diff --git a/roles/rke2/templates/config.yaml.j2 b/roles/rke2/templates/config.yaml.j2
index 1be1547440a591b144b430f38ffbbb96a2d87e1b..7a63969a6d418e8978cb3f9e41743a4b2149aa7e 100644
--- a/roles/rke2/templates/config.yaml.j2
+++ b/roles/rke2/templates/config.yaml.j2
@@ -73,6 +73,10 @@ tls-san:
 resolv-conf: "{{ resolv_conf_node }}"
 {% endif %}
 
+
+{% if secrets_encryption is defined %}
+secrets-encryption: "{{ secrets_encryption }}"
+{% endif %}
 {# Do not use it:
 
 {% if node_external_ip is defined %}
diff --git a/roles/rke2/templates/kernel_params.conf.j2 b/roles/rke2/templates/kernel_params.conf.j2
index 5925d294499cb5d756ef090d8a83b1396dc20d37..884a35f64e49a2c32fe1595c5b3538db96af8180 100644
--- a/roles/rke2/templates/kernel_params.conf.j2
+++ b/roles/rke2/templates/kernel_params.conf.j2
@@ -1,3 +1,4 @@
 vm.overcommit_memory=1
 kernel.panic=10
-kernel.panic_on_oops=1
\ No newline at end of file
+kernel.panic_on_oops=1
+protect-kernel-defaults=true
\ No newline at end of file
diff --git a/roles/rke2/templates/manifests/deploy-openstack-ccm.j2 b/roles/rke2/templates/manifests/deploy-openstack-ccm.j2
index 432f3b33535b7e48d6fdcda8340b564881d7c3e5..9b8cecb21d4442d02e1eeeaf79f2bc99a6717926 100644
--- a/roles/rke2/templates/manifests/deploy-openstack-ccm.j2
+++ b/roles/rke2/templates/manifests/deploy-openstack-ccm.j2
@@ -3,7 +3,7 @@
 kind: Namespace
 apiVersion: v1
 metadata:
-  name: openstack-system
+  name: kube-system
 
 ---
 
@@ -18,7 +18,7 @@ spec:
   chart: openstack-cloud-controller-manager
   version: {{ item.value.version | default("1.3.0") }}
   bootstrap: True
-  targetNamespace: openstack-system
+  targetNamespace: kube-system
   valuesContent: |-
     cloudConfig:
       global: