diff --git a/talos.tf b/talos.tf
index 6b01cfd..6ee5d16 100644
--- a/talos.tf
+++ b/talos.tf
@@ -23,11 +23,24 @@ locals {
       #     "!${var.hcloud_private_network.cidr}"
       #   ]
       # }
+      # kubernetes version
+      apiServer = {
+        image = (var.kubernetes_version != "") ? "registry.k8s.io/kube-apiserver:v${var.kubernetes_version}" : null
+      }
+      controllerManager = {
+        image = (var.kubernetes_version != "") ? "registry.k8s.io/kube-controller-manager:v${var.kubernetes_version}" : null
+      }
+      proxy = {
+        image = (var.kubernetes_version != "") ? "registry.k8s.io/kube-proxy:v${var.kubernetes_version}" : null
+      }
+      scheduler = {
+        image = (var.kubernetes_version != "") ? "registry.k8s.io/kube-scheduler:v${var.kubernetes_version}" : null
+      }
     }
   })
   talos_config_patches = yamlencode({
     cluster = {
-      allowSchedulingOnControlPlanes = true # TODO: optional
+      allowSchedulingOnControlPlanes = var.schedule_on_controlplane
       network = {
         cni = {
           name = "none"
@@ -63,7 +76,8 @@ locals {
       ]
     }
     machine = {
-      kubelet = { # TODO: optional kubelet version
+      kubelet = {
+        image = (var.kubernetes_version != "") ? "ghcr.io/siderolabs/kubelet:v${var.kubernetes_version}" : null
         nodeIP = {
           validSubnets = [
             "${var.hcloud_private_network.cidr}"
diff --git a/test.tfvars.sample b/test.tfvars.sample
index 0969294..d0803a2 100644
--- a/test.tfvars.sample
+++ b/test.tfvars.sample
@@ -9,6 +9,10 @@ talos_cluster_name = "talos-test"
 talos_num_cp       = 1
 talos_num_wk       = 3
 
+# optional, if not given talos default version
+#kubernetes_version = "1.29.11"
+
+
 # DNS
 
 # naming of nodes:
diff --git a/variables.tf b/variables.tf
index 3482fd2..7a71bc7 100644
--- a/variables.tf
+++ b/variables.tf
@@ -11,10 +11,18 @@ variable "talos_version" {
   type        = string
   description = "talos image version"
 }
+
 variable "talos_cluster_name" {
   type        = string
   description = "name of the cluster"
 }
+
+variable "kubernetes_version" {
+  type        = string
+  description = "kubernetes image version"
+  default     = ""
+}
+
 variable "subdomain" {
   type        = string
   description = "subdomain"
@@ -47,6 +55,10 @@ variable "hcloud_private_network" {
   }
 }
 
+variable "schedule_on_controlplane" {
+  type    = bool
+  default = false
+}
 
 # cilium
 variable "cilium_operator_replicas" {