diff --git a/infra/lxd/cluster.tf b/infra/lxd/cluster.tf
index c07fe1d9..52b9754b 100644
--- a/infra/lxd/cluster.tf
+++ b/infra/lxd/cluster.tf
@@ -1,13 +1,69 @@
-resource "lxd_container" "test1" {
-  name      = "test1"
+resource "lxd_container" "k8s" {
+  count     = 1
+  name      = "k8s${count.index}"
   image     = "ubuntu:20.04"
   ephemeral = false
 
   config = {
-    "boot.autostart" = true
+    "security.privileged"  = true
+    "security.nesting"     = true
+    "linux.kernel_modules" = "ip_tables,ip6_tables,nf_nat,overlay,br_netfilter"
+    "raw.lxc"              = "lxc.apparmor.profile=unconfined\nlxc.cap.drop= \nlxc.cgroup.devices.allow=a\nlxc.mount.auto=proc:rw sys:rw cgroup:rw"
+    "user.user-data"       = <<-EOT
+      #cloud-config
+      ssh_authorized_keys:
+        - ${file("~/.ssh/id_rsa.pub")}
+      disable_root: false
+      runcmd:
+        - apt-get update
+        - apt-get install -y iptables git telnet vim software-properties-common resolvconf linux-headers-$(uname -r)
+        - echo "nameserver 1.1.1.1" > /etc/resolvconf/resolv.conf.d/tail
+        - echo "RateLimitIntervalSec=0" >> /etc/systemd/journald.conf
+        - echo "RateLimitBurst=0" >> /etc/systemd/journald.conf
+        - systemctl restart systemd-journald.service
+        - systemctl start resolvconf
+        - /opt/rke2/run_rke2.sh
+      write_files:
+      - path: /opt/rke2/run_rke2.sh
+        permissions: "0755"
+        owner: root:root
+        content: |
+          #!/bin/bash
+          curl -fsSL https://raw.githubusercontent.com/rancher/rke2/master/install.sh --output install.sh
+          chmod u+x install.sh
+          INSTALL_RKE2_METHOD='tar' INSTALL_RKE2_TYPE=server INSTALL_RKE2_VERSION=v1.19.7+rke2r1 ./install.sh
+          systemctl enable rke2-server
+          systemctl start rke2-server
+    EOT
   }
 
   limits = {
     cpu = 2
   }
 }
+
+# resource "rke_cluster" "cluster" {
+#   dynamic "nodes" {
+#     for_each = lxd_container.k8s
+
+#     content {
+#       address = nodes.value.ip_address
+#       user    = "root"
+#       role = [
+#         "controlplane",
+#         "etcd",
+#         "worker"
+#       ]
+#       ssh_key = file("~/.ssh/id_rsa")
+#     }
+#   }
+
+#   ingress {
+#     provider = "none"
+#   }
+# }
+
+# resource "local_file" "kube_config_yaml" {
+#   filename = "${path.root}/kube_config.yaml"
+#   content  = rke_cluster.cluster.kube_config_yaml
+# }
diff --git a/infra/lxd/terraform.tf b/infra/lxd/terraform.tf
index 7c5bb40d..c4e43228 100644
--- a/infra/lxd/terraform.tf
+++ b/infra/lxd/terraform.tf
@@ -9,6 +9,11 @@ terraform {
       source  = "terraform-lxd/lxd"
       version = "1.5.0"
     }
+
+    rke = {
+      source  = "rancher/rke"
+      version = "1.1.7"
+    }
   }
 }
 
@@ -24,3 +29,7 @@ provider "lxd" {
     default  = true
   }
 }
+
+provider "rke" {
+  debug = true
+}