diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..49d3add
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,8 @@
+# Created by https://www.toptal.com/developers/gitignore/api/ansible
+# Edit at https://www.toptal.com/developers/gitignore?templates=ansible
+
+### Ansible ###
+*.retry
+test/hosts
+
+# End of https://www.toptal.com/developers/gitignore/api/ansible
diff --git a/hosts b/hosts
new file mode 100644
index 0000000..dac5e83
--- /dev/null
+++ b/hosts
@@ -0,0 +1 @@
+debian@37.187.67.96
diff --git a/playbook.yaml b/playbook.yaml
new file mode 100644
index 0000000..f6d0500
--- /dev/null
+++ b/playbook.yaml
@@ -0,0 +1,72 @@
+---
+- name: Install k8s
+  become: true
+  hosts: all
+
+  vars:
+    arch: "amd64"
+    os: "Debian_11"
+    k8s_version: "1.27"
+    k_version: "{{ k8s_version }}.2"
+
+  tasks:
+  - name: Copy conf
+    copy:
+      src: rootfs/
+      dest: /
+
+  - name: Upgrade
+    apt:
+      update_cache: true
+      cache_valid_time: 604800 # 60s * 60m * 24h * 7d
+      upgrade: full
+
+  - name: Install deps
+    apt:
+      name:
+        - gpg
+        - vim
+
+  - name: Add libcontainers repo key (CRI-O)
+    apt_key:
+      url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/Release.key"
+      keyring: /etc/apt/trusted.gpg.d/libcontainers-archive-keyring.gpg
+  - name: Add libcontainers-crio repo key (CRI-O)
+    apt_key:
+      url: "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_version }}/{{ os }}/Release.key"
+      keyring: /etc/apt/trusted.gpg.d/libcontainers-crio-archive-keyring.gpg
+  - name: Add libcontainers repo (CRI-O)
+    apt_repository:
+      repo: "deb [signed-by=/etc/apt/trusted.gpg.d/libcontainers-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ os }}/ /"
+      filename: devel:kubic:libcontainers:stable.list
+  - name: Add libcontainers-crio repo (CRI-O)
+    apt_repository:
+      repo: "deb [signed-by=/etc/apt/trusted.gpg.d/libcontainers-crio-archive-keyring.gpg] https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s_version }}/{{ os }}/ /"
+      filename: "devel:kubic:libcontainers:stable:cri-o:{{ k8s_version }}.list"
+  - name: Install cri-o
+    apt:
+      name:
+        - cri-o
+        - cri-o-runc
+      update_cache: true
+
+  - name: Install kubectl
+    get_url:
+      url: "https://dl.k8s.io/release/v{{ k_version }}/bin/linux/{{ arch }}/kubectl"
+      dest: /usr/local/bin/kubectl
+      mode: 755
+  - name: Install kubeadm
+    get_url:
+      url: "https://dl.k8s.io/release/v{{ k_version}}/bin/linux/{{ arch }}/kubeadm"
+      dest: /usr/local/bin/kubeadm
+      mode: 755
+  - name: Install kubelet
+    get_url:
+      url: "https://dl.k8s.io/release/v{{ k_version }}/bin/linux/{{ arch }}/kubelet"
+      dest: /usr/local/bin/kubelet
+      mode: 755
+  - name: Start kubelet service
+    service:
+      name: kubelet.service
+      enabled: true
+      state: started
diff --git a/rootfs/etc/systemd/system/kubelet.service b/rootfs/etc/systemd/system/kubelet.service
new file mode 100644
index 0000000..5ee4050
--- /dev/null
+++ b/rootfs/etc/systemd/system/kubelet.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=kubelet: The Kubernetes Node Agent
+Documentation=https://kubernetes.io/docs/home/
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+ExecStart=/usr/local/bin/kubelet
+Restart=always
+StartLimitInterval=0
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
diff --git a/rootfs/etc/systemd/system/kubelet.service.d/10-kubeadm.conf b/rootfs/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
new file mode 100644
index 0000000..67f3a7d
--- /dev/null
+++ b/rootfs/etc/systemd/system/kubelet.service.d/10-kubeadm.conf
@@ -0,0 +1,9 @@
+[Service]
+Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
+Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
+# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
+EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
+# This is a file that the user can use for overrides of the kubelet args as a last resort. Preferably, the user should use
+# the .NodeRegistration.KubeletExtraArgs object in the configuration files instead. KUBELET_EXTRA_ARGS should be sourced from this file.
+EnvironmentFile=-/etc/default/kubelet
+ExecStart=/usr/local/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
diff --git a/test/Dockerfile b/test/Dockerfile
new file mode 100644
index 0000000..3c478e4
--- /dev/null
+++ b/test/Dockerfile
@@ -0,0 +1,9 @@
+FROM python:3.11-slim
+RUN apt-get update        \
+    && apt-get install -y \
+        ssh               \
+        sudo              \
+    && rm -rf /var/lib/apt/lists/*
+RUN passwd -d root
+COPY sshd_config /etc/ssh/
+CMD ["sh", "-c", "/etc/init.d/ssh start && sleep infinity"]
diff --git a/test/docker-compose.yaml b/test/docker-compose.yaml
new file mode 100644
index 0000000..c010879
--- /dev/null
+++ b/test/docker-compose.yaml
@@ -0,0 +1,6 @@
+---
+version: "3.7"
+
+services:
+  app:
+    build: .
diff --git a/test/sshd_config b/test/sshd_config
new file mode 100644
index 0000000..a391f2e
--- /dev/null
+++ b/test/sshd_config
@@ -0,0 +1,123 @@
+#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+Include /etc/ssh/sshd_config.d/*.conf
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#PubkeyAuthentication yes
+
+# Expect .ssh/authorized_keys2 to be disregarded by default in future.
+#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication yes
+PermitEmptyPasswords yes
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+#GSSAPIStrictAcceptorCheck yes
+#GSSAPIKeyExchange no
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+X11Forwarding yes
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no
+#PrintLastLog yes
+#TCPKeepAlive yes
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /var/run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/openssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server
diff --git a/test/start.sh b/test/start.sh
new file mode 100755
index 0000000..60ccbbd
--- /dev/null
+++ b/test/start.sh
@@ -0,0 +1,13 @@
+#!/bin/bash -e
+cd "$(dirname "$0")"/..
+
+(cd test
+    sudo docker-compose up -d --build
+)
+IP="$(
+    sudo docker inspect test-app-1 | grep IPAddress | grep -Po '\d+(.\d+){3}'
+)"
+
+echo "root@$IP" > test/hosts
+
+ansible-playbook playbook.yaml -i test/hosts