "Name of `GlobalInClusterIpPool` CR from which the IP for CP is taken")
+	cmd.Flags().StringVar(&f.VSphere.SvcLbIpPoolName, flagVSphereSvcLbIpPool, "svc-lb-ips", "Name of `GlobalInClusterIpPool` CR from which the IP for Service LB (kubevip) is taken")
+	cmd.Flags().StringVar(&f.VSphere.ControlPlane.IpPoolName, flagVSphereControlPlaneIpPool, "wc-cp-ips", "Name of `GlobalInClusterIpPool` CR from which the IP for CP is taken")
 	cmd.Flags().IntVar(&f.VSphere.ControlPlane.DiskGiB, flagVSphereControlPlaneDiskGiB, 50, "Disk size in GiB for control individual plane nodes")
 	cmd.Flags().IntVar(&f.VSphere.ControlPlane.MemoryMiB, flagVSphereControlPlaneMemoryMiB, 8096, "Memory size in MiB for individual control plane nodes")
 	cmd.Flags().IntVar(&f.VSphere.ControlPlane.NumCPUs, flagVSphereControlPlaneNumCPUs, 4, "Number of CPUs for individual control plane nodes")
@@ -430,16 +432,16 @@ func (f *flag) Validate(cmd *cobra.Command) error {
 				return microerror.Maskf(invalidFlagError, "--%s supports one availability zone only", flagControlPlaneAZ)
 			}
 		case key.ProviderVSphere:
-			if f.VSphere.ServiceLoadBalancerCIDR == "" {
-				return microerror.Maskf(invalidFlagError, "CIDR range from which the public IPs for Services of type LoadBalancer are taken (required) (--%s)", flagVSphereServiceLoadBalancerCIDR)
+			if f.VSphere.NetworkName == "" {
+				return microerror.Maskf(invalidFlagError, "Provide the network name in vcenter (required) (--%s)", flagVSphereNetworkName)
 			}
-			if !validateCIDR(f.VSphere.ServiceLoadBalancerCIDR) {
+			if f.VSphere.ServiceLoadBalancerCIDR != "" && !validateCIDR(f.VSphere.ServiceLoadBalancerCIDR) {
 				return microerror.Maskf(invalidFlagError, "--%s must be a valid CIDR", flagVSphereServiceLoadBalancerCIDR)
 			}
 			if !cmd.Flags().Changed(flagKubernetesVersion) {
 				f.KubernetesVersion = defaultVSphereKubernetesVersion
 			}
-			// todo: add validation for flagVSphereImageTemplate
+
 			placeholders := strings.Count(f.VSphere.ImageTemplate, "%s")
 			if placeholders > 1 {
 				return microerror.Maskf(invalidFlagError, "--%s must contain at most one occurrence of '%%s' where k8s version will be injected", flagVSphereImageTemplate)
diff --git a/cmd/template/cluster/provider/capv.go b/cmd/template/cluster/provider/capv.go
index df4d82130..0b745c672 100644
--- a/cmd/template/cluster/provider/capv.go
+++ b/cmd/template/cluster/provider/capv.go
@@ -114,7 +114,7 @@ func templateClusterVSphere(ctx context.Context, k8sClient k8sclient.Interface,
 
 func BuildCapvClusterConfig(config ClusterConfig) capv.ClusterConfig {
 	const className = "default"
-	return capv.ClusterConfig{
+	cfg := capv.ClusterConfig{
 		BaseDomain:         "test.gigantic.io",
 		ClusterDescription: config.Description,
 		Organization:       config.Organization,
@@ -126,14 +126,12 @@ func BuildCapvClusterConfig(config ClusterConfig) capv.ClusterConfig {
 			Network: &capv.Network{
 				AllowAllEgress: true,
 				ControlPlaneEndpoint: &capv.ControlPlaneEndpoint{
-					Host:       config.VSphere.ControlPlane.IP,
-					IpPoolName: config.VSphere.ControlPlane.IPPoolName,
+					Host:       config.VSphere.ControlPlane.Ip,
+					IpPoolName: config.VSphere.ControlPlane.IpPoolName,
 					Port:       6443,
 				},
 				LoadBalancers: &capv.LoadBalancers{
-					CidrBlocks: []string{
-						config.VSphere.ServiceLoadBalancerCIDR,
-					},
+					IpPoolName: config.VSphere.SvcLbIpPoolName,
 				},
 			},
 		},
@@ -165,6 +163,10 @@ func BuildCapvClusterConfig(config ClusterConfig) capv.ClusterConfig {
 			},
 		},
 	}
+	if config.VSphere.ServiceLoadBalancerCIDR != "" {
+		cfg.Connectivity.Network.LoadBalancers.CidrBlocks = []string{config.VSphere.ServiceLoadBalancerCIDR}
+	}
+	return cfg
 }
 
 func getMachineTemplate(machineTemplate *VSphereMachineTemplate, clusterConfig *ClusterConfig) *capv.MachineTemplate {
diff --git a/cmd/template/cluster/provider/common.go b/cmd/template/cluster/provider/common.go
index 94ab4219c..29687c038 100644
--- a/cmd/template/cluster/provider/common.go
+++ b/cmd/template/cluster/provider/common.go
@@ -70,6 +70,7 @@ type VSphereConfig struct {
 	Worker                  VSphereMachineTemplate
 	ResourcePool            string
 	ServiceLoadBalancerCIDR string
+	SvcLbIpPoolName         string
 }
 
 type VSphereMachineTemplate struct {
@@ -80,8 +81,8 @@ type VSphereMachineTemplate struct {
 }
 
 type VSphereControlPlane struct {
-	IP         string
-	IPPoolName string
+	Ip         string
+	IpPoolName string
 	VSphereMachineTemplate
 }
 
diff --git a/cmd/template/cluster/provider/templates/capv/types.go b/cmd/template/cluster/provider/templates/capv/types.go
index f26b74dac..919a80fd7 100644
--- a/cmd/template/cluster/provider/templates/capv/types.go
+++ b/cmd/template/cluster/provider/templates/capv/types.go
@@ -40,6 +40,7 @@ type ControlPlaneEndpoint struct {
 
 type LoadBalancers struct {
 	CidrBlocks []string `json:"cidrBlocks,omitempty"`
+	IpPoolName string   `json:"ipPoolName,omitempty"`
 }
 
 type ControlPlane struct {
diff --git a/cmd/template/cluster/runner_test.go b/cmd/template/cluster/runner_test.go
index 62b9b711a..b9bba9254 100644
--- a/cmd/template/cluster/runner_test.go
+++ b/cmd/template/cluster/runner_test.go
@@ -219,6 +219,7 @@ func Test_run(t *testing.T) {
 					ServiceLoadBalancerCIDR: "1.2.3.4/32",
 					ResourcePool:            "foopool",
 					NetworkName:             "foonet",
+					SvcLbIpPoolName:         "svc-foo-pool",
 					CredentialsSecretName:   "foosecret",
 					ImageTemplate:           "foobar",
 					ControlPlane: provider.VSphereControlPlane{
@@ -228,7 +229,7 @@ func Test_run(t *testing.T) {
 							NumCPUs:   6,
 							Replicas:  5,
 						},
-						IPPoolName: "foo-pool",
+						IpPoolName: "foo-pool",
 					},
 					Worker: provider.VSphereMachineTemplate{
 						DiskGiB:   43,
diff --git a/cmd/template/cluster/testdata/run_template_cluster_capv.golden b/cmd/template/cluster/testdata/run_template_cluster_capv.golden
index d2387d7b8..70680b28e 100644
--- a/cmd/template/cluster/testdata/run_template_cluster_capv.golden
+++ b/cmd/template/cluster/testdata/run_template_cluster_capv.golden
@@ -16,6 +16,7 @@ data:
         loadBalancers:
           cidrBlocks:
           - 1.2.3.4/32
+          ipPoolName: svc-foo-pool
     controlPlane:
       image:
         repository: registry.k8s.io
diff --git a/go.mod b/go.mod
index 780bdeb7d..28c14636f 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	dario.cat/mergo v1.0.0
 	github.com/3th1nk/cidr v0.2.0
 	github.com/Masterminds/sprig/v3 v3.2.3
-	github.com/ProtonMail/gopenpgp/v2 v2.7.3
+	github.com/ProtonMail/gopenpgp/v2 v2.7.4
 	github.com/blang/semver v3.5.1+incompatible
 	github.com/blang/semver/v4 v4.0.0
 	github.com/coreos/go-oidc/v3 v3.6.0
@@ -218,14 +218,14 @@ require (
 )
 
 replace (
-	github.com/containerd/containerd => github.com/containerd/containerd v1.7.7 // [CVE-2023-25153]
-	github.com/coreos/etcd => go.etcd.io/etcd/client/v3 v3.5.9
+	github.com/containerd/containerd => github.com/containerd/containerd v1.7.8 // [CVE-2023-25153]
+	github.com/coreos/etcd => go.etcd.io/etcd/client/v3 v3.5.10
 	github.com/docker/distribution v2.7.1+incompatible => github.com/docker/distribution v2.8.0+incompatible
 	github.com/docker/docker => github.com/moby/moby v23.0.7+incompatible
 	github.com/go-ldap/ldap/v3 => github.com/go-ldap/ldap/v3 v3.4.6
 	github.com/gogo/protobuf => github.com/gogo/protobuf v1.3.2 // [CVE-2021-3121]
 	github.com/gorilla/websocket v1.4.0 => github.com/gorilla/websocket v1.4.2
-	github.com/hashicorp/consul/api => github.com/hashicorp/consul/api v1.25.1
+	github.com/hashicorp/consul/api => github.com/hashicorp/consul/api v1.26.1
 	github.com/hashicorp/vault/api => github.com/hashicorp/vault/api v1.10.0
 	github.com/hashicorp/vault/sdk v0.4.1 => github.com/hashicorp/vault/sdk v1.10.0
 	// CVE-2023-27561
diff --git a/go.sum b/go.sum
index 734bb88a3..787a301fa 100644
--- a/go.sum
+++ b/go.sum
@@ -114,8 +114,8 @@ github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c h1:kMFnB0vCcX
 github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=
 github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw=
-github.com/ProtonMail/gopenpgp/v2 v2.7.3 h1:AJu1OI/1UWVYZl6QcCLKGu9OTngS2r52618uGlje84I=
-github.com/ProtonMail/gopenpgp/v2 v2.7.3/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g=
+github.com/ProtonMail/gopenpgp/v2 v2.7.4 h1:Vz/8+HViFFnf2A6XX8JOvZMrA6F5puwNvvF21O1mRlo=
+github.com/ProtonMail/gopenpgp/v2 v2.7.4/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g=
 github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU=
 github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
diff --git a/pkg/project/project.go b/pkg/project/project.go
index b23ec83cf..d11eec569 100644
--- a/pkg/project/project.go
+++ b/pkg/project/project.go
@@ -5,7 +5,7 @@ var (
 	gitSHA      = "n/a"
 	name        = "kubectl-gs"
 	source      = "https://github.com/giantswarm/kubectl-gs"
-	version     = "2.45.3"
+	version     = "2.45.4-dev"
 )
 
 func Description() string {