diff --git a/README.md b/README.md
index 90d6bc7..d2d69a8 100644
--- a/README.md
+++ b/README.md
@@ -120,7 +120,9 @@ ssh rancher@xxx.xxx.xxx.xxx -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no
 
 ## Automatic upgrade
 
-By default, k3os and its embedded k3s instance get upgraded automatically on each node, thanks to its embedded system upgrade controller. As for the Hetzner CCM and CSI, their container images are set to latest and with an imagePullPolicy of "Always". That means that when the nodes upgrade, these container images will be automatically upgraded too.
+By default, k3os and its embedded k3s instance get upgraded automatically on each node, thanks to its embedded system upgrade controller.
+
+_You can also choose to automatically kustomize the Hetzner CCM and CSI to set their container images to "latest" and with an imagePullPolicy of "Always". That means that when the nodes upgrade, these container images will be automatically upgraded too. For more info on this, see [terraform.tfvars.example](terraform.tfvars.example)._
 
 _If you wish to turn off automatic upgrade on a specific node, you need to take out the label `k3os.io/upgrade=latest`. It can be done with the following command:_
 
diff --git a/hetzner/ccm/patch_latest.yaml b/hetzner/ccm/patch_latest.yaml
new file mode 100644
index 0000000..a631620
--- /dev/null
+++ b/hetzner/ccm/patch_latest.yaml
@@ -0,0 +1,19 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hcloud-cloud-controller-manager
+  namespace: kube-system
+spec:
+  template:
+    spec:
+      containers:
+        - image: hetznercloud/hcloud-cloud-controller-manager:latest
+          imagePullPolicy: Always
+          name: hcloud-cloud-controller-manager
+          command:
+            - "/bin/hcloud-cloud-controller-manager"
+            - "--cloud-provider=hcloud"
+            - "--leader-elect=false"
+            - "--allow-untagged-cloud"
+            - "--allocate-node-cidrs=true"
+            - "--cluster-cidr=10.42.0.0/16"
\ No newline at end of file
diff --git a/hetzner/csi/patch_latest.yaml b/hetzner/csi/patch_latest.yaml
new file mode 100644
index 0000000..743d655
--- /dev/null
+++ b/hetzner/csi/patch_latest.yaml
@@ -0,0 +1,54 @@
+kind: StatefulSet
+apiVersion: apps/v1
+metadata:
+  name: hcloud-csi-controller
+  namespace: kube-system
+spec:
+  template:
+    metadata:
+      labels:
+        app: hcloud-csi-controller
+    spec:
+      containers:
+        - name: csi-attacher
+          image: quay.io/k8scsi/csi-attacher:canary
+          imagePullPolicy: Always
+        - name: csi-resizer
+          image: quay.io/k8scsi/csi-resizer:canary
+          imagePullPolicy: Always
+        - name: csi-provisioner
+          image: quay.io/k8scsi/csi-provisioner:canary
+          imagePullPolicy: Always
+        - name: hcloud-csi-driver
+          image: hetznercloud/hcloud-csi-driver:latest
+          imagePullPolicy: Always
+        - name: liveness-probe
+          image: quay.io/k8scsi/livenessprobe:canary
+          imagePullPolicy: Always
+      volumes:
+        - name: socket-dir
+          emptyDir: {}
+---
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+  name: hcloud-csi-node
+  namespace: kube-system
+  labels:
+    app: hcloud-csi
+spec:
+  selector:
+    matchLabels:
+      app: hcloud-csi
+  template:
+    spec:
+      containers:
+        - name: csi-node-driver-registrar
+          image: quay.io/k8scsi/csi-node-driver-registrar:canary
+          imagePullPolicy: Always
+        - name: hcloud-csi-driver
+          image: hetznercloud/hcloud-csi-driver:latest
+          imagePullPolicy: Always
+        - name: liveness-probe
+          image: quay.io/k8scsi/livenessprobe:canary
+          imagePullPolicy: Always
\ No newline at end of file
diff --git a/main.tf b/main.tf
index 3c9fee7..569f094 100644
--- a/main.tf
+++ b/main.tf
@@ -147,6 +147,7 @@ resource "hcloud_firewall" "k3s" {
 resource "local_file" "hetzner_ccm_config" {
   content = templatefile("${path.module}/templates/hetzner_ccm.yaml.tpl", {
     ccm_version = var.hetzner_ccm_version != null ? var.hetzner_ccm_version : data.github_release.hetzner_ccm.release_tag
+    patch_name  = var.hetzner_ccm_container_latest ? "patch_latest" : "patch"
   })
   filename             = "${path.module}/hetzner/ccm/kustomization.yaml"
   file_permission      = "0644"
@@ -156,6 +157,7 @@ resource "local_file" "hetzner_ccm_config" {
 resource "local_file" "hetzner_csi_config" {
   content = templatefile("${path.module}/templates/hetzner_csi.yaml.tpl", {
     csi_version = var.hetzner_csi_version != null ? var.hetzner_csi_version : data.github_release.hetzner_csi.release_tag
+    patch_name  = var.hetzner_csi_container_latest ? "patch_latest" : ""
   })
   filename             = "${path.module}/hetzner/csi/kustomization.yaml"
   file_permission      = "0644"
diff --git a/templates/hetzner_ccm.yaml.tpl b/templates/hetzner_ccm.yaml.tpl
index af54617..0d3167c 100644
--- a/templates/hetzner_ccm.yaml.tpl
+++ b/templates/hetzner_ccm.yaml.tpl
@@ -5,4 +5,4 @@ resources:
 - "https://github.com/hetznercloud/hcloud-cloud-controller-manager/releases/download/${ccm_version}/ccm-networks.yaml"
 
 patchesStrategicMerge:
-- patch.yaml
+- ${patch_name}.yaml
\ No newline at end of file
diff --git a/templates/hetzner_csi.yaml.tpl b/templates/hetzner_csi.yaml.tpl
index 5b0d45d..5f19a2a 100644
--- a/templates/hetzner_csi.yaml.tpl
+++ b/templates/hetzner_csi.yaml.tpl
@@ -3,3 +3,8 @@ kind: Kustomization
 
 resources:
 - "https://raw.githubusercontent.com/hetznercloud/csi-driver/${csi_version}/deploy/kubernetes/hcloud-csi.yml"
+
+%{ if patch_name != "" }
+patchesStrategicMerge:
+- ${patch_name}.yaml
+%{ endif }
\ No newline at end of file
diff --git a/terraform.tfvars.example b/terraform.tfvars.example
index c7d46e9..f1b64c7 100644
--- a/terraform.tfvars.example
+++ b/terraform.tfvars.example
@@ -15,4 +15,11 @@ agents_num                = 2
 
 # If you want to use a specific Hetzner CCM and CSI version, set them below, otherwise leave as is for the latest versions
 # hetzner_ccm_version = ""
-# hetzner_csi_version = ""
\ No newline at end of file
+# hetzner_csi_version = ""
+
+# If you want to kustomize the Hetzner CCM and CSI containers with the "latest" or "canary" tags and imagePullPolicy Always, 
+# to have them automatically update when the node themselve get updated via the rancher system upgrade controller, the default is "false".
+# If you choose to keep the default of "false", you can always use ArgoCD to monitor the CSI and CCM manifest for new releases,
+# that is probably the more "vanilla" option to keep these components always updated. 
+# hetzner_ccm_container_latest = true
+# hetzner_csi_container_latest = true
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index 42f00a0..cdf2521 100644
--- a/variables.tf
+++ b/variables.tf
@@ -55,3 +55,15 @@ variable "hetzner_csi_version" {
   default     = null
   description = "Version of Container Storage Interface driver for Hetzner Cloud"
 }
+
+variable "hetzner_ccm_container_latest" {
+  type        = bool
+  default     = false
+  description = "Whether to kustomize the Hetzner CCM manifest with the latest or canary tags for containers"
+}
+
+variable "hetzner_csi_container_latest" {
+  type        = bool
+  default     = false
+  description = "Whether to kustomize the Hetzner CSI manifest with the latest or canary tags for containers"
+}