diff --git a/README.md b/README.md
index d1571788c0079142e42997311069fe3095dcc4e1..0e9896b4acb7f89e28621b8a085efcec8c7c954c 100644
--- a/README.md
+++ b/README.md
@@ -27,18 +27,20 @@ Use roles inside a Ansible playbook
## Variables
-| Variable | Default | Description |
-| ------------------ | ------------------------------------ | -------------------------------------------------------------- |
-| cluster_name | | Name of the RKE2 cluster |
-| server_count | 3 | Number of RKE2 worker VMs |
-| agent_count | 3 | Number of RKE2 server VMs |
-| server_flavor | m1a.large | Server VM flavor |
-| agent_flavor | m1a.xlarge | Worker VM flavor |
-| server_volume_size | 50 | Volume size (GB) for server VM |
-| agent_volume_size | 100 | Volume size (GB) for worker VM |
-| image | 1fe615f0-9dad-447d-bf54-9071defafb77 | ID for OpenStack VM image |
-| domain | | DNS-Entry for loadbalancer IP |
-| node_taints | | Node taints for RKE2 node |
-| node_labels | | Node labels for RKE2 node |
-| rke2_channel | stable | RKE3 version channel |
-| state | present | Flag for setup (`present`) or removing (`absent`) RKE3 cluster |
+| Variable | Default | Description |
+| ------------------ | ------------------------------------ | ------------------------------------------------------------------------------------------- |
+| cluster_name | | Name of the RKE2 cluster |
+| server_count | 3 | Number of RKE2 worker VMs |
+| agent_count | 3 | Number of RKE2 server VMs |
+| server_flavor | m1a.large | Server VM flavor |
+| agent_flavor | m1a.xlarge | Worker VM flavor |
+| server_volume_size | 50 | Volume size (GB) for server VM |
+| agent_volume_size | 100 | Volume size (GB) for worker VM |
+| image | 1fe615f0-9dad-447d-bf54-9071defafb77 | ID for OpenStack VM image |
+| domain | | DNS-Entry for loadbalancer IP |
+| node_taints | | Node taints for RKE2 node |
+| node_labels | | Node labels for RKE2 node |
+| rke2_channel | stable | RKE3 version channel |
+| state | present | Flag for setup (`present`) or removing (`absent`) RKE3 cluster |
+| registry_mirrors | {} | [rke2-docs](https://docs.rke2.io/install/containerd_registry_configuration/#mirrors) |
+| manifests | {} | [defualts](collections/ansible_collections/adls/osrancher/roles/rke2/defaults/main.yml#L58) |
diff --git a/roles/rke2/defaults/main.yml b/roles/rke2/defaults/main.yml
index 6cfc629d0497b91edc71394b24c2919970dce60f..ed814d6df100efa8efba7f07bce9686cecd1585a 100644
--- a/roles/rke2/defaults/main.yml
+++ b/roles/rke2/defaults/main.yml
@@ -1,3 +1,8 @@
+state: present
+upgrade: no
+dist_upgrade: no
+reboot: no
+
domain:
server: "https://{{ domain }}:9345"
@@ -38,13 +43,8 @@ registry_mirrors: {}
# auth: --SEE_ABOVE--
# tls: --SEE_ABOVE--
-
-state: present
-upgrade: no
-dist_upgrade: no
-reboot: no
-
manifests: {} # used to override default_manifests
+manifests_config: "{{ default_manifests | combine(manifests) }}"
default_manifests:
config-rke2-coredns:
enabled: false
diff --git a/roles/rke2/templates/config.yaml.j2 b/roles/rke2/templates/config.yaml.j2
index 592a2258083d410c44728a430661842de4e2ad7c..2cdf772cffd93167c21daa28a0c145af0e932bdf 100644
--- a/roles/rke2/templates/config.yaml.j2
+++ b/roles/rke2/templates/config.yaml.j2
@@ -40,8 +40,21 @@ resolv-conf: "{{ resolv_conf_server }}"
write-kubeconfig-mode: "0644"
kube-apiserver-arg: "--enable-admission-plugins=NodeRestriction,PodSecurityPolicy,PodNodeSelector,PodTolerationRestriction,DenyServiceExternalIPs"
+
+{% if cni is defined and cni | length > 0 %}
+cni: "{{ cni }}"
+{% elif manifests_config.calico.enabled and manifests_config.cilium.enabled%}
+cni: multus,calico,cilium
+{% elif manifests_config.calico.enabled%}
+cni: calico
+{% elif manifests_config.cilium.enabled%}
+cni: cilium
+{% endif %}
+
{% if cni is defined and cni | length > 0 %}
cni: "{{ cni }}"
+{% elseif (default_manifests | combine(manifests)). %}
+
{% endif %}
{% if tls_san is defined and tls_san | length > 0 %}