diff --git a/main.tf b/main.tf
index 5362613d..52dadaee 100644
--- a/main.tf
+++ b/main.tf
@@ -5,6 +5,7 @@ variable "prod" {
 variable "proxmox_pm_api_url" { type = string }
 variable "proxmox_pm_api_token_id" { type = string }
 variable "proxmox_pm_api_token_secret" { type = string }
+variable "k8s_join_command" { type = string }
 variable "vm_wizard_password" { type = string }
 variable "proxmox_host" { type = string }
 variable "tls_secret_name" {}
@@ -170,18 +171,21 @@ module "template-vm" {
   template_id     = 8000
   template_name   = local.vm_template_name
 
-  snippet_name = local.vm_cloud_init_snippet_name
-  user_passwd  = var.vm_wizard_password
+  snippet_name     = local.vm_cloud_init_snippet_name
+  user_passwd      = var.vm_wizard_password
+  k8s_join_command = var.k8s_join_command
 }
 
-# module "pxe-server" {
+# module "k8s_node5" {
 #   template_name  = local.vm_template_name
 #   source         = "./modules/create-vm"
-#   vm_name        = "pxe-server"
-#   vm_disk_size   = 50
+#   vm_name        = "k8s-node5"
+#   vmid           = 205
 #   cisnippet_name = local.vm_cloud_init_snippet_name
-#   bridge         = "vmbr0"
+
 #   vm_mac_address = "00:50:56:87:4a:2d"
+#   bridge         = "vmbr1"
+#   vlan_tag       = "20"
 # }
 
 # module "k8s_master" {
diff --git a/modules/create-template-vm/cloud_init.yaml b/modules/create-template-vm/cloud_init.yaml
index f8763303..4cf82c70 100644
--- a/modules/create-template-vm/cloud_init.yaml
+++ b/modules/create-template-vm/cloud_init.yaml
@@ -7,6 +7,7 @@ users:
       - ${authorized_ssh_key}
     passwd: ${passwd}
     lock_passwd: false # enable passwd login
+    shell: /bin/bash
 package_update: true
 package_upgrade: true
 packages:
@@ -20,3 +21,35 @@ packages:
   - wget
   - net-tools
   - zsh
+  - apt-transport-https
+  - ca-certificates
+  - gpg
+  # docker
+  - docker-ce
+  - docker-ce-cli
+  - containerd.io
+  - docker-buildx-plugin
+  - docker-compose-plugin
+  # kubernetes
+  - kubeadm
+  - kubelet
+
+apt:
+  sources:
+    kubernetes:
+      source: "deb https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /"
+      keyid: "DE15B14486CD377B9E876E1A234654DA9A296436"
+      filename: kubernetes.list
+    docket:
+      source: "deb https://download.docker.com/linux/ubuntu noble stable"
+      keyid: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
+      filename: docker.list
+
+runcmd:
+  - apt-mark hold kubelet kubeadm kubectl
+  - systemctl stop kubelet
+  - containerd config default | sudo tee /etc/containerd/config.toml
+  - systemctl restart containerd
+  - ${k8s_join_command}
+  - systemctl enable kubelet
+  - systemctl start kubelet
diff --git a/modules/create-template-vm/main.tf b/modules/create-template-vm/main.tf
index e90400bc..94854e09 100644
--- a/modules/create-template-vm/main.tf
+++ b/modules/create-template-vm/main.tf
@@ -9,6 +9,10 @@ variable "template_id" {
 variable "template_name" { type = string }
 variable "snippet_name" { type = string }
 variable "user_passwd" { type = string } # hashed pw
+variable "k8s_join_command" {
+  type    = string
+  default = ""
+}
 
 # SSH connection to Proxmox
 resource "null_resource" "create_template_remote" {
@@ -56,7 +60,7 @@ resource "null_resource" "upload_cloud_init" {
 
   provisioner "file" {
     destination = "/var/lib/vz/snippets/${var.snippet_name}"
-    content     = templatefile("${path.module}/cloud_init.yaml", { authorized_ssh_key = file("~/.ssh/id_ed25519.pub"), passwd = var.user_passwd })
+    content     = templatefile("${path.module}/cloud_init.yaml", { authorized_ssh_key = file("~/.ssh/id_ed25519.pub"), passwd = var.user_passwd, k8s_join_command = var.k8s_join_command })
   }
 
   triggers = {
diff --git a/modules/create-vm/main.tf b/modules/create-vm/main.tf
index 8191bf20..f39a62e6 100644
--- a/modules/create-vm/main.tf
+++ b/modules/create-vm/main.tf
@@ -25,10 +25,18 @@ variable "ssh_keys" {
   default = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDHLhYDfyx237eJgOGVoJRECpUS95+7rEBS9vacsIxtx devvm"
 }
 variable "bridge" { type = string }
+variable "vlan_tag" {
+  type    = string
+  default = null
+}
+variable "vmid" {
+  type    = number
+  default = 0
+}
 
 
 resource "proxmox_vm_qemu" "cloudinit-vm" {
-  vmid             = 305
+  vmid             = var.vmid
   name             = var.vm_name
   target_node      = "pve"
   agent            = 0
@@ -47,6 +55,7 @@ resource "proxmox_vm_qemu" "cloudinit-vm" {
   ipconfig0    = "ip=dhcp,ip6=dhcp"
   skip_ipv6    = true
   ciuser       = "root"
+  cipassword   = "root"
   sshkeys      = var.ssh_keys
   searchdomain = "viktorbarzin.lan"
   onboot       = true # start on node boot
@@ -86,5 +95,6 @@ resource "proxmox_vm_qemu" "cloudinit-vm" {
     bridge  = var.bridge
     model   = "e1000"
     macaddr = var.vm_mac_address
+    tag     = var.vlan_tag
   }
 }
diff --git a/terraform.tfstate b/terraform.tfstate
index 0bad0f7a..d88e6673 100644
Binary files a/terraform.tfstate and b/terraform.tfstate differ
diff --git a/terraform.tfvars b/terraform.tfvars
index e8d7b23e..fce9ef9d 100644
Binary files a/terraform.tfvars and b/terraform.tfvars differ