diff --git a/defaults/main.yml b/defaults/main.yml
index 89b601b..0af1c65 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,8 +2,9 @@
 # value for kubernetes_cri: containerd, cri-o
 #kubernetes_cri: "containerd"
 kubernetes_server: false
+kubernetes_interface: '{{ ansible_default_ipv4.interface }}'
 # value for kuberntes_network: flannel, calico, weave-net
 #kubernetes_network: weave-net
 kubernetes_kubeproxy_mode: ipvs
-kubernetes_version: 1.20.6
+kubernetes_version: 1.21.2
 kubernetes_pods_network: "10.244.0.0/16"
\ No newline at end of file
diff --git a/tasks/cluster_kubeadm.yml b/tasks/cluster_kubeadm.yml
index a6fbc51..6ebe66e 100644
--- a/tasks/cluster_kubeadm.yml
+++ b/tasks/cluster_kubeadm.yml
@@ -136,11 +136,23 @@
     mode: 0644
   with_items:
     - "systemd/system/kubelet.service.d/0-kubelet-extra-args.conf"
-    - "systemd/system/kubelet.service.d/11-cgroups.conf"
     - "sysconfig/kubelet"
   when:
     - ansible_service_mgr == "systemd"
 
+- name: Configure kubelet service for CRI-O
+  template:
+    src: "etc/{{ item }}.j2"
+    dest: "/etc/{{ item }}"
+    group: root
+    owner: root
+    mode: 0644
+  with_items:
+    - "systemd/system/kubelet.service.d/11-cgroups.conf"
+  when:
+    - ansible_service_mgr == "systemd"
+    - kubernetes_cri == "cri-o"
+
 - name: Configure kubelet service
   template:
     src: "etc/{{ item }}.j2"
diff --git a/templates/etc/systemd/system/kubelet.service.d/0-kubelet-extra-args.conf.j2 b/templates/etc/systemd/system/kubelet.service.d/0-kubelet-extra-args.conf.j2
index e6f3596..fde66b0 100644
--- a/templates/etc/systemd/system/kubelet.service.d/0-kubelet-extra-args.conf.j2
+++ b/templates/etc/systemd/system/kubelet.service.d/0-kubelet-extra-args.conf.j2
@@ -1,2 +1,2 @@
 [Service]
-Environment=KUBELET_EXTRA_ARGS="--container-runtime=remote --container-runtime-endpoint={% if kubernetes_cri == "containerd" %}unix:///run/containerd/containerd.sock{% elif kubernetes_cri == "cri-o" %}unix:///var/run/crio/crio.sock{% endif %} --node-ip={{ ansible_default_ipv4.address }}"
+Environment=KUBELET_EXTRA_ARGS="--container-runtime=remote --container-runtime-endpoint={% if kubernetes_cri == "containerd" %}unix:///run/containerd/containerd.sock{% elif kubernetes_cri == "cri-o" %}unix:///var/run/crio/crio.sock{% endif %} --node-ip={{ lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.address }}"
diff --git a/templates/etc/systemd/system/kubelet.service.d/11-cgroups.conf.j2 b/templates/etc/systemd/system/kubelet.service.d/11-cgroups.conf.j2
new file mode 100644
index 0000000..403ae0e
--- /dev/null
+++ b/templates/etc/systemd/system/kubelet.service.d/11-cgroups.conf.j2
@@ -0,0 +1,5 @@
+# https://stackoverflow.com/a/57456786
+# https://stackoverflow.com/questions/57456667/failed-to-get-kubelets-cgroup
+[Service]
+CPUAccounting=true
+MemoryAccounting=true
diff --git a/templates/kubeadm-config.yaml.j2 b/templates/kubeadm-config.yaml.j2
index 905d188..e9d5596 100644
--- a/templates/kubeadm-config.yaml.j2
+++ b/templates/kubeadm-config.yaml.j2
@@ -32,7 +32,7 @@ nodeRegistration:
 {% elif kubernetes_cri == "cri-o" %}
     container-runtime-endpoint: "unix:///var/run/crio/crio.sock"
 {% endif %}
-    node-ip: {{ ansible_default_ipv4.address }}
+    node-ip: {{ lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.address }}
 #    read-only-port: "10255"
   ignorePreflightErrors:
   - SystemVerification
@@ -43,7 +43,7 @@ nodeRegistration:
   - IsPrivilegedUser
 {% endif %}
 localAPIEndpoint:
-  advertiseAddress: "{{ ansible_default_ipv4.address }}"
+  advertiseAddress: "{{ lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.address }}"
   bindPort: 6443
 {% if kubernetes_master|bool and groups['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is defined %}
 certificateKey: "{{ kubernetes_certificateKey.stdout }}"
@@ -56,11 +56,11 @@ kubernetesVersion: stable
 {% if lbip_kubeapiserver is defined %}
 controlPlaneEndpoint: "{{ lbip_kubeapiserver }}:6443"
 {% else %}
-controlPlaneEndpoint: "{{ ansible_default_ipv4.address }}:6443"
+controlPlaneEndpoint: "{{ lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.address }}:6443"
 {% endif %}
 apiServer:
   extraArgs:
-    enable-admission-plugins: NodeRestriction,PodSecurityPolicy
+    enable-admission-plugins: NodeRestriction
     authorization-mode: "Node,RBAC"
     audit-policy-file: "/etc/kubernetes/policies/audit-policy.yaml"
     audit-log-path: "/var/log/apiserver/audit.log"
@@ -109,7 +109,7 @@ kind: JoinConfiguration
 {% if kubernetes_master|bool %}
 controlPlane:
   localAPIEndpoint:
-    advertiseAddress: "{{ ansible_default_ipv4.address }}"
+    advertiseAddress: "{{ lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.address }}"
     bindPort: 6443
 {% if groups['KubernetesMasterConfigured_' ~ kubernetes_cluster_name] is defined %}
   certificateKey: "{{ kubernetes_certificateKey.stdout }}"
@@ -125,7 +125,7 @@ discovery:
 {% endif %}
 nodeRegistration:
   kubeletExtraArgs:
-    node-ip: {{ ansible_default_ipv4.address }}
+    node-ip: {{ lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.address }}
 #    read-only-port: "10255"
   ignorePreflightErrors:
   - SystemVerification