diff --git a/services/etcd.go b/services/etcd.go
index 08160c04720bc0fe07b02de6da0af6c687a87645..66bf60aa640287df7820ffc7871d4b6fdae706cc 100644
--- a/services/etcd.go
+++ b/services/etcd.go
@@ -11,7 +11,7 @@ var EtcdPath = "/etcd"
 
 var etcd = &Unit{
 	Name:         "etcd",
-	Dependencies: []*Unit{masterCerts},
+	Dependencies: []*Unit{pkiMaster},
 	Run: func(u *Unit, c *Cluster, ctx context.Context) error {
 		config := embed.NewConfig()
 		config.Dir = EtcdPath
diff --git a/services/k8s.go b/services/k8s.go
index 26475a1967565bff0f8deb2120cc78ea9f87e7a7..60ea98d37173edeffcbab759edd0932625897a40 100644
--- a/services/k8s.go
+++ b/services/k8s.go
@@ -11,8 +11,8 @@ import (
 	restclient "k8s.io/client-go/rest"
 	"k8s.io/component-base/cli/flag"
 	"k8s.io/klog/v2"
-	api "k8s.io/kubernetes/cmd/kube-apiserver/app"
-	apiopts "k8s.io/kubernetes/cmd/kube-apiserver/app/options"
+	apiserver "k8s.io/kubernetes/cmd/kube-apiserver/app"
+	apiserveropts "k8s.io/kubernetes/cmd/kube-apiserver/app/options"
 	cm "k8s.io/kubernetes/cmd/kube-controller-manager/app"
 	cmopts "k8s.io/kubernetes/cmd/kube-controller-manager/app/options"
 	scheduler "k8s.io/kubernetes/cmd/kube-scheduler/app"
@@ -26,7 +26,7 @@ import (
 
 var configPath = "/etc"
 
-var k8sLogger = &Unit{
+var kubeLogger = &Unit{
 	Name: "kube-logger",
 	Run: func(u *Unit, c *Cluster, ctx context.Context) error {
 		klog.SetLogger(u.Manager.Logger)
@@ -34,9 +34,9 @@ var k8sLogger = &Unit{
 	},
 }
 
-var apiserver = &Unit{
+var kubeApiserver = &Unit{
 	Name:         "kube-apiserver",
-	Dependencies: []*Unit{etcd, masterCerts, pkiCA, vpn, k8sLogger},
+	Dependencies: []*Unit{etcd, pkiCA, pkiMaster, vpn, kubeLogger},
 	Run: func(u *Unit, c *Cluster, ctx context.Context) error {
 		args := []string{
 			"--bind-address", c.networking.NodeAddress.IP.String(),
@@ -47,7 +47,7 @@ var apiserver = &Unit{
 			"--kubelet-certificate-authority", c.pki.TLS.CertPath(),
 			"--kubelet-client-certificate", c.masterCerts.Kubelet.CertPath(),
 			"--kubelet-client-key", c.masterCerts.Kubelet.KeyPath(),
-			"--etcd-servers", "http://localhost:2379",
+			"--etcd-servers", "http://[::1]:2379",
 			"--service-account-signing-key-file", c.masterCerts.APITokens.KeyPath(),
 			"--service-account-key-file", c.masterCerts.APITokens.KeyPath(),
 			"--service-account-issuer", "https://kubernetes.default.svc.cluster.local",
@@ -55,18 +55,18 @@ var apiserver = &Unit{
 			"--authorization-mode", "Node,RBAC",
 			"--allow-privileged", "true",
 		}
-		config := apiopts.NewServerRunOptions()
+		config := apiserveropts.NewServerRunOptions()
 		nfs := config.Flags()
 		flags := flagsFromNamedFlagSet("apiserver", &nfs)
 		err := flags.Parse(args)
 		if err != nil {
 			return err
 		}
-		completedOptions, err := api.Complete(config)
+		completedOptions, err := apiserver.Complete(config)
 		if err != nil {
 			return err
 		}
-		server, err := api.CreateServerChain(completedOptions)
+		server, err := apiserver.CreateServerChain(completedOptions)
 		if err != nil {
 			return err
 		}
@@ -88,9 +88,9 @@ var apiserver = &Unit{
 	},
 }
 
-var controller_manager = &Unit{
+var kubeControllerManager = &Unit{
 	Name:         "kube-controller-manager",
-	Dependencies: []*Unit{apiserver, masterCerts, pkiCA, k8sLogger},
+	Dependencies: []*Unit{kubeApiserver, pkiCA, pkiMaster, kubeLogger},
 	Run: func(u *Unit, c *Cluster, ctx context.Context) error {
 		cmConfig := KubeConfig{
 			URL:        fmt.Sprintf("https://[%s]:6443", c.networking.NodeAddress.IP.String()),
@@ -133,9 +133,9 @@ var controller_manager = &Unit{
 	},
 }
 
-var kube_scheduler = &Unit{
+var kubeScheduler = &Unit{
 	Name:         "kube-scheduler",
-	Dependencies: []*Unit{apiserver, masterCerts, pkiCA, k8sLogger},
+	Dependencies: []*Unit{kubeApiserver, pkiCA, pkiMaster, kubeLogger},
 	Run: func(u *Unit, c *Cluster, ctx context.Context) error {
 		schedulerConfig := KubeConfig{
 			URL:        fmt.Sprintf("https://[%s]:6443", c.networking.NodeAddress.IP.String()),
@@ -163,12 +163,12 @@ var kube_scheduler = &Unit{
 	},
 }
 
-var kube_kubelet = &Unit{
+var kubeKubelet = &Unit{
 	Name:         "kubelet",
-	Dependencies: []*Unit{remote_master, containerd, nodeCerts, pkiCA, k8sLogger},
+	Dependencies: []*Unit{masterDiscovery, containerd, pkiCA, pkiNode, kubeLogger},
 	Run: func(u *Unit, c *Cluster, ctx context.Context) error {
 		kubeletKubeConfig := KubeConfig{
-			URL:        fmt.Sprintf("https://[%s]:6443", c.masterNode.String()),
+			URL:        fmt.Sprintf("https://[%s]:6443", c.masterNode.VpnIP.String()),
 			CACert:     c.pki.TLS.CertPath(),
 			ClientCert: c.certs.API.CertPath(),
 			ClientKey:  c.certs.API.KeyPath(),