diff --git a/scaleway/deployments/kubelet-serving-cert-approver.yaml b/scaleway/deployments/kubelet-serving-cert-approver.yaml
index eaa62c7..7ef7eca 100644
--- a/scaleway/deployments/kubelet-serving-cert-approver.yaml
+++ b/scaleway/deployments/kubelet-serving-cert-approver.yaml
@@ -200,7 +200,7 @@ spec:
             fieldRef:
               fieldPath: metadata.namespace
         image: ghcr.io/alex1989hu/kubelet-serving-cert-approver:main
-        imagePullPolicy: Always
+        imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
             path: /healthz
diff --git a/scaleway/deployments/scaleway-cloud-controller-manager.yaml b/scaleway/deployments/scaleway-cloud-controller-manager.yaml
index 2eb229c..192cb98 100644
--- a/scaleway/deployments/scaleway-cloud-controller-manager.yaml
+++ b/scaleway/deployments/scaleway-cloud-controller-manager.yaml
@@ -129,6 +129,8 @@ spec:
       dnsPolicy: Default
       hostNetwork: true
       serviceAccountName: cloud-controller-manager
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
       tolerations:
         - key: "node.cloudprovider.kubernetes.io/uninitialized"
           value: "true"
@@ -139,17 +141,20 @@ spec:
           effect: NoSchedule
       containers:
         - name: scaleway-cloud-controller-manager
-          image: scaleway/scaleway-cloud-controller-manager:v0.21.4
-          imagePullPolicy: Always
+          image: ghcr.io/sergelogvinov/scaleway-cloud-controller-manager:1fa94b15f6d87e1f951331a7dca148302fe7318b
+          imagePullPolicy: IfNotPresent
           args:
             - --cloud-provider=scaleway
             - --leader-elect=true
             - --allow-untagged-cloud
             - --controllers=cloud-node,cloud-node-lifecycle
           resources:
+            limits:
+              cpu: 500m
+              memory: 512Mi
             requests:
               cpu: 100m
-              memory: 50Mi
+              memory: 64Mi
           envFrom:
             - secretRef:
                 name: scaleway-secret
diff --git a/scaleway/instances-master.tf b/scaleway/instances-master.tf
index 515c846..7b0b2a4 100644
--- a/scaleway/instances-master.tf
+++ b/scaleway/instances-master.tf
@@ -33,8 +33,9 @@ resource "scaleway_instance_server" "controlplane" {
         labels     = "${local.controlplane_labels},node.kubernetes.io/instance-type=${lookup(var.controlplane, "type", "DEV1-M")}"
         access     = var.scaleway_access
         secret     = var.scaleway_secret
-        region     = "fr-par"
         project_id = var.scaleway_project_id
+        region     = "fr-par"
+        vpc_id     = split("/", scaleway_vpc_private_network.main.id)[1]
       })
     )
   }
diff --git a/scaleway/templates/controlplane.yaml.tpl b/scaleway/templates/controlplane.yaml.tpl
index af893b6..88a8ddb 100644
--- a/scaleway/templates/controlplane.yaml.tpl
+++ b/scaleway/templates/controlplane.yaml.tpl
@@ -104,9 +104,11 @@ cluster:
           SCW_SECRET_KEY: ${base64encode(secret)}
           SCW_DEFAULT_PROJECT_ID:  ${base64encode(project_id)}
           SCW_DEFAULT_REGION: ${base64encode(region)}
+          SCW_VPC_ID: ${base64encode(vpc_id)}
   externalCloudProvider:
     enabled: true
     manifests:
+      - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/scaleway/deployments/scaleway-cloud-controller-manager.yaml
       - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/scaleway/deployments/kubelet-serving-cert-approver.yaml
       - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/scaleway/deployments/metrics-server.yaml
       - https://raw.githubusercontent.com/sergelogvinov/terraform-talos/main/scaleway/deployments/local-path-storage.yaml
diff --git a/scaleway/variables.tf b/scaleway/variables.tf
index 4c20e63..e651ab8 100644
--- a/scaleway/variables.tf
+++ b/scaleway/variables.tf
@@ -39,6 +39,7 @@ variable "kubernetes" {
     token          = ""
     ca             = ""
   }
+  sensitive = true
 }
 
 variable "vpc_main_cidr" {