diff --git a/playbooks/install_k8s.yml b/playbooks/install_k8s.yml
index 7218b75..9f2e24d 100644
--- a/playbooks/install_k8s.yml
+++ b/playbooks/install_k8s.yml
@@ -38,7 +38,7 @@
       ansible.builtin.apt:
         state: present
         update_cache: true
-        name: [cri-o, kubelet, kubeadm, kubectl, python3-pip, helm]
+        name: [cri-o, kubelet, kubeadm, kubectl, python3-pip, helm, git]
 
     - name: Install Kubernetes Python packages.
       ansible.builtin.pip:
@@ -122,6 +122,15 @@
         kubeadm join --config JoinConfiguration.yml
       changed_when: true
 
+- name: Install Helm Diff.
+  gather_facts: false
+  hosts: control
+  tasks:
+    - name: Install it.
+      kubernetes.core.helm_plugin:
+        plugin_path: https://github.com/databus23/helm-diff
+        state: present
+
 - name: Install CNI.
   gather_facts: false
   hosts: control
@@ -200,6 +209,14 @@
         url: https://charts.hetzner.cloud
         state: present
 
+    - name: Copy over values file.
+      vars:
+        values_template: ../templates/HCCMValues.yml.jinja2
+      ansible.builtin.template:
+        src: "{{ values_template }}"
+        dest: HCCMValues.yml
+        mode: preserve
+
     - name: Install it.
       kubernetes.core.helm:
         name: hccm
@@ -207,3 +224,43 @@
         namespace: kube-system
         state: present
         update_repo_cache: true
+        force: true
+        values_files: [HCCMValues.yml]
+
+
+- name: Install `nginx` Controller.
+  gather_facts: false
+  hosts: control
+  tasks:
+    - name: Remove schedule taint to nodes.
+      kubernetes.core.k8s_taint:
+        state: absent
+        name: "{{ item }}"
+        taints:
+          - key: node.cloudprovider.kubernetes.io/uninitialized
+            value: true
+            effect: NoSchedule
+      loop: [node-a, node-b]
+
+    - name: Add `ingress-nginx` repository.
+      kubernetes.core.helm_repository:
+        name: ingress-nginx
+        url: https://kubernetes.github.io/ingress-nginx
+        state: present
+
+    - name: Copy over values file.
+      vars:
+        values_template: ../templates/IngressValues.yml.jinja2
+      ansible.builtin.template:
+        src: "{{ values_template }}"
+        dest: IngressValues.yml
+        mode: preserve
+
+    - name: Install it.
+      kubernetes.core.helm:
+        name: ingress-nginx-controller
+        chart_ref: ingress-nginx/ingress-nginx
+        namespace: kube-system
+        state: present
+        update_repo_cache: true
+        values_files: [IngressValues.yml]
diff --git a/templates/HCCMValues.yml.jinja2 b/templates/HCCMValues.yml.jinja2
new file mode 100644
index 0000000..bcb47ad
--- /dev/null
+++ b/templates/HCCMValues.yml.jinja2
@@ -0,0 +1,3 @@
+networking:
+  enabled: "true"
+  clusterCIDR: "10.244.0.0/16"
\ No newline at end of file
diff --git a/templates/IngressValues.yml.jinja2 b/templates/IngressValues.yml.jinja2
new file mode 100644
index 0000000..11916bb
--- /dev/null
+++ b/templates/IngressValues.yml.jinja2
@@ -0,0 +1,18 @@
+controller:
+  dnsPolicy: ClusterFirstWithHostNet
+  hostNetwork: true
+  kind: DaemonSet
+  service:
+    annotations:
+      load-balancer.hetzner.cloud/name: "hetzner-lb"
+      load-balancer.hetzner.cloud/location: "fsn1"
+      load-balancer.hetzner.cloud/type: "lb11"
+      load-balancer.hetzner.cloud/ipv6-disabled: "true"
+      load-balancer.hetzner.cloud/use-private-ip: "true"
+      load-balancer.hetzner.cloud/protocol: "https"
+      load-balancer.hetzner.cloud/network-zone: "eu-central"
+      load-balancer.hetzner.cloud/http-certificates: "managed_cert"
+      load-balancer.hetzner.cloud/http-redirect-http: "true"
+    enableHttp: false
+    targetPorts:
+      https: http
\ No newline at end of file