diff --git a/hetzner/prepare/auth.tf b/_old/prepare/auth.tf
similarity index 100%
rename from hetzner/prepare/auth.tf
rename to _old/prepare/auth.tf
diff --git a/hetzner/prepare/main.tf b/_old/prepare/main.tf
similarity index 100%
rename from hetzner/prepare/main.tf
rename to _old/prepare/main.tf
diff --git a/hetzner/prepare/variables.tf b/_old/prepare/variables.tf
similarity index 100%
rename from hetzner/prepare/variables.tf
rename to _old/prepare/variables.tf
diff --git a/hetzner/prepare/versions.tf b/_old/prepare/versions.tf
similarity index 100%
rename from hetzner/prepare/versions.tf
rename to _old/prepare/versions.tf
diff --git a/hetzner/Makefile b/hetzner/Makefile
index 9229ab8..9a249de 100644
--- a/hetzner/Makefile
+++ b/hetzner/Makefile
@@ -1,17 +1,19 @@
 
-prepare-image:
-	ssh-keygen -f /.ssh/terraform -N '' -t rsa
+ENDPOINT:=${shell terraform output -raw controlplane_endpoint 2>/dev/null}
 
-	cd prepare
+help:
+	@awk 'BEGIN {FS = ":.*?## "} /^[0-9a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
+
+prepare:
+	@[ -f ~/.ssh/terraform ] || ssh-keygen -f ~/.ssh/terraform -N '' -t rsa
+
+create-lb: ## Create load balancer
 	terraform init
-	terraform apply -auto-approve
+	terraform apply -auto-approve -target=output.controlplane_endpoint
+	terraform output controlplane_endpoint
 
-create-lb:
-	terraform init
-	terraform apply -auto-approve -target=hcloud_load_balancer.api
-
-create-config:
-	talosctl gen config --output-dir _cfgs --with-docs=false --with-examples=false talos-k8s-hezner https://127.0.0.1:6443
+create-config: ## Genereate talos configs
+	./talosctl gen config --output-dir _cfgs --with-docs=false --with-examples=false talos-k8s-hezner https://${ENDPOINT}:6443
 
 create-templates:
 	@yq ea -P '. as $$item ireduce ({}; . * $$item )' _cfgs/controlplane.yaml templates/controlplane.yaml.tpl > templates/controlplane.yaml
@@ -25,9 +27,12 @@ create-templates:
 
 	@yq eval -j '{"kubernetes": .}' _cfgs/tfstate.vars > terraform.tfvars.json
 
-create-controlplane:
-	terraform apply -target=null_resource.controlplane
+create-controlplane: ## Bootstrap first controlplane node
+	terraform apply -target=hcloud_server.controlplane
 
-create-infrastructure:
+create-infrastructure: ## Bootstrap all nodes
 	cd modules/worker && terraform init
 	terraform apply
+
+create-kubeconfig:
+	talosctl --talosconfig _cfgs/talosconfig --nodes 172.16.0.11 kubeconfig
diff --git a/hetzner/deployments/local-path-storage.yaml b/hetzner/deployments/local-path-storage.yaml
index d7a6d4a..5321607 100644
--- a/hetzner/deployments/local-path-storage.yaml
+++ b/hetzner/deployments/local-path-storage.yaml
@@ -60,8 +60,6 @@ spec:
         app: local-path-provisioner
     spec:
       tolerations:
-        - key: "CriticalAddonsOnly"
-          operator: "Exists"
         - key: "node-role.kubernetes.io/master"
           effect: NoSchedule
       serviceAccountName: local-path-provisioner-service-account
@@ -108,12 +106,12 @@ metadata:
 data:
   config.json: |-
     {
-            "nodePathMap":[
-            {
-                    "node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
-                    "paths":["/var/local-path-provisioner"]
-            }
-            ]
+      "nodePathMap":[
+        {
+          "node":"DEFAULT_PATH_FOR_NON_LISTED_NODES",
+          "paths":["/var/local-path-provisioner"]
+        }
+      ]
     }
   setup: |-
     #!/bin/sh
diff --git a/hetzner/instances-master.tf b/hetzner/instances-master.tf
index d833566..b8fd184 100644
--- a/hetzner/instances-master.tf
+++ b/hetzner/instances-master.tf
@@ -19,7 +19,7 @@ resource "hcloud_server" "controlplane" {
     merge(var.kubernetes, {
       name           = "master-${count.index + 1}"
       type           = count.index == 0 ? "init" : "controlplane"
-      ipv4_vip       = local.ipv4_vip
+      ipv4_vip       = count.index == 0 ? local.ipv4_vip : cidrhost(hcloud_network_subnet.core.ip_range, 11)
       ipv4_local     = cidrhost(hcloud_network_subnet.core.ip_range, 11 + count.index)
       lbv4_local     = local.lbv4_local
       lbv4           = local.lbv4
@@ -40,8 +40,9 @@ resource "hcloud_server" "controlplane" {
 }
 
 #
-# Local floating ip
+# Local floating ip assign to controlplane[0]
 #
+
 resource "hcloud_server_network" "controlplane" {
   count     = lookup(var.controlplane, "count", 0) > 0 ? 1 : 0
   server_id = hcloud_server.controlplane[0].id
@@ -51,14 +52,14 @@ resource "hcloud_server_network" "controlplane" {
 }
 
 resource "hcloud_load_balancer_target" "api" {
-  count            = local.lb_enable ? 1 : 0
+  count            = local.lb_enable ? lookup(var.controlplane, "count", 0) : 0
   type             = "server"
   load_balancer_id = hcloud_load_balancer.api[0].id
   server_id        = hcloud_server.controlplane[count.index].id
 }
 
 #
-# Secure push talos config to the node
+# Secure push talos config to the controlplane
 #
 
 # resource "local_file" "controlplane" {
diff --git a/hetzner/network-lb.tf b/hetzner/network-lb.tf
index 9d22e85..6805419 100644
--- a/hetzner/network-lb.tf
+++ b/hetzner/network-lb.tf
@@ -16,10 +16,6 @@ resource "hcloud_load_balancer" "api" {
   location           = var.regions[0]
   load_balancer_type = lookup(var.controlplane, "type_lb", "lb11")
   labels             = merge(var.tags, { type = "infra" })
-
-  provisioner "local-exec" {
-    command = "echo LB: ${self.ipv4}"
-  }
 }
 
 resource "hcloud_load_balancer_network" "api" {
diff --git a/hetzner/outputs.tf b/hetzner/outputs.tf
new file mode 100644
index 0000000..71875cd
--- /dev/null
+++ b/hetzner/outputs.tf
@@ -0,0 +1,21 @@
+
+output "controlplane_endpoint" {
+  description = "Kubernetes controlplane endpoint"
+  value       = local.lbv4
+  depends_on  = [hcloud_load_balancer.api]
+}
+
+output "controlplane_nodes" {
+  description = "Kubernetes controlplane nodes"
+  value = [
+    for s in hcloud_server.controlplane[*] :
+    {
+      name         = s.name
+      ipv4_address = s.ipv4_address
+      ipv6_address = s.ipv6_address
+      zone         = "hetzner"
+      location     = s.location
+      params       = ""
+    }
+  ]
+}
diff --git a/hetzner/templates/controlplane.yaml.tpl b/hetzner/templates/controlplane.yaml.tpl
index 336ecf4..4594dea 100644
--- a/hetzner/templates/controlplane.yaml.tpl
+++ b/hetzner/templates/controlplane.yaml.tpl
@@ -18,8 +18,6 @@ machine:
     interfaces:
       - interface: eth1
         dhcp: true
-        addresses:
-          - ${ipv4_vip}
       - interface: dummy0
         addresses:
           - 169.254.2.53/32
@@ -30,6 +28,11 @@ machine:
     net.core.somaxconn: 65535
     net.core.netdev_max_backlog: 4096
   systemDiskEncryption:
+    state:
+      provider: luks2
+      keys:
+        - nodeID: {}
+          slot: 0
     ephemeral:
       provider: luks2
       keys:
@@ -56,11 +59,8 @@ cluster:
       - "${lbv4_local}"
       - "${ipv4_local}"
       - "${ipv4_vip}"
-    extraArgs:
-        feature-gates: IPv6DualStack=true
   controllerManager:
     extraArgs:
-        feature-gates: IPv6DualStack=true
         node-cidr-mask-size-ipv4: 24
         node-cidr-mask-size-ipv6: 112
   scheduler: {}