diff --git a/linode/.gitignore b/linode/.gitignore
index 698ee3a..e40b3d6 100644
--- a/linode/.gitignore
+++ b/linode/.gitignore
@@ -1,3 +1,4 @@
 _cfgs/
+deployments/cilium_result.yaml
 templates/controlplane.yaml
 *.json
diff --git a/linode/Makefile b/linode/Makefile
index 6ce33a8..22eb081 100644
--- a/linode/Makefile
+++ b/linode/Makefile
@@ -6,6 +6,8 @@ help:
 
 create-lb: ## Create load balancer
 	terraform init
+	terraform apply -target=linode_nodebalancer.controlplane
+	terraform refresh
 
 create-config: ## Genereate talos configs
 	talosctl gen config --output-dir _cfgs --with-docs=false --with-examples=false talos-k8s-linode https://${ENDPOINT}:6443
@@ -36,7 +38,7 @@ create-infrastructure: ## Bootstrap all nodes
 	terraform apply
 
 create-kubeconfig: ## Prepare kubeconfig
-	talosctl --talosconfig _cfgs/talosconfig --nodes 172.16.0.11 kubeconfig .
+	talosctl --talosconfig _cfgs/talosconfig --nodes ${ENDPOINT} kubeconfig .
 
 create-deployments:
-	helm template --namespace=kube-system   --version=1.11.1 -f deployments/cilium.yaml cilium cilium/cilium > deployments/cilium_result.yaml
+	helm template --namespace=kube-system   --version=1.11.1 -f deployments/cilium.yaml --set-string k8sServiceHost=${ENDPOINT} cilium cilium/cilium > deployments/cilium_result.yaml
diff --git a/linode/deployments/cilium.yaml b/linode/deployments/cilium.yaml
new file mode 100644
index 0000000..44c0aa3
--- /dev/null
+++ b/linode/deployments/cilium.yaml
@@ -0,0 +1,69 @@
+---
+
+k8sServiceHost: "172.16.0.5"
+k8sServicePort: "6443"
+
+agent:
+  enabled: true
+
+operator:
+  enabled: true
+  replicas: 1
+  prometheus:
+    enabled: false
+
+identityAllocationMode: crd
+kubeProxyReplacement: strict
+enableK8sEndpointSlice: true
+localRedirectPolicy: true
+
+healthChecking: true
+
+tunnel: "vxlan"
+autoDirectNodeRoutes: false
+devices: [eth+]
+
+cni:
+  install: true
+
+ipam:
+  mode: "kubernetes"
+k8s:
+  requireIPv4PodCIDR: true
+  requireIPv6PodCIDR: true
+
+bpf:
+  masquerade: false
+ipv4:
+  enabled: true
+ipv6:
+  enabled: true
+hostServices:
+  enabled: false
+hostPort:
+  enabled: true
+nodePort:
+  enabled: false
+externalIPs:
+  enabled: true
+hostFirewall:
+  enabled: true
+
+hubble:
+  enabled: false
+
+prometheus:
+  enabled: true
+
+cgroup:
+  autoMount:
+    enabled: false
+  hostRoot: /sys/fs/cgroup
+
+resources:
+  # limits:
+  #   cpu: 4000m
+  #   memory: 4Gi
+  requests:
+    cpu: 100m
+    memory: 128Mi
diff --git a/linode/network-lb.tf b/linode/network-lb.tf
index 19b8e43..a6558a1 100644
--- a/linode/network-lb.tf
+++ b/linode/network-lb.tf
@@ -1,6 +1,56 @@
 
 locals {
-  lb_enable = lookup(var.controlplane, "type_lb", "") == "" ? false : true
+  lb_enable = lookup(var.controlplane, "lb", false) ? true : false
 
-  lbv4 = local.lb_enable ? "127.0.0.1" : linode_instance.controlplane[0].ip_address
+  lbv4 = local.lb_enable ? linode_nodebalancer.controlplane[0].ipv4 : try(linode_instance.controlplane[0].ip_address, "127.0.0.1")
+}
+
+resource "linode_nodebalancer" "controlplane" {
+  count                = local.lb_enable ? 1 : 0
+  label                = "controlplane"
+  region               = var.region
+  client_conn_throttle = 0
+  tags                 = concat(var.tags, ["infra", "controlplane"])
+}
+
+resource "linode_nodebalancer_config" "controlplane" {
+  count = local.lb_enable ? 1 : 0
+
+  nodebalancer_id = linode_nodebalancer.controlplane[0].id
+  port            = 6443
+  protocol        = "tcp"
+
+  check          = "connection"
+  check_interval = 30
+  check_attempts = 3
+  check_timeout  = 5
+}
+
+resource "linode_nodebalancer_node" "controlplane" {
+  count           = local.lb_enable ? lookup(var.controlplane, "count", 0) : 0
+  nodebalancer_id = linode_nodebalancer.controlplane[0].id
+  config_id       = linode_nodebalancer_config.controlplane[0].id
+  address         = "${linode_instance.controlplane[count.index].private_ip_address}:6443"
+  label           = "controlplane"
+}
+
+resource "linode_nodebalancer_config" "talos" {
+  count = local.lb_enable ? 1 : 0
+
+  nodebalancer_id = linode_nodebalancer.controlplane[0].id
+  port            = 50000
+  protocol        = "tcp"
+
+  check          = "connection"
+  check_interval = 30
+  check_attempts = 3
+  check_timeout  = 5
+}
+
+resource "linode_nodebalancer_node" "talos" {
+  count           = local.lb_enable ? lookup(var.controlplane, "count", 0) : 0
+  nodebalancer_id = linode_nodebalancer.controlplane[0].id
+  config_id       = linode_nodebalancer_config.talos[0].id
+  address         = "${linode_instance.controlplane[count.index].private_ip_address}:50000"
+  label           = "talos"
 }
diff --git a/linode/variables.tf b/linode/variables.tf
index e66044b..d776e5c 100644
--- a/linode/variables.tf
+++ b/linode/variables.tf
@@ -39,9 +39,9 @@ variable "controlplane" {
   description = "Property of controlplane"
   type        = map(any)
   default = {
-    count   = 0,
-    type    = "g6-standard-2"
-    type_lb = ""
+    count = 0,
+    type  = "g6-standard-2"
+    lb    = false
   }
 }