diff --git a/.github/workflows/test-chart.yaml b/.github/workflows/test-chart.yaml
index e85850dd30..21742620d4 100644
--- a/.github/workflows/test-chart.yaml
+++ b/.github/workflows/test-chart.yaml
@@ -160,7 +160,7 @@ jobs:
           # information from
           # https://hub.jupyter.org/helm-chart/info.json
           #
-          - k3s-channel: v1.25
+          - k3s-channel: v1.26
             test: upgrade
             upgrade-from: stable
             upgrade-from-extra-args: >-
@@ -173,7 +173,7 @@ jobs:
               --set hub.db.type=sqlite-pvc
               --set singleuser.storage.type=dynamic
             create-k8s-test-resources: true
-          - k3s-channel: v1.24
+          - k3s-channel: v1.25
             test: upgrade
             upgrade-from: dev
             upgrade-from-extra-args: >-
@@ -183,7 +183,7 @@ jobs:
             local-chart-extra-args: >-
               --set hub.db.type=sqlite-pvc
               --set singleuser.storage.type=dynamic
-          - k3s-channel: v1.23
+          - k3s-channel: v1.24
             test: upgrade
             # We're testing hub.db.upgrade with PostgreSQL so this version must be old
             # enough to require a DB upgrade
diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml
index 4e3180edde..e481b4f224 100644
--- a/jupyterhub/Chart.yaml
+++ b/jupyterhub/Chart.yaml
@@ -8,7 +8,7 @@ keywords: [jupyter, jupyterhub, z2jh]
 home: https://z2jh.jupyter.org
 sources: [https://github.com/jupyterhub/zero-to-jupyterhub-k8s]
 icon: https://hub.jupyter.org/helm-chart/images/hublogo.svg
-kubeVersion: ">=1.23.0-0"
+kubeVersion: ">=1.24.0-0"
 maintainers:
   # Since it is a requirement of Artifact Hub to have specific maintainers
   # listed, we have added some below, but in practice the entire JupyterHub team
diff --git a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml
index 0f142b01ff..a96acb8cb1 100644
--- a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml
+++ b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml
@@ -10,26 +10,14 @@ data:
     This is configuration of a k8s official kube-scheduler binary running in the
     user-scheduler.
 
-    The config version and kube-scheduler binary version has a fallback for k8s
-    clusters versioned v1.23 or lower because:
-
-    - v1 / v1beta3 config requires kube-scheduler binary >=1.25 / >=1.23
-    - kube-scheduler binary >=1.25 requires storage.k8s.io/v1/CSIStorageCapacity
-      available first in k8s >=1.24
-
     ref: https://kubernetes.io/docs/reference/scheduling/config/
     ref: https://kubernetes.io/docs/reference/config-api/kube-scheduler-config.v1/
-    ref: https://kubernetes.io/docs/reference/config-api/kube-scheduler-config.v1beta3/
   */}}
   config.yaml: |
-    {{- if semverCompare ">=1.24.0-0" .Capabilities.KubeVersion.Version }}
     apiVersion: kubescheduler.config.k8s.io/v1
-    {{- else }}
-    apiVersion: kubescheduler.config.k8s.io/v1beta3
-    {{- end }}
     kind: KubeSchedulerConfiguration
     leaderElection:
-      resourceLock: endpointsleases
+      resourceLock: leases
       resourceName: {{ include "jupyterhub.user-scheduler-lock.fullname" . }}
       resourceNamespace: "{{ .Release.Namespace }}"
     profiles:
diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml
index 5baf4f4e8d..b021c17de8 100644
--- a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml
+++ b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml
@@ -50,17 +50,7 @@ spec:
       {{- end }}
       containers:
         - name: kube-scheduler
-          {{- if semverCompare ">=1.24.0-0" .Capabilities.KubeVersion.Version }}
           image: {{ .Values.scheduling.userScheduler.image.name }}:{{ .Values.scheduling.userScheduler.image.tag }}
-          {{- else }}
-          # WARNING: The tag of this image is hardcoded, and the
-          #          "scheduling.userScheduler.image.tag" configuration of the
-          #          Helm chart that generated this resource manifest isn't
-          #          respected. If you install the Helm chart in a k8s cluster
-          #          versioned 1.24 or higher, your configuration will be
-          #          respected.
-          image: {{ .Values.scheduling.userScheduler.image.name }}:v1.23.14
-          {{- end }}
           {{- with .Values.scheduling.userScheduler.image.pullPolicy }}
           imagePullPolicy: {{ . }}
           {{- end }}
diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml
index 7e188c742d..52cd7a1c85 100644
--- a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml
+++ b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml
@@ -20,8 +20,11 @@ rules:
   #       - changed in 1.21: get/list/watch permission for namespace,
   #                          csidrivers, csistoragecapacities was added.
   #       - unchanged between 1.22 and 1.27
+  #       - changed in 1.28: permissions to get/update lock endpoint resource
+  #                          removed
+  #       - unchanged between 1.28 and 1.29
   #
-  # ref: https://github.com/kubernetes/kubernetes/blob/v1.27.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L736-L892
+  # ref: https://github.com/kubernetes/kubernetes/blob/v1.29.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L721-L862
   - apiGroups:
     - ""
     - events.k8s.io
@@ -46,21 +49,6 @@ rules:
     verbs:
     - get
     - update
-  - apiGroups:
-    - ""
-    resources:
-    - endpoints
-    verbs:
-    - create
-  - apiGroups:
-    - ""
-    resourceNames:
-    - {{ include "jupyterhub.user-scheduler-lock.fullname" . }}
-    resources:
-    - endpoints
-    verbs:
-    - get
-    - update
   - apiGroups:
     - ""
     resources:
@@ -183,9 +171,9 @@ rules:
   # Copied from the system:volume-scheduler ClusterRole of the k8s version
   # matching the kube-scheduler binary we use.
   #
-  # NOTE: These rules have not changed between 1.12 and 1.27.
+  # NOTE: These rules have not changed between 1.12 and 1.29.
   #
-  # ref: https://github.com/kubernetes/kubernetes/blob/v1.27.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1311-L1338
+  # ref: https://github.com/kubernetes/kubernetes/blob/v1.29.0/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/testdata/cluster-roles.yaml#L1283-L1310
   - apiGroups:
     - ""
     resources:
diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml
index e29a15134c..173eb46848 100644
--- a/jupyterhub/values.yaml
+++ b/jupyterhub/values.yaml
@@ -485,8 +485,8 @@ scheduling:
       allowPrivilegeEscalation: false
     image:
       # IMPORTANT: Bumping the minor version of this binary should go hand in
-      #            hand with an inspection of the user-scheduelrs RBAC resources
-      #            that we have forked in
+      #            hand with an inspection of the user-scheduelr's RBAC
+      #            resources that we have forked in
       #            templates/scheduling/user-scheduler/rbac.yaml.
       #
       #            Debugging advice:
@@ -519,7 +519,7 @@ scheduling:
       # here. We aim to stay around 1 minor version behind the latest k8s
       # version.
       #
-      tag: "v1.26.12" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG
+      tag: "v1.28.5" # ref: https://github.com/kubernetes/kubernetes/tree/master/CHANGELOG
       pullPolicy:
       pullSecrets: []
     nodeSelector: {}