diff --git a/nixos/kubelet-client.crt b/nixos/kubelet-client.crt
new file mode 100644
index 00000000..eb28f774
--- /dev/null
+++ b/nixos/kubelet-client.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyTCCAjGgAwIBAgIRAMQBZiVjA5BGSkDldScI9cMwDQYJKoZIhvcNAQELBQAw
+LzEtMCsGA1UEAxMkM2I2N2M2NzgtNzI5My00YTIzLTg3ZWItY2NiMTZjYWFkMzFm
+MB4XDTI0MDkyOTIwNTAzNloXDTI5MDkyODIwNTIzNlowOTEVMBMGA1UEChMMc3lz
+dGVtOm5vZGVzMSAwHgYDVQQDExdzeXN0ZW06bm9kZTpyeXplbi1zaGluZTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIOfbq05IIdgX2jXYLaEt66rkXp
+NlqPNfh6v9nL1Aw6PSM3DEIWXVko8AyduRF4kXNO6xc6l/Rzk03w3qSvJpWpALGD
+JjslgRL4VJWUC6/QydsCO9io7SoUEmXFtDcsW6DftFejosr+56ZnVFrz5MMzfUAL
+Ix6n83NJvXZ8f9oHSX8TFW34ZClLxDq2fprFIs+D2QlFRE50Jr/Q8gPI2OSQDUBW
+DFdQrjt81bLs6doQipUqvHb4/Ms49agHek1ceWIMf+KZWoao5KNQTBe6XL2BUgA/
+MS3ZvQppDDTygA0QkgdtOJyG2lsrAmd7LEXTr9ilsqLV3YQMMKhCifwINa0CAwEA
+AaNWMFQwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMCMAwGA1Ud
+EwEB/wQCMAAwHwYDVR0jBBgwFoAUjvcbOeZ4QIk53EkATOaOFiAZUq0wDQYJKoZI
+hvcNAQELBQADggGBAELWgmdmg9TKjDDqmF6pYr1j43gZYclXW4sB509itSiIeltX
+Isrvn5R5ok0W5Jcl+7QMhpntqIKJi26OqbcdBhqlaVURkBkbrx8aegkWJfPO+Fzz
+NyyiIpk7KQzGy6N5//jfMPZtJfQEQZwMenW0cj7F0QHOdVZy90+JNr2P3uV3Ad7u
+WZuYpbOFjOeQg1hJsX8wEU4KJyptn/kXhM+CqAnQ4S+k2wpjECD8KpWKAmpJWZg0
+RaBPyHZSmWnbXqs4LU6ERaZJxZQG0ODuA18DmGfaAkUUUvE2J0ploc2Y8Xl4zUWW
+Ivwslyx30YO3J9qI30d9tTQw/A0vHCoDNDbCg7lorZqP3TiTG9ANLndPqqg6inYU
+yfj612//JrO8w/4qh7cxR03P35aK0paLC74FaKLtZ5CwPK3BAW/0Zhv5fH4io6hE
+rfJmcjhbKD0Cwr9Dn6wVFz/a33H+0vMohHrVlDk4bSDIymbuJcZpYgR8n5WNQbGu
+nwjiLXCnVxcVjkcj2w==
+-----END CERTIFICATE-----
diff --git a/nixos/kubelet.nix b/nixos/kubelet.nix
index 802c031c..bf20bfca 100644
--- a/nixos/kubelet.nix
+++ b/nixos/kubelet.nix
@@ -6,16 +6,17 @@ makeEnable config "myModules.kubelet" false {
     kubeconfig = {
       server = "https://34.31.205.230";
       caFile = ./railbird-kubernetes.crt;
+      certFile = ./kubelet-client.crt;
       keyFile = config.age.secrets."api_service_account_key.json.age".path;
     };
     registerNode = true;
     cni = {
-      packages = [ pkgs.cni-plugins ];
+      packages = [ pkgs.cni-plugins pkgs.calico-cni-plugin ];
     };
     extraOpts = ''
       --fail-swap-on=false
-      --container-runtime=remote
-      --container-runtime-endpoint=unix:///run/containerd/containerd.sock
+      # --container-runtime=remote
+      # --container-runtime-endpoint=unix:///run/containerd/containerd.sock
     '';
   };
 }
diff --git a/nixos/secrets/api_service_account_key.json.age b/nixos/secrets/api_service_account_key.json.age
index af53f5ff..29aa33e7 100644
Binary files a/nixos/secrets/api_service_account_key.json.age and b/nixos/secrets/api_service_account_key.json.age differ