diff --git a/files/etc/NetworkManager/conf.d/calico.conf b/files/etc/NetworkManager/conf.d/calico.conf
index b4ac62a..490d153 100644
--- a/files/etc/NetworkManager/conf.d/calico.conf
+++ b/files/etc/NetworkManager/conf.d/calico.conf
@@ -1,3 +1,2 @@
-# https://docs.tigera.io/calico/latest/operations/troubleshoot/troubleshooting#configure-networkmanager
 [keyfile]
-unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:wireguard.cali
+unmanaged-devices=interface-name:cali*;interface-name:tunl*;interface-name:vxlan.calico;interface-name:wireguard.cali
\ No newline at end of file
diff --git a/files/etc/kubernetes/psa.yaml b/files/etc/kubernetes/psa.yaml
index fe13d52..b2c6f65 100644
--- a/files/etc/kubernetes/psa.yaml
+++ b/files/etc/kubernetes/psa.yaml
@@ -15,7 +15,7 @@ plugins:
     exemptions:
       usernames: []
       runtimeClasses: []
-      namespaces: [kube-system, cis-operator-system]
+      namespaces: [kube-system, system-upgrade, cis-operator-system]
 - name: EventRateLimit
   configuration:
     apiVersion: eventratelimit.admission.k8s.io/v1alpha1
diff --git a/tasks/install_server.yml b/tasks/install_server.yml
index a9d0b9e..1d53902 100644
--- a/tasks/install_server.yml
+++ b/tasks/install_server.yml
@@ -89,18 +89,6 @@
     - kubernetes_master|bool
     - kubernetes_cri == "k3s"
 
-- name: Make link from /etc/rancher/k3s/k3s.yaml to /etc/kubernetes/admin.conf
-  file:
-    src: "/etc/rancher/k3s/k3s.yaml"
-    state: link
-    dest: "/etc/kubernetes/admin.conf"
-    force: yes
-    owner: root
-    group: root
-  when:
-    - kubernetes_master|bool
-    - kubernetes_cri == "k3s"
-
 #
 # Manque autoconfig de .kube/config local
 #
@@ -112,7 +100,6 @@
 #   when:
 #     - kubernetes_master|bigip_pool
 
-# kubectl get nodes -o custom-columns=NAME:.metadata.name,TAINTS:.spec.taints --no-headers
 - name: Check if a node is still tainted
   ansible.builtin.command: kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes '{{ ansible_hostname | lower }}' -o jsonpath='{.spec.taints}'
   register: current_taint
diff --git a/templates/etc/rancher/k3s/config.yaml.j2 b/templates/etc/rancher/k3s/config.yaml.j2
index 2c7c64f..bed1d77 100644
--- a/templates/etc/rancher/k3s/config.yaml.j2
+++ b/templates/etc/rancher/k3s/config.yaml.j2
@@ -40,10 +40,11 @@ selinux: true
 #embedded-registry: true
 disable:
   - traefik
-{% if lookup('vars', 'ansible_' + kubernetes_interface ) != ansible_host %}
-node-external-ip: {{ ansible_host }}
+{% if kubernetes_interface is defined %}
+node-ip: {{ kubernetes_interface.address }}
+#node-ip: {{ lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.address }}
 {% endif %}
-node-ip: {{ lookup('vars', 'ansible_' + kubernetes_interface ).ipv4.address }}
+node-external-ip: {{ ansible_host }}
 {% if false %}
 # node-external-ip: 1.2.3.4
 #node-label: