diff --git a/templates/kubeadm-config.yaml.j2 b/templates/kubeadm-config.yaml.j2
new file mode 100644
index 0000000..9215299
--- /dev/null
+++ b/templates/kubeadm-config.yaml.j2
@@ -0,0 +1,58 @@
+apiVersion: kubeadm.k8s.io/v1beta2
+kind: InitConfiguration
+{% if true == false %}
+bootstrapTokens:
+- token: "9a08jv.c0izixklcxtmnze7"
+  description: "kubeadm bootstrap token"
+  ttl: "24h"
+- token: "783bde.3f89s0fje9f38fhf"
+  description: "another bootstrap token"
+  usages:
+  - authentication
+  - signing
+  groups:
+  - system:bootstrappers:kubeadm:default-node-token
+{% endif %}
+nodeRegistration:
+{% if  kubernetes_cri == "containerd" %}
+  criSocket: "/run/containerd/containerd.sock"
+{% elseif  kubernetes_cri == "docker" %}
+  criSocket: "/var/run/docker.sock"
+{% endif %}
+{% if false %}
+  name: "ec2-10-100-0-1"
+  taints:
+  - key: "kubeadmNode"
+    value: "master"
+    effect: "NoSchedule"
+{% endif %}
+  kubeletExtraArgs:
+{% if false %}
+    cgroupDriver: "cgroupfs"
+{% endif %}
+{% if  kubernetes_cri == "containerd" %}
+    cgroup-driver: "systemd"
+    container-runtime: "remote"
+    runtime-request-timeout: "15m"
+    container-runtime-endpoint: "unix:///run/containerd/containerd.sock"
+{% endif %}
+    node-ip: {{ ansible_host }}
+    read-only-port: "10255"
+  ignorePreflightErrors:
+  - SystemVerification
+{% if true == false %}
+  - IsPrivilegedUser
+{% endif %}
+localAPIEndpoint:
+  advertiseAddress: "{{ lbip_kubeapiserver }}"
+  bindPort: 6443
+{% if kubernetes_certificateKey is defined %}
+certificateKey: "{{ kubernetes_certificateKey }}"
+{% endif %}
+---
+apiVersion: kubeadm.k8s.io/v1beta1
+kind: ClusterConfiguration
+kubernetesVersion: stable
+controlPlaneEndpoint: "{{ lb_kubemaster }}:6443"
+networking:
+   podSubnet: "10.244.0.0/16"
\ No newline at end of file