diff --git a/group_vars/all.yml b/group_vars/all.yml
new file mode 100644
index 0000000..e69de29
diff --git a/group_vars/main.yml b/group_vars/main.yml
new file mode 100644
index 0000000..53f214e
--- /dev/null
+++ b/group_vars/main.yml
@@ -0,0 +1,2 @@
+dnf_proxy_host: "192.168.77.101"
+dnf_proxy_port: "3128"
\ No newline at end of file
diff --git a/roles/kubernetes/tasks/Rocky.yml b/roles/kubernetes/tasks/Rocky.yml
new file mode 100644
index 0000000..c691d97
--- /dev/null
+++ b/roles/kubernetes/tasks/Rocky.yml
@@ -0,0 +1,136 @@
+- name: Install kubernetes on Rocky 9
+  become: "{{ 'no' if inventory_hostname == 'nas.home.lan' else 'yes' }}"
+  block:
+
+    - name: Include role
+      ansible.builtin.include_role:
+        name: proxy_repo
+
+    - name: Disable SELinux
+      ansible.posix.selinux:
+        state: permissive
+
+    - name: Disable swap
+      command: swapoff -a
+      when: ansible_swaptotal_mb > 0
+
+    - name: Remove swap from fstab
+      replace:
+        path: /etc/fstab
+        regexp: '.*swap.*'
+        replace: ''
+
+    - name: Enable kernel modules
+      copy:
+        dest: /etc/modules-load.d/k8s.conf
+        content: |
+          overlay
+          br_netfilter
+
+    - name: Load kernel modules
+      shell: |
+        modprobe overlay
+        modprobe br_netfilter
+
+    - name: Set sysctl params
+      copy:
+        dest: /etc/sysctl.d/k8s.conf
+        content: |
+          net.bridge.bridge-nf-call-iptables = 1
+          net.bridge.bridge-nf-call-ip6tables = 1
+          net.ipv4.ip_forward = 1
+
+    - name: Apply sysctl
+      command: sysctl --system
+
+    - name: Install required packages
+      dnf:
+        name:
+          - yum-utils
+          - device-mapper-persistent-data
+          - lvm2
+        state: present
+
+    - name: Add Kubernetes repo
+      copy:
+        dest: /etc/yum.repos.d/kubernetes.repo
+        content: |
+          [kubernetes]
+          name=Kubernetes
+          baseurl=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/
+          enabled=1
+          gpgcheck=1
+          gpgkey=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/repodata/repomd.xml.key
+
+    - name: Install containerd
+      dnf:
+        name: containerd
+        state: present
+
+    - name: Configure containerd
+      shell: |
+        mkdir -p /etc/containerd
+        containerd config default > /etc/containerd/config.toml
+        sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' /etc/containerd/config.toml
+
+    - name: Enable and start containerd
+      systemd:
+        name: containerd
+        enabled: yes
+        state: started
+
+    - name: Install Kubernetes packages
+      dnf:
+        name:
+          - kubelet
+          - kubeadm
+          - kubectl
+        disable_excludes: kubernetes
+        state: present
+
+    - name: Enable kubelet
+      systemd:
+        name: kubelet
+        enabled: yes
+        state: started
+
+
+- name: Initialize Control Plane
+  hosts: control
+  become: yes
+  tasks:
+
+    - name: Initialize Kubernetes
+      command: kubeadm init --pod-network-cidr=10.244.0.0/16
+      args:
+        creates: /etc/kubernetes/admin.conf
+
+    - name: Setup kubeconfig for user
+      become_user: rocky
+      shell: |
+        mkdir -p $HOME/.kube
+        sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+        sudo chown rocky:rocky $HOME/.kube/config
+
+    - name: Install Flannel CNI
+      become_user: rocky
+      command: kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml
+
+    - name: Get join command
+      command: kubeadm token create --print-join-command
+      register: join_command
+
+    - name: Save join command
+      set_fact:
+        worker_join_cmd: "{{ join_command.stdout }}"
+
+
+- name: Join Workers
+  hosts: workers
+  become: yes
+  tasks:
+
+    - name: Join cluster
+      command: "{{ hostvars[groups['control'][0]].worker_join_cmd }}"
+      args:
+        creates: /etc/kubernetes/kubelet.conf
\ No newline at end of file
diff --git a/roles/kubernetes/tasks/main.yml b/roles/kubernetes/tasks/main.yml
new file mode 100644
index 0000000..4cc5970
--- /dev/null
+++ b/roles/kubernetes/tasks/main.yml
@@ -0,0 +1,10 @@
+- name: Include vault
+  ansible.builtin.include_vars:
+    file: jaydee.yml
+    
+- name: Facts
+  ansible.builtin.setup:
+  when: ansible_facts.architecture is not defined
+
+- name: Include OS-specific tasks
+  ansible.builtin.include_tasks: "{{ ansible_distribution }}.yml"
diff --git a/roles/proxy_repo/tasks/Rocky.yml b/roles/proxy_repo/tasks/Rocky.yml
new file mode 100644
index 0000000..da8177f
--- /dev/null
+++ b/roles/proxy_repo/tasks/Rocky.yml
@@ -0,0 +1,12 @@
+
+- name: Setup DNF proxy
+  become: "{{ 'no' if inventory_hostname == 'nas.home.lan' else 'yes' }}"
+  block:
+    - name: Configure global DNF proxy
+      ansible.builtin.lineinfile:
+        path: /etc/dnf/dnf.conf
+        regexp: '^proxy='
+        line: 'proxy=http://{{ dnf_proxy_host }}:{{ dnf_proxy_port }}'
+        insertafter: '^\[main\]'
+        state: present
+        backup: yes
\ No newline at end of file
diff --git a/roles/proxy_repo/tasks/main.yml b/roles/proxy_repo/tasks/main.yml
new file mode 100644
index 0000000..a33b649
--- /dev/null
+++ b/roles/proxy_repo/tasks/main.yml
@@ -0,0 +1,2 @@
+- name: Include OS-specific tasks
+  ansible.builtin.include_tasks: "{{ ansible_distribution }}.yml"
\ No newline at end of file