diff --git a/README.md b/README.md
index b4de5e3..1b9bc4d 100644
--- a/README.md
+++ b/README.md
@@ -3,12 +3,27 @@
 * `tofu apply` to create machines
 * change hostname to be fqdn with hostnamectl, changing with a running cluster will break the cluster
 * register dns with `knotctl add -z rut.sunet.se -n internal-sto4-test-k8sm-1.rut.sunet.se. -d 2001:6b0:6c::449 -r AAAA`
+* ./prepare-iaas-debian ${each host}
+* ./add-host -b {each host}
+* ./edit-secrets ${each controller host}
+
+```
+---
++microk8s_secrets:
++  kube-system:
++    cloud-config:
++        - key: cloud.conf
++          value: >
++            ENC[PKCS7,MIID7gYJKoZIhvcNAQcDoIID3zCCA9sCAQAxggKSMIICjgIBAD
++            B2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRV
++            lBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtdGVzdC1rOHNtLTIucnV0Ln
+```
 * Add to cosmos-rules:
 
 
 ```
 
-'^internal-sto4-test-k8sm-[0-9].rut.sunet.se$':
+'^internal-sto4-test-k8sc-[0-9].rut.sunet.se$':
   rut::infra_ca_rp:
   sunet::microk8s::node: 
     channel: 1.28/stable
@@ -33,14 +48,14 @@
 
 ```
 NAME                                     STATUS     ROLES    AGE   VERSION
-internal-sto4-test-k8sm-2.rut.sunet.se   NotReady   <none>   16d   v1.28.7
+internal-sto4-test-k8sc-2.rut.sunet.se   NotReady   <none>   16d   v1.28.7
 internal-sto4-test-k8sw-5.rut.sunet.se   Ready      <none>   15m   v1.28.7
 internal-sto4-test-k8sw-1.rut.sunet.se   Ready      <none>   15m   v1.28.7
 internal-sto4-test-k8sw-2.rut.sunet.se   Ready      <none>   14m   v1.28.7
-internal-sto4-test-k8sm-3.rut.sunet.se   Ready      <none>   16d   v1.28.7
+internal-sto4-test-k8sc-3.rut.sunet.se   Ready      <none>   16d   v1.28.7
 internal-sto4-test-k8sw-3.rut.sunet.se   Ready      <none>   18m   v1.28.7
 internal-sto4-test-k8sw-4.rut.sunet.se   Ready      <none>   16m   v1.28.7
 internal-sto4-test-k8sw-0.rut.sunet.se   Ready      <none>   21m   v1.28.7
-internal-sto4-test-k8sm-1.rut.sunet.se   Ready      <none>   16d   v1.28.7
+internal-sto4-test-k8sc-1.rut.sunet.se   Ready      <none>   16d   v1.28.7
 ```
-* **Profit**
\ No newline at end of file
+* **Profit**
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index f9c4537..77d3538 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -3,7 +3,7 @@
   sunet::server:
   rut:
 
-'^internal-sto4-test-k8sm-[0-9].rut.sunet.se$':
+'^internal-sto4-test-k8sc-[0-9].rut.sunet.se$':
   rut::infra_ca_rp:
   sunet::microk8s::node: 
     channel: 1.28/stable
diff --git a/internal-sto4-test-k8sm-3.rut.sunet.se/README b/internal-sto4-test-k8sm-3.rut.sunet.se/README
deleted file mode 120000
index 59a23c4..0000000
--- a/internal-sto4-test-k8sm-3.rut.sunet.se/README
+++ /dev/null
@@ -1 +0,0 @@
-../README
\ No newline at end of file
diff --git a/internal-sto4-test-k8sm-3.rut.sunet.se/overlay/etc/hiera/data/local.eyaml b/internal-sto4-test-k8sm-3.rut.sunet.se/overlay/etc/hiera/data/local.eyaml
deleted file mode 100644
index 3b349cb..0000000
--- a/internal-sto4-test-k8sm-3.rut.sunet.se/overlay/etc/hiera/data/local.eyaml
+++ /dev/null
@@ -1,27 +0,0 @@
----
-microk8s_secrets:
-  kube-system:
-    cloud-config:
-        - key: cloud.conf
-          value: >
-            ENC[PKCS7,MIIDnAYJKoZIhvcNAQcDoIIDjTCCA4kCAQAxggKSMIICjgIBAD
-            B2MF4xCzAJBgNVBAYTAlNFMQ4wDAYDVQQKDAVTVU5FVDEOMAwGA1UECwwFRV
-            lBTUwxLzAtBgNVBAMMJmludGVybmFsLXN0bzQtdGVzdC1rOHNtLTMucnV0Ln
-            N1bmV0LnNlAhQ4cBxUJngNK2mgQCgsgt7W7xOvFDANBgkqhkiG9w0BAQEFAA
-            SCAgCDpZQbfLm3N8RBM6v3eXIhpBMQ4YjPnEA9GwiX3+T22AzJRprHQcpXtT
-            IsfUz9fyOyZsG4WhhscPsqf9YeB24+F8tQFRxyJxryhdZDXa6UIzk8ePjGDB
-            sJBfXaM6lKnMOcJrBddsZFgovbAiwmNH0PuVCkaeWVDwv1CKcGGIyPI3eK4Q
-            yN/5OKR/yjDxcl6fvLoSfEaydQwE+xAvzTeq/SO1ZC3cUbVHXDHjW0V3gAiX
-            cDvC85SbXY8Kh416gw58T7bi6Nd3fY8N/TYABY3OHdE+mN+j9y7azJRH35fI
-            dSVDHgJK5GuH4v6HB+p7tciaT8uQVN7YTVKhpXHNq0W6fHIblqYtXAhFeHGU
-            +ZBt0jSIJEFZCdJQBNAf+dNUbrn9H4Km/4oTZ6SGbzVhCfWLaSAP1yJ6OCtr
-            Q/k6aheicQgNVDv56CxS7oX6skFkTFLKsQvqxPc4I+6bJQnoS56iJ/afbFx0
-            NxDeJ4b1LIIzzKO3tm4uyGXseQH+0+UDmLe0T8d9q6O8uCq2hkTRGhEA2cl8
-            otmi0gNjfGgwrNfllQ+mTRSQiMW+wa+y578Fh2C+LhAS4rSkmj5hNmH/DkAy
-            Uzozz+ilng4k93Ct6Q1hHaQFZ3o5lHWkFvIoCUFQucbQfBZOD1gH7VsbpVbr
-            hE7xqT69Vvfwv2OSRj2lItrkotajCB7QYJKoZIhvcNAQcBMB0GCWCGSAFlAw
-            QBKgQQ+hn9AUZM2x5Mqe3sywu2/oCBwP9jjdlsQd3jkMBaRoqcQqD/g30zyh
-            QJfp0LCY383uhGBxWhfSlqGFp06zR4fleVvV+qTISm8ta52xgpX6xAgrpwfW
-            2beHUWQF+cOC/EY44J1UkiQMDuN5eHpkUN5zkVHxqX8weIobRx2QDF48dj/7
-            kytj56n8XZkmMvd6QhwWYNRckp2vbtDriXBho/11vPiEENllR4N46R3Llcgj
-            1ZBgfjZwtf9AKv46KDwt/i68v6qoYa3LVVfHUSyBGzk0pCtw==]
diff --git a/main.tf b/main.tf
index 6b360ab..aee2d2a 100644
--- a/main.tf
+++ b/main.tf
@@ -14,10 +14,30 @@ provider "openstack" {
   cloud = "sto4-rut"
 }
 
-resource "openstack_compute_instance_v2" "worker-nodes" {
-  count           = var.instance_count
-  name            = "${var.worker_name}-${count.index}.${var.dns_suffix}"
-  flavor_id       = "${var.instance_type}"
+resource "openstack_compute_instance_v2" "controller-nodes" {
+  count           = var.controller_instance_count
+  name            = "${var.controller_name}-${count.index}.${var.dns_suffix}"
+  flavor_name     = "${var.controller_instance_type}"
+  key_pair        = "mifr-yubi"
+  security_groups = ["microk8s", "Allow SSH from SUNET jumphosts", "Allow ssh from the world"]
+
+  block_device {
+    uuid                  = "5d24aca9-11be-4de1-9770-4a097d68f361"
+    source_type           = "image"
+    volume_size           = 20
+    boot_index            = 0
+    destination_type      = "volume"
+    delete_on_termination = true
+  }
+
+  network {
+    name = "public"
+  }
+}
+resource "openstack_compute_instance_v2" "worker-nodes" {
+  count           = var.worker_instance_count
+  name            = "${var.worker_name}-${count.index}.${var.dns_suffix}"
+  flavor_name     = "${var.worker_instance_type}"
   key_pair        = "mifr-yubi"
   security_groups = ["microk8s", "Allow SSH from SUNET jumphosts", "Allow ssh from the world"]
 
diff --git a/vars.tf b/vars.tf
index afda0e3..b484701 100644
--- a/vars.tf
+++ b/vars.tf
@@ -1,13 +1,22 @@
-variable "instance_count" {
+variable "worker_instance_count" {
   default = "6"
 }
+variable "controller_instance_count" {
+  default = "3"
+}
 
-variable "instance_type" {
-  default = "e2677a72-f9ab-44ce-b808-58ab3414bac6"
+variable "controller_instance_type" {
+  default = "b2.c2r4"
+}
+variable "worker_instance_type" {
+  default = "b2.c4r16"
 }
 variable "worker_name" {
   default = "internal-sto4-test-k8sw"
 }
+variable "controller_name" {
+  default = "internal-sto4-test-k8sc"
+}
 variable "dns_suffix" {
   default = "rut.sunet.se"
 }