diff --git a/IaC-test/k8snodes-dco.tf b/IaC-test/k8snodes-dco.tf
index f3c902c..08ff25b 100644
--- a/IaC-test/k8snodes-dco.tf
+++ b/IaC-test/k8snodes-dco.tf
@@ -20,7 +20,8 @@ resource "openstack_networking_port_v2" "kubecport-dco" {
   # A list of security group ID
   security_group_ids  = [
                           resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.id,
-                          resource.openstack_networking_secgroup_v2.microk8s-dco.id
+                          resource.openstack_networking_secgroup_v2.microk8s-dco.id,
+                          resource.openstack_networking_secgroup_v2.k8s-external-control-dco.id
                         ]
   admin_state_up      = "true"
   provider            = openstack.dco
@@ -45,7 +46,8 @@ resource "openstack_compute_instance_v2" "controller-nodes-dco" {
   provider        = openstack.dco
   security_groups = [
                       resource.openstack_networking_secgroup_v2.microk8s-dco.name,
-                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name
+                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name,
+                      resource.openstack_networking_secgroup_v2.k8s-external-control-dco.name
                     ]
 
   block_device {
diff --git a/IaC-test/k8snodes-sto3.tf b/IaC-test/k8snodes-sto3.tf
index f4a8fb3..271f8f3 100644
--- a/IaC-test/k8snodes-sto3.tf
+++ b/IaC-test/k8snodes-sto3.tf
@@ -20,7 +20,8 @@ resource "openstack_networking_port_v2" "kubecport-sto3" {
   # A list of security group ID
   security_group_ids  = [
                           resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto3.id,
-                          resource.openstack_networking_secgroup_v2.microk8s-sto3.id
+                          resource.openstack_networking_secgroup_v2.microk8s-sto3.id,
+                          resource.openstack_networking_secgroup_v2.k8s-external-control-sto3.id
                         ]
   admin_state_up      = "true"
   provider            = openstack.sto3
@@ -45,7 +46,8 @@ resource "openstack_compute_instance_v2" "controller-nodes-sto3" {
   provider        = openstack.sto3
   security_groups = [
                       resource.openstack_networking_secgroup_v2.microk8s-sto3.name,
-                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto3.name
+                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto3.name,
+                      resource.openstack_networking_secgroup_v2.k8s-external-control-sto3.name
                     ]
 
   block_device {
diff --git a/IaC-test/k8snodes-sto4.tf b/IaC-test/k8snodes-sto4.tf
index dcfa59f..66fc50c 100644
--- a/IaC-test/k8snodes-sto4.tf
+++ b/IaC-test/k8snodes-sto4.tf
@@ -19,7 +19,8 @@ resource "openstack_networking_port_v2" "kubecport-sto4" {
   # A list of security group ID
   security_group_ids  = [
                           resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto4.id,
-                          resource.openstack_networking_secgroup_v2.microk8s-sto4.id
+                          resource.openstack_networking_secgroup_v2.microk8s-sto4.id,
+                          resource.openstack_networking_secgroup_v2.k8s-external-control-sto4.id
                         ]
   admin_state_up      = "true"
   provider            = openstack.sto4
@@ -44,7 +45,8 @@ resource "openstack_compute_instance_v2" "controller-nodes-sto4" {
   provider        = openstack.sto4
   security_groups = [
                       resource.openstack_networking_secgroup_v2.microk8s-sto4.name,
-                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto4.name
+                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-sto4.name,
+                      resource.openstack_networking_secgroup_v2.k8s-external-control-sto4.name
                     ]
 
   block_device {