diff --git a/proxmox/.terraform.lock.hcl b/proxmox/.terraform.lock.hcl
index 16efb27..db98dd7 100644
--- a/proxmox/.terraform.lock.hcl
+++ b/proxmox/.terraform.lock.hcl
@@ -1,21 +1,21 @@
 # This file is maintained automatically by "tofu init".
 # Manual edits may be lost in future updates.
 
-provider "registry.opentofu.org/hashicorp/local" {
-  version     = "2.5.3"
-  constraints = "2.5.3"
+provider "registry.opentofu.org/hashicorp/helm" {
+  version     = "3.0.2"
+  constraints = "3.0.2"
   hashes = [
-    "h1:31Clmfoe7hzkcdgwuhUuGuPGfeG2Ksk+YWcJgzBTN7M=",
-    "zh:32e1d4b0595cea6cda4ca256195c162772ddff25594ab4008731a2ec7be230bf",
-    "zh:48c390af0c87df994ec9796f04ec2582bcac581fb81ed6bb58e0671da1c17991",
-    "zh:4be7289c969218a57b40902e2f359914f8d35a7f97b439140cb711aa21e494bd",
-    "zh:4cf958e631e99ed6c8b522c9b22e1f1b568c0bdadb01dd002ca7dffb1c927764",
-    "zh:7a0132c0faca4c4c96aa70808effd6817e28712bf5a39881666ac377b4250acf",
-    "zh:7d60de08fac427fb045e4590d1b921b6778498eee9eb16f78c64d4c577bde096",
-    "zh:91003bee5981e99ec3925ce2f452a5f743827f9d0e131a86613549c1464796f0",
-    "zh:9fe2fe75977c8149e2515fb30c6cc6cfd57b225d4ce592c570d81a3831d7ffa3",
-    "zh:e210e6be54933ce93e03d0994e520ba289aa01b2c1f70e77afb8f2ee796b0fe3",
-    "zh:e8793e5f9422f2b31a804e51806595f335b827c9a38db18766960464566f21d5",
+    "h1:GMW0C0TkkYmURt4OZIlwcLdvREL08PDbsSn5sfH4/TU=",
+    "zh:100f75a700074568cfaee7884e4477c50b5468e086db5bb95d7d519581b65621",
+    "zh:578d09c7319d0dd0fee03a7fcb48bf68ac978c1fefaa0752cfcb9ecfb0a56a4e",
+    "zh:64e7cce303362b4bf132d1c61858ef0ada221af4a2ea0fdfd16ec43e562d459c",
+    "zh:7a64933e70733aeec44bf9b9b6ea3617fd075acb346b082197ded993cfa7d2be",
+    "zh:7caf4655a5bf72e6d212209ad5ea5c619269eca6e0d9930c85b59bbbdf57ce28",
+    "zh:a1e0208423445e2443516e52a4d72c556b1303705c90aaeb139fbb64a10d7c1c",
+    "zh:ac9e4417e9e0486bc60f6796da06356b59161c9923c56a7a5c9b4900a46ee52d",
+    "zh:b9588da386c17456b242bd18122836baeccdce3227aac4752e189ec9ad218da7",
+    "zh:d5b6ac3b0b6beb3d94886f45a5a96eb6d78ca2b657efd62b8e0650d8097ee60f",
+    "zh:db6761e7cf86825f13628e8f4e32818683efff61b0d909211e1096cc6ad84f83",
   ]
 }
 
diff --git a/proxmox/helm_templates.tf b/proxmox/helm_templates.tf
new file mode 100644
index 0000000..9a3d94d
--- /dev/null
+++ b/proxmox/helm_templates.tf
@@ -0,0 +1,54 @@
+data "helm_template" "cilium" {
+  name         = "cilium"
+  namespace    = "kube-system"
+  repository   = "https://helm.cilium.io"
+  chart        = "cilium"
+  version      = "1.18.1"
+  kube_version = var.kubernetes_version
+  set = [
+    {
+      name  = "ipam.mode"
+      value = "kubernetes"
+    },
+    {
+      name  = "kubeProxyReplacement"
+      value = "true"
+    },
+    {
+      name  = "securityContext.capabilities.ciliumAgent"
+      value = "{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}"
+    },
+    {
+      name  = "securityContext.capabilities.cleanCiliumState"
+      value = "{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}"
+    },
+    {
+      name  = "cgroup.autoMount.enabled"
+      value = "false"
+    },
+    {
+      name  = "cgroup.hostRoot"
+      value = "/sys/fs/cgroup"
+    },
+    {
+      name  = "k8sServiceHost"
+      value = "localhost"
+    },
+    {
+      name  = "k8sServicePort"
+      value = "7445"
+    },
+    {
+      name  = "gatewayAPI.enabled"
+      value = "true"
+    },
+    {
+      name  = "gatewayAPI.enableAlpn"
+      value = "true"
+    },
+    {
+      name  = "gatewayAPI.enableAppProtocol"
+      value = "true"
+    },
+  ]
+}
\ No newline at end of file
diff --git a/proxmox/providers.tf b/proxmox/providers.tf
index fd94f7f..a50e3e0 100644
--- a/proxmox/providers.tf
+++ b/proxmox/providers.tf
@@ -1,9 +1,5 @@
 terraform {
   required_providers {
-    local = {
-      source  = "hashicorp/local"
-      version = "2.5.3"
-    }
     proxmox = {
       source  = "telmate/proxmox"
       version = "3.0.2-rc04"
@@ -12,6 +8,10 @@ terraform {
       source  = "siderolabs/talos"
       version = "0.9.0"
     }
+    helm = {
+      source  = "hashicorp/helm"
+      version = "3.0.2"
+    }
   }
 }
 
diff --git a/proxmox/talos_linux.tf b/proxmox/talos_linux.tf
index b557741..85174f6 100644
--- a/proxmox/talos_linux.tf
+++ b/proxmox/talos_linux.tf
@@ -1,19 +1,21 @@
 resource "talos_machine_secrets" "this" {}
 
 data "talos_machine_configuration" "controlplane" {
-  cluster_name     = var.cluster_name
-  cluster_endpoint = "https://${var.cluster_vip_shared_ip}:6443"
-  machine_type     = "controlplane"
-  machine_secrets  = talos_machine_secrets.this.machine_secrets
-  talos_version    = var.talos_version
+  cluster_name       = var.cluster_name
+  cluster_endpoint   = "https://${var.cluster_vip_shared_ip}:6443"
+  machine_type       = "controlplane"
+  machine_secrets    = talos_machine_secrets.this.machine_secrets
+  talos_version      = var.talos_version
+  kubernetes_version = var.kubernetes_version
 }
 
 data "talos_machine_configuration" "worker" {
-  cluster_name     = var.cluster_name
-  cluster_endpoint = "https://${var.cluster_vip_shared_ip}:6443"
-  machine_type     = "worker"
-  machine_secrets  = talos_machine_secrets.this.machine_secrets
-  talos_version    = var.talos_version
+  cluster_name       = var.cluster_name
+  cluster_endpoint   = "https://${var.cluster_vip_shared_ip}:6443"
+  machine_type       = "worker"
+  machine_secrets    = talos_machine_secrets.this.machine_secrets
+  talos_version      = var.talos_version
+  kubernetes_version = var.kubernetes_version
 }
 
 data "talos_client_configuration" "this" {
@@ -37,6 +39,7 @@ resource "talos_machine_configuration_apply" "controlplane" {
       network         = var.network
       network_gateway = var.network_gateway
       vip_shared_ip   = var.cluster_vip_shared_ip
+      cilium_manifest = data.helm_template.cilium.manifest
     }),
   ]
 }
diff --git a/proxmox/templates/machine_config_patches_controlplane.tftpl b/proxmox/templates/machine_config_patches_controlplane.tftpl
index 5223800..80081a8 100644
--- a/proxmox/templates/machine_config_patches_controlplane.tftpl
+++ b/proxmox/templates/machine_config_patches_controlplane.tftpl
@@ -15,4 +15,13 @@ machine:
         vip:
           ip: ${vip_shared_ip}
 cluster:
-  allowSchedulingOnControlPlanes: false
\ No newline at end of file
+  allowSchedulingOnControlPlanes: false
+  network:
+    cni:
+      name: none
+  proxy:
+    disabled: true
+  inlineManifests:
+    - name: cilium
+      contents: |
+        ${indent(8, cilium_manifest)}
\ No newline at end of file
diff --git a/proxmox/variables.tf b/proxmox/variables.tf
index 495729c..86d9e65 100644
--- a/proxmox/variables.tf
+++ b/proxmox/variables.tf
@@ -25,6 +25,11 @@ variable "talos_version" {
   default = "1.11.1"
 }
 
+variable "kubernetes_version" {
+  type    = string
+  default = "1.34.0"
+}
+
 variable "talos_linux_iso_image_url" {
   description = "URL of the Talos ISO image for initially booting the VM"
   type        = string
@@ -40,7 +45,7 @@ variable "talos_linux_iso_image_filename" {
 variable "cluster_name" {
   description = "A name to provide for the Talos cluster"
   type        = string
-  default = "talos"
+  default     = "talos"
 }
 
 variable "cluster_vip_shared_ip" {