diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d0c4a85948f5847a9145b8a8e6cffbaa90e7743f..30d5ba48229edfb5beb91233ab47a27b5dc19e27 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -40,7 +40,7 @@ variables:
     - generic
 
 .bigbang:
-  image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/k3d-builder:0.0.6
+  image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/k8s-ci:v1.20.4-bb.3
   extends: .bigbang-dogfood
   after_script:
     - kubectl get all -A
@@ -103,7 +103,7 @@ clean install:
   variables:
     CLUSTER_NAME: "clean-${CI_COMMIT_SHORT_SHA}"
   rules:
-    - if: '$CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "master"'
+    - if: '($CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "master") || $CI_MERGE_REQUEST_LABELS =~ /(^|,)test-ci::infra(,|$)/'
       when: never
     - *chart_changes
   script:
@@ -128,6 +128,9 @@ upgrade:
   extends:
     - .k3d-ci
   rules:
+    # skip job for nightly master and "test-ci::infra" labeled pipelines
+    - if: '($CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "master") || $CI_MERGE_REQUEST_LABELS =~ /(^|,)test-ci::infra(,|$)/'
+      when: never
     # skip job when MR title starts with 'SKIP UPGRADE'
     - if: '$CI_MERGE_REQUEST_TITLE =~ /^SKIP UPGRADE/'
       when: never
diff --git a/.gitlab-ci/jobs/ci-cluster/.gitlab-ci.yml b/.gitlab-ci/jobs/ci-cluster/.gitlab-ci.yml
index 2248a11e6e11a08c06dd94649548782db8ebe0bb..d0c9c92b6e39fa9e41a3c67623325b27ef269372 100644
--- a/.gitlab-ci/jobs/ci-cluster/.gitlab-ci.yml
+++ b/.gitlab-ci/jobs/ci-cluster/.gitlab-ci.yml
@@ -8,7 +8,6 @@
     - privileged
     - dogfood
 
-#
 # In cluster k3s using K3D with the docker daemon as a sidecar
 #
 #   This will connect to a remote docker daemon over tls tcp (defined at installation of gitlab runners) and create
@@ -38,7 +37,6 @@
     - k3d cluster delete ${CI_JOB_ID}
     - docker network rm ${CI_JOB_ID}
 
-#
 # In cluster k3s using k3s as a sidecar
 #
 #   This will spin up k3s as a gitlab ci sidecar
diff --git a/.gitlab-ci/jobs/networking/aws/.gitlab-ci.yml b/.gitlab-ci/jobs/networking/aws/.gitlab-ci.yml
index 395a62aa44a32b6a28049ef7ba10a36326f65a4d..d84b0c8bd0939e02dec20713ffac6ab20980ab7d 100644
--- a/.gitlab-ci/jobs/networking/aws/.gitlab-ci.yml
+++ b/.gitlab-ci/jobs/networking/aws/.gitlab-ci.yml
@@ -24,4 +24,4 @@
   script:
     - *calc_unique_cidr
     - echo "Destroying network"
-    - terraform destroy -auto-approve
\ No newline at end of file
+    - terraform destroy -auto-approve
diff --git a/.gitlab-ci/jobs/rke2/.gitlab-ci.yml b/.gitlab-ci/jobs/rke2/.gitlab-ci.yml
index d5d6938fe568fd5ab93c875751a7b56b296c9748..5824f777ab469afb4e243a06f4823979374bd483 100644
--- a/.gitlab-ci/jobs/rke2/.gitlab-ci.yml
+++ b/.gitlab-ci/jobs/rke2/.gitlab-ci.yml
@@ -19,4 +19,4 @@
     - .rke2 tf
     - .terraform destroy workspace
   script:
-    - terraform destroy -input=false -auto-approve
\ No newline at end of file
+    - terraform destroy -input=false -auto-approve
diff --git a/.gitlab-ci/templates.yml b/.gitlab-ci/templates.yml
index 927ae6f78c8ffa1e8f5678b135bfc2151fe850de..e54cfb5d3ec311cbc6476d94bd329034d5e4f455 100644
--- a/.gitlab-ci/templates.yml
+++ b/.gitlab-ci/templates.yml
@@ -29,4 +29,4 @@ include:
 .terraform destroy workspace:
   after_script:
     - cd ${CI_PROJECT_DIR}/${TF_ROOT}
-    - terraform workspace select default && terraform workspace delete "${TF_VAR_env}"
\ No newline at end of file
+    - terraform workspace select default && terraform workspace delete "${TF_VAR_env}"
diff --git a/scripts/deploy/01_deploy_bigbang.sh b/scripts/deploy/01_deploy_bigbang.sh
index 672599f9d3168e0fa4035b6ac6312e7c9b2217cd..5c24a9a7c2b4407ce26a93e936d76e502a2f1a0c 100755
--- a/scripts/deploy/01_deploy_bigbang.sh
+++ b/scripts/deploy/01_deploy_bigbang.sh
@@ -23,6 +23,12 @@ if [ "$(yq e ".addons.keycloak.enabled" "tests/ci/k3d/values.yaml")" == "true" ]
   yq eval-all 'select(fileIndex == 0) * select(filename == "tests/ci/keycloak-certs/keycloak-passthrough-values.yaml")' $CI_VALUES_FILE tests/ci/keycloak-certs/keycloak-passthrough-values.yaml > tmpfile && mv tmpfile $CI_VALUES_FILE
 fi
 
+# Set controlPlaneCidr for ci-infra jobs which are RKE2
+if [[ "$CI_PIPELINE_SOURCE" == "schedule" ]] && [[ "$CI_COMMIT_BRANCH" == "master" ]] || [[ "$CI_MERGE_REQUEST_LABELS" = *"test-ci::infra"* ]]; then
+  echo "Updating networkPolicies.controlPlaneCidr since Environment is RKE2"
+  yq e '.networkPolicies.controlPlaneCidr = "10.0.0.0/8"' $CI_VALUES_FILE > tmpfile && mv tmpfile $CI_VALUES_FILE
+fi
+
 # deploy BigBang using dev sized scaling
 echo "Installing BigBang with the following configurations:"
 cat $CI_VALUES_FILE