diff --git a/dci_finish.yml b/dci_finish.yml
new file mode 100644
index 0000000..6bc6fc4
--- /dev/null
+++ b/dci_finish.yml
@@ -0,0 +1,8 @@
+---
+
+- name: Mark installation finished using DCI Manager
+  gather_facts: false
+  hosts:
+    - talos_hardware_nodes
+  roles:
+    - role: dci_finish
diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml
index 6300313..80f5435 100644
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
-kubernetes_version: v1.26.7
+kubernetes_version: v1.26.9 # Rancher can't run on v1.27, see https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/rancher-v2-7-6/
+talos_image_version: v1.5.2
 talos_version: v1.5.3
 ansible_root_dir: "{{ inventory_dir | ansible.builtin.dirname }}"
 ansible_vault_password_file: "{{ ansible_root_dir }}/.ansible/vault_pass"
@@ -13,7 +14,6 @@ talos_node_config_file: "{{ talos_cluster_config_dir }}/talos-{{ inventory_hostn
 talos_disk: /dev/sda
 talosconfig: "{{ talos_cluster_config_dir }}/talosconfig.yaml"
 kubeconfig: "{{ talos_cluster_config_dir }}/kubeconfig.yaml"
-talos_image_version: v1.4.7
 kubectl_host: localhost
 talosctl_host: localhost
 ingress_lb_hostname: "workers.{{ cluster_name }}"
@@ -21,4 +21,4 @@ ingress_ips: [] # One or more IPs must be defined for first cluster node using I
 rancher_hostname: "rancher.{{ cluster_name }}"
 letsencrypt_email: "jeroen@deovero.com"
 network_interface: "eth0"
-network_cidr_prefix: "24"
\ No newline at end of file
+network_cidr_prefix: "24"
diff --git a/roles/dci_reinstall_talos/tasks/main.yml b/roles/dci_reinstall_talos/tasks/main.yml
index 852a7b5..4df6ea0 100644
--- a/roles/dci_reinstall_talos/tasks/main.yml
+++ b/roles/dci_reinstall_talos/tasks/main.yml
@@ -24,10 +24,21 @@
   register: _dci_reinstall
   until: _dci_reinstall.status != 503 and _dci_reinstall.status != -1
 
-- name: Wait for Talos port 50000
+- name: Wait for Talos port 50000 to go down
+  delegate_to: "{{ talosctl_host }}"
+  become: false
+  ansible.builtin.wait_for:
+    delay: 10
+    state: stopped
+    host: "{{ ansible_remote }}"
+    port: 50000
+    timeout: 300
+
+- name: Wait for Talos port 50000 to be open
   delegate_to: "{{ talosctl_host }}"
   become: false
   ansible.builtin.wait_for:
     delay: 10
     host: "{{ ansible_remote }}"
     port: 50000
+    timeout: 1200
diff --git a/roles/mayastor_diskpool/meta/main.yml b/roles/mayastor_diskpool/meta/main.yml
new file mode 100644
index 0000000..fdda41b
--- /dev/null
+++ b/roles/mayastor_diskpool/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: common
diff --git a/roles/mayastor_diskpool/tasks/main.yml b/roles/mayastor_diskpool/tasks/main.yml
new file mode 100644
index 0000000..8c1d9d2
--- /dev/null
+++ b/roles/mayastor_diskpool/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+
+- name: DiskPool for Mayastor
+  delegate_to: "{{ kubectl_host }}"
+  when: "mayastor_disk is defined"
+  kubernetes.core.k8s:
+    kubeconfig: "{{ kubeconfig }}"
+    resource_definition:
+      apiVersion: "openebs.io/v1beta1"
+      kind: DiskPool
+      metadata:
+        name: "{{ inventory_hostname | ansible.builtin.regex_replace('[^a-z0-9]+', '-') }}-{{ mayastor_disk | ansible.builtin.regex_replace('[^a-z0-9]+', '-') }}"
+        namespace: mayastor
+      spec:
+        node: "{{ inventory_hostname }}"
+        disks:
+          - "{{ mayastor_disk }}"
diff --git a/roles/talos_config_apply/tasks/main.yml b/roles/talos_config_apply/tasks/main.yml
index 28059aa..0dc91a8 100644
--- a/roles/talos_config_apply/tasks/main.yml
+++ b/roles/talos_config_apply/tasks/main.yml
@@ -14,6 +14,7 @@
 - name: Apply Talos node config
   delegate_to: "{{ talosctl_host }}"
   become: false
+  throttle: 1
   ansible.builtin.command:
     cmd: >-
       talosctl  apply-config
diff --git a/roles/talos_config_create/tasks/create_control_configs.yml b/roles/talos_config_create/tasks/create_control_configs.yml
deleted file mode 100644
index 3974edc..0000000
--- a/roles/talos_config_create/tasks/create_control_configs.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-
-- name: Create Talos control node config
-  delegate_to: "{{ talosctl_host }}"
-  become: false
-  ansible.builtin.command:
-    cmd: >-
-      talosctl  gen  config  '{{ cluster_name }}'  'https://{{ talos_control_lb_hostname }}:6443'
-        --output-types controlplane
-        --output '{{ talos_node_config_file }}'
-        --with-secrets '{{ talos_cluster_secrets_file }}'
-        --config-patch @'{{ talos_generic_config_dir }}/talos-patch.yaml'
-        --config-patch-control-plane @'{{ talos_generic_config_dir }}/talos-patch-control.yaml'
-        --config-patch='[{"op": "replace", "path": "/machine/network/hostname", "value": "{{ inventory_hostname }}"}]'
-        --config-patch='[{"op": "replace", "path": "/machine/install/disk", "value": "{{ talos_disk }}"}]'
-        --talos-version '{{ talos_image_version }}'
-        --kubernetes-version '{{ kubernetes_version }}'
-        --additional-sans '{{ talos_control_lb_hostname }}'
-        --force
-  changed_when: true
diff --git a/roles/talos_config_create/tasks/create_worker_configs.yml b/roles/talos_config_create/tasks/create_node_config.yml
similarity index 82%
rename from roles/talos_config_create/tasks/create_worker_configs.yml
rename to roles/talos_config_create/tasks/create_node_config.yml
index 9dddcba..b55714d 100644
--- a/roles/talos_config_create/tasks/create_worker_configs.yml
+++ b/roles/talos_config_create/tasks/create_node_config.yml
@@ -15,17 +15,20 @@
                   gateway: "{{ (ansible_remote ~ '/' ~ network_cidr_prefix) | ansible.utils.ipaddr('1') | ansible.utils.ipaddr('address') }}"
         install:
           disk: "{{ talos_disk }}"
+        kubelet:
+          extraArgs:
+            max-pods: "{% if 'talos_hardware_nodes' in group_names %}250{% else %}110{% endif %}"
 
 - name: Create Talos interfaces bond append
-  when: "network_interfaces_bond is defined"
+  when: "network_interface_bond is defined"
   ansible.utils.update_fact:
     updates:
       - path: "_talos_override_config.machine.network.interfaces.0.bond"
-        value: "{{ network_interfaces_bond }}"
+        value: "{{ network_interface_bond }}"
   register: _talos_override_update
 
 - name: Apply Talos interfaces bond append
-  when: "network_interfaces_bond is defined"
+  when: "network_interface_bond is defined"
   ansible.builtin.set_fact:
     _talos_override_config: "{{ _talos_override_update._talos_override_config }}"
 
@@ -52,10 +55,11 @@
   ansible.builtin.command:
     cmd: >-
       talosctl  gen  config  '{{ cluster_name }}'  'https://{{ talos_control_lb_hostname }}:6443'
-        --output-types='worker'
+        --output-types='{% if "talos_control_nodes" in group_names %}controlplane{% else %}worker{% endif %}'
         --output='{{ talos_node_config_file }}'
         --with-secrets='{{ talos_cluster_secrets_file }}'
         --config-patch=@'{{ talos_generic_config_dir }}/talos-patch.yaml'
+        --config-patch-control-plane @'{{ talos_generic_config_dir }}/talos-patch-control.yaml'
         --config-patch-worker=@'{{ talos_generic_config_dir }}/talos-patch-worker.yaml'
         --config-patch=@'{{ _talos_override_tempfile }}'
         --talos-version='{{ talos_image_version }}'
diff --git a/roles/talos_config_create/tasks/main.yml b/roles/talos_config_create/tasks/main.yml
index b9cfb5e..0265cda 100644
--- a/roles/talos_config_create/tasks/main.yml
+++ b/roles/talos_config_create/tasks/main.yml
@@ -14,10 +14,5 @@
 - name: Import create_talosconfig tasks
   ansible.builtin.import_tasks: create_talosconfig.yml
 
-- name: Import create_control_configs tasks
-  when: "'talos_control_nodes' in group_names"
-  ansible.builtin.import_tasks: create_control_configs.yml
-
-- name: Import create_worker_configs tasks
-  when: "'talos_worker_nodes' in group_names"
-  ansible.builtin.import_tasks: create_worker_configs.yml
+- name: Import create_node_config tasks
+  ansible.builtin.import_tasks: create_node_config.yml
diff --git a/roles/talos_upgrade/tasks/main.yml b/roles/talos_upgrade/tasks/main.yml
index d380140..c63a9aa 100644
--- a/roles/talos_upgrade/tasks/main.yml
+++ b/roles/talos_upgrade/tasks/main.yml
@@ -1,22 +1,22 @@
 ---
-
 - name: Upgrade Talos
   delegate_to: "{{ talosctl_host }}"
-  become: false
   throttle: 1
   ansible.builtin.command:
     cmd: >-
       talosctl  upgrade
         --image="ghcr.io/siderolabs/installer:{{ talos_version }}"
-        --endpoints '{{ talos_control_lb_hostname }}'
-        --nodes '{{ ansible_remote }}'
+        --endpoints='{{ talos_control_lb_hostname }}'
+        --nodes='{{ ansible_remote }}'
+        --timeout='30m'
         --wait=true
-  changed_when: false
+  changed_when: true
   environment:
     TALOSCONFIG: "{{ talosconfig }}"
 
 - name: Wait for Talos port 50000
   delegate_to: "{{ talosctl_host }}"
+  throttle: 1
   become: false
   ansible.builtin.wait_for:
     host: "{{ ansible_remote }}"
diff --git a/roles/talos_upgrade_k8s/meta/main.yml b/roles/talos_upgrade_k8s/meta/main.yml
new file mode 100644
index 0000000..fdda41b
--- /dev/null
+++ b/roles/talos_upgrade_k8s/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: common
diff --git a/roles/talos_upgrade_k8s/tasks/main.yml b/roles/talos_upgrade_k8s/tasks/main.yml
new file mode 100644
index 0000000..dfa3662
--- /dev/null
+++ b/roles/talos_upgrade_k8s/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: Upgrade Kubernetes to {{ kubernetes_version }}
+  delegate_to: "{{ talosctl_host }}"
+  run_once: true
+  ansible.builtin.command:
+    cmd: >-
+      talosctl  upgrade-k8s
+        --to={{ kubernetes_version }}
+  changed_when: true
+  environment:
+    TALOSCONFIG: "{{ talosconfig }}"
+
+- name: Wait for Talos port 50000
+  delegate_to: "{{ talosctl_host }}"
+  throttle: 1
+  become: false
+  ansible.builtin.wait_for:
+    host: "{{ ansible_remote }}"
+    port: 50000
+    delay: 5
+    timeout: 300
diff --git a/roles/talos_wait_health/meta/main.yml b/roles/talos_wait_health/meta/main.yml
new file mode 100644
index 0000000..fdda41b
--- /dev/null
+++ b/roles/talos_wait_health/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: common
diff --git a/roles/talos_wait_health/tasks/main.yml b/roles/talos_wait_health/tasks/main.yml
new file mode 100644
index 0000000..4a79074
--- /dev/null
+++ b/roles/talos_wait_health/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+
+- name: Wait for Talos health
+  delegate_to: "{{ talosctl_host }}"
+  run_once: true
+  ansible.builtin.command:
+    cmd: >-
+      talosctl  health
+        --wait-timeout='30m'
+  changed_when: false
+  environment:
+    TALOSCONFIG: "{{ talosconfig }}"
diff --git a/services.yml b/services.yml
index 967183a..13baeb3 100644
--- a/services.yml
+++ b/services.yml
@@ -28,3 +28,14 @@
     - role: velero
       tags:
         - velero
+
+- name: Install per-node services on K8S
+  become: false
+  gather_facts: false
+  hosts:
+    - talos
+  roles:
+    - role: mayastor_diskpool
+      tags:
+        - mayastor
+        - mayastor_diskpool
diff --git a/talos_upgrade.yml b/talos_upgrade.yml
index 64d85fd..7207478 100644
--- a/talos_upgrade.yml
+++ b/talos_upgrade.yml
@@ -1,7 +1,17 @@
 ---
 
+- name: Wait for Talos health
+  gather_facts: false
+  serial: 1
+  hosts:
+    - talos_first_nodes
+  roles:
+    - role: talos_wait_port
+    - role: talos_wait_health
+
 - name: Upgrade Talos
   gather_facts: false
+  serial: 1
   hosts:
     - talos
   roles:
diff --git a/talos_upgrade_k8s.yml b/talos_upgrade_k8s.yml
new file mode 100644
index 0000000..3683b5a
--- /dev/null
+++ b/talos_upgrade_k8s.yml
@@ -0,0 +1,12 @@
+---
+
+- name: Upgrade Talos
+  gather_facts: false
+  throttle: 1
+  serial: 1
+  hosts:
+    - talos_first_nodes
+  roles:
+    - role: talos_wait_port
+    - role: talos_wait_health
+    - role: talos_upgrade_k8s