diff --git a/modules/default.nix b/modules/default.nix
index 0ac22ac..33b7243 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -3,6 +3,12 @@ with lib;
 let
   cfg = cluster;
 
+  mkSANs = host: [
+    host.name
+    host.address
+    "127.0.0.1"
+  ];
+
   pki = import ./pki.nix { inherit pkgs; ca = cfg.initca; };
 
   mkCert = host: {
@@ -10,19 +16,14 @@ let
         cn = host.name;
         ca = cfg.ca;
         o = cfg.clusterName;
+        hosts = [
+          host.name
+          "${host.name}.${cfg.domain}"
+          host.address
+          "127.0.0.1"
+        ];
       };
     };
-
-  baseDeployment = nodes: attrs:
-    let
-      hosts =
-        builtins.foldl'
-          (a: x: a // { ${x.name} = mkHost x _; }) {} nodes;
-      hosts' = lib.recursiveUpdate hosts attrs;
-      names = builtins.attrNames hosts;
-    in
-      builtins.foldl' (a: x: a // { ${x} = self: hosts'.${x}; }) {} names;
-
 in {
   k8s = rec {
     apiserver = host: self: {
@@ -34,13 +35,13 @@ in {
         cfg
         {
           hostName = host.name;
-          cert = mkCert host.name;
           k8s.master.enable = true;
-          k8s.node.enable = true;
         }
       ];
 
-      imports = [ host.hw ./modules.nix ];
+      services.kubernetes.kubelet.extraSANs = mkSANs host;
+
+      imports = [ host.hw ./modules.nix ../overrides/kubelet.nix ];
     };
 
     node = host: self: {
@@ -52,16 +53,19 @@ in {
         cfg
         {
           hostName = host.name;
-          cert = mkCert host.name;
           k8s.node.enable = true;
         }
       ];
 
-      imports = [ host.hw ./modules.nix ];
+      services.kubernetes.kubelet.extraSANs = mkSANs host;
+
+      imports = [ host.hw ./modules.nix ../overrides/kubelet.nix ];
     };
 
-    mkDeployment = master: nodes:
+    mkDeployment =
       let
+        master = cfg.k8s.master;
+        nodes = cfg.k8s.nodes;
         server = { "${master.name}" = apiserver master; };
       in
         builtins.foldl' (a: x:
@@ -82,7 +86,7 @@ in {
         }
       ];
 
-      imports = [ host.hw ./modules.nix ];
+      imports = [ ../overrides host.hw ./modules.nix ];
     };
 
     mkDeployment = nodes:
@@ -107,11 +111,8 @@ in {
       imports = [ host.hw ./modules.nix ];
     };
 
-    mkDeployment = masterNode: workerNodes:
-      let
-        master = { "${master.name}" =  apiserver masterNode; };
-      in
-        builtins.foldl' (a: x:
-          a // { "${x.name}" = mkWorker x; }) master workerNodes;
-  };
+    mkDeployment = nodes:
+      builtins.foldl' (a: x:
+        a // { "${x.name}" = node x; }) {} nodes;
+    };
 }