diff --git a/init.tf b/init.tf
index 54534f6..707b59e 100644
--- a/init.tf
+++ b/init.tf
@@ -89,9 +89,9 @@ resource "null_resource" "kustomization" {
       , var.cni_plugin == "calico" ? ["https://projectcalico.docs.tigera.io/manifests/calico.yaml"] : []),
       patchesStrategicMerge = concat([
         file("${path.module}/kustomize/kured.yaml"),
-        file("${path.module}/kustomize/ccm.yaml"),
-        file("${path.module}/kustomize/system-upgrade-controller.yaml")
-      ], var.cni_plugin == "calico" ? [file("${path.module}/kustomize/calico.yaml")] : [])
+        file("${path.module}/kustomize/system-upgrade-controller.yaml"),
+        "ccm.yaml"
+      ], var.cni_plugin == "calico" ? ["calico.yaml"] : [])
     })
     destination = "/var/post_install/kustomization.yaml"
   }
@@ -112,6 +112,26 @@ resource "null_resource" "kustomization" {
     destination = "/var/post_install/traefik_config.yaml"
   }
 
+  # Upload the CCM patch config
+  provisioner "file" {
+    content = templatefile(
+      "${path.module}/templates/ccm.yaml.tpl",
+      {
+        cluster_cidr_ipv4 = local.cluster_cidr_ipv4
+      })
+    destination = "/var/post_install/ccm.yaml"
+  }
+
+  # Upload the calico patch config
+  provisioner "file" {
+    content = templatefile(
+      "${path.module}/templates/calico.yaml.tpl",
+      {
+        cluster_cidr_ipv4 = local.cluster_cidr_ipv4
+      })
+    destination = "/var/post_install/calico.yaml"
+  }
+
   # Upload the system upgrade controller plans config
   provisioner "file" {
     content = templatefile(
diff --git a/locals.tf b/locals.tf
index 797f230..849158c 100644
--- a/locals.tf
+++ b/locals.tf
@@ -87,6 +87,9 @@ locals {
   hetzner_metadata_service_ipv4 = "169.254.169.254/32"
   hetzner_cloud_api_ipv4        = "213.239.246.1/32"
 
+  # internal Pod CIDR, used for the controller and currently for calico
+  cluster_cidr_ipv4 = "10.42.0.0/16"
+
   whitelisted_ips = [
     local.network_ipv4_cidr,
     local.hetzner_metadata_service_ipv4,
diff --git a/kustomize/calico.yaml b/templates/calico.yaml.tpl
similarity index 71%
rename from kustomize/calico.yaml
rename to templates/calico.yaml.tpl
index bc3d11f..e2d09b9 100644
--- a/kustomize/calico.yaml
+++ b/templates/calico.yaml.tpl
@@ -14,3 +14,8 @@ spec:
           hostPath:
             type: DirectoryOrCreate
             path: /var/lib/kubelet/volumeplugins/nodeagent~uds
+      containers:
+        - name: calico-node
+          env:
+            - name: CALICO_IPV4POOL_CIDR
+              value: "${cluster_cidr_ipv4}"
diff --git a/kustomize/ccm.yaml b/templates/ccm.yaml.tpl
similarity index 89%
rename from kustomize/ccm.yaml
rename to templates/ccm.yaml.tpl
index 229fa41..18ddb71 100644
--- a/kustomize/ccm.yaml
+++ b/templates/ccm.yaml.tpl
@@ -14,4 +14,4 @@ spec:
             - "--leader-elect=false"
             - "--allow-untagged-cloud"
             - "--allocate-node-cidrs=true"
-            - "--cluster-cidr=10.42.0.0/16"
+            - "--cluster-cidr=${cluster_cidr_ipv4}"