diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index e23e4cc..c94cba7 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,122 +1,311 @@
- # Using docker socket on docker runner
-# image: docker:latest
-# variables:
-#   DOCKER_HOST: 127.0.0.1:2375
-#   privileged: 'true'
-# services:
-#   - docker:dind
+variables:
+  K8S_BRANCH: ci-master
+  COREDNS_BRANCH: ci-master
+  PROMETHEUS_BRANCH: ci-master
+  NODE_EXPORTER_BRANCH: ci-master
+  ALERT_MANAGER_BRANCH: ci-master
 
 stages:
-  - docker-build
-  - deploy-cloud
-  - share-cloud
-  - cleanup-cloud
-  - destroy-cloud
-  # - endpoint-auth
-
-provisioning:
-  stage: docker-build
-  except:
-    - triggers
+  - cncf-artifacts
+  - cross-cloud
+  - cross-project
+  - cncf-e2e
+
+before_script:
+  - export BASE_URL=${BASE_URL:-$(echo $CI_PROJECT_URL |  cut -d'/' -f1-3)}
+  - export KUBECONFIG=$(pwd)/data/${CI_ENVIRONMENT_SLUG}/kubeconfig
+  - mkdir -p ./data ; touch ./data/empty.env
+  - for envfile in data/*env ; do source $envfile ; echo ----- $envfile ---- ; cat $envfile ; done
+
+kubernetes:
+  image: ${CI_REGISTRY}/cncf/cross-cloud/provisioning:$CI_COMMIT_REF_SLUG
+  stage: cncf-artifacts
   script:
-    - docker login -u "gitlab-ci-token" -p "$CI_JOB_TOKEN" $CI_REGISTRY
-    - docker build --pull -t "$CI_REGISTRY_IMAGE/$CI_JOB_NAME:$CI_COMMIT_REF_SLUG" .
-    - docker push "$CI_REGISTRY_IMAGE/$CI_JOB_NAME:$CI_COMMIT_REF_SLUG"
-
-deploy_cloud:
-  image: ${CI_REGISTRY_IMAGE}/provisioning:$CI_COMMIT_REF_SLUG
-  stage: deploy-cloud
-  only:
-    - triggers
-  environment:
-    name: ${PROJECT}-${CLOUD}
-    url: https://$CI_ENVIRONMENT_SLUG.cncf.ci/
-    on_stop: destroy_cloud
+    - KUBERNETES_RELEASE_VARS=$(curl -s -L
+        "$BASE_URL/kubernetes/kubernetes/builds/artifacts/${K8S_BRANCH}/file/release.env?job=build"
+        |  sed -n 's/.*href="\([^"]*\).*/\1/p' | grep artifacts/raw | tail -1)
+    - mkdir -p data
+    - curl -s -o data/kubernetes.env -L ${BASE_URL}/$KUBERNETES_RELEASE_VARS
+    - cat data/kubernetes.env
   artifacts:
     when: always
     expire_in: 4 weeks
-    name: "${CI_ENVIRONMENT_SLUG}"
     paths:
-    - ./data/
+      - ./data/
+
+coredns:
+  image: ${CI_REGISTRY}/cncf/cross-cloud/provisioning:$CI_COMMIT_REF_SLUG
+  stage: cncf-artifacts
   script:
-    - ./provision.sh ${CLOUD}-deploy ${CI_ENVIRONMENT_SLUG}
-    - export KUBECONFIG=$(pwd)/data/${CI_ENVIRONMENT_SLUG}/kubeconfig
-    - if [ $CLOUD != gke ] ; then kubectl create -f dns.yaml ; fi
-
-share_cloud:
-  image: ${CI_REGISTRY_IMAGE}/provisioning:$CI_COMMIT_REF_SLUG
-  stage: share-cloud
-  only:
-    - triggers
-  environment:
-    name: ${PROJECT}-${CLOUD}
-    url: https://$CI_ENVIRONMENT_SLUG.cncf.ci/
-    on_stop: destroy_cloud
+    - COREDNS_RELEASE_ENV=$(curl -s -L
+        "$BASE_URL/coredns/coredns/builds/artifacts/${COREDNS_BRANCH}/file/release.env?job=release"
+        |  sed -n 's/.*href="\([^"]*\).*/\1/p' | grep artifacts/raw | tail -1)
+    - mkdir -p data
+    - curl -s -o data/coredns.env -L ${BASE_URL}/$COREDNS_RELEASE_ENV
+    - cat data/coredns.env
   artifacts:
     when: always
     expire_in: 4 weeks
-    name: "${CI_ENVIRONMENT_SLUG}"
     paths:
-    - ./data/
+      - ./data/
+
+prometheus:
+  image: ${CI_REGISTRY}/cncf/cross-cloud/provisioning:$CI_COMMIT_REF_SLUG
+  stage: cncf-artifacts
   script:
-    - export KUBECONFIG=$(pwd)/data/${CI_ENVIRONMENT_SLUG}/kubeconfig
-    - base64 $KUBECONFIG > $(pwd)/data/${CI_ENVIRONMENT_SLUG}/b64.kubeconfig
-    - export KUBECONFIG_B64=$(pwd)/data/${CI_ENVIRONMENT_SLUG}/b64.kubeconfig
-    - curl --request POST
-        --form ref=${CALLBACK_REF}
-        --form token=${CALLBACK_TOKEN}
-        --form "variables[KUBEAUTH]=<$KUBECONFIG_B64"
-        https://gitlab.cncf.ci/api/v4/projects/1/trigger/pipeline
-    # - if [ $CLOUD != gke ] ; then kubectl create -f dns.yaml ; fi
-
-cleanup_fail:
-  image: ${CI_REGISTRY_IMAGE}/provisioning:$CI_COMMIT_REF_SLUG
-  stage: cleanup-cloud
-  only:
-    - triggers
-  when: on_failure
-  environment:
-    name: ${PROJECT}-${CLOUD}
-    url: https://$CI_ENVIRONMENT_SLUG.cncf.ci/
-    action: stop
+    - mkdir -p data
+    - PROMETHEUS_URL="$BASE_URL/prometheus/prometheus/builds/artifacts/${PROMETHEUS_BRANCH}/file/release.env?job=release"
+    - PROMETHEUS_RELEASE_ENV=$(curl -s -L $PROMETHEUS_URL | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep artifacts/raw | tail -1)
+    - curl -s -o data/prom.env -L ${BASE_URL}/$PROMETHEUS_RELEASE_ENV
+    - NODE_EXPORTER_URL="$BASE_URL/prometheus/node_exporter/builds/artifacts/${NODE_EXPORTER_BRANCH}/file/release.env?job=release"
+    - NODE_EXPORTER_RELEASE_ENV=$(curl -s -L $NODE_EXPORTER_URL | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep artifacts/raw | tail -1)
+    - curl -s -o data/node_exporter.env -L ${BASE_URL}/$NODE_EXPORTER_RELEASE_ENV
+    - ALERT_MANAGER_URL="$BASE_URL/prometheus/alertmanager/builds/artifacts/${ALERT_MANAGER_BRANCH}/file/release.env?job=release"
+    - ALERT_MANAGER_RELEASE_ENV=$(curl -s -L $ALERT_MANAGER_URL | sed -n 's/.*href="\([^"]*\).*/\1/p' | grep artifacts/raw | tail -1)
+    - curl -s -o data/alert_manager.env -L ${BASE_URL}/$ALERT_MANAGER_RELEASE_ENV
+    - cat data/prom.env data/node_exporter.env data/alert_manager.env
   artifacts:
     when: always
     expire_in: 4 weeks
-    name: "${CI_ENVIRONMENT_SLUG}"
     paths:
-    - ./data/
+      - ./data/
+
+cross-cloud:
+  stage: cncf-artifacts
   script:
-    - ./provision.sh ${CLOUD}-destroy ${CI_ENVIRONMENT_SLUG}
-    
-destroy_cloud:
-  image: ${CI_REGISTRY_IMAGE}/provisioning:$CI_COMMIT_REF_SLUG
-  stage: destroy-cloud
-  when: manual
-  only:
-    - triggers
+    - docker login -u "gitlab-ci-token" -p "$CI_JOB_TOKEN" $CI_REGISTRY
+    - docker build --pull -t "$CI_REGISTRY_IMAGE/provisioning:$CI_COMMIT_REF_SLUG" .
+    - docker push "$CI_REGISTRY_IMAGE/provisioning:$CI_COMMIT_REF_SLUG"
+
+.k8s_deploy_template: &k8s_deploy_template
+  allow_failure: true
+  image: ${CI_REGISTRY}/cncf/cross-cloud/provisioning:$CI_COMMIT_REF_SLUG
+  stage: cross-cloud
+  variables:
+    CLOUD: MUST BE SET 
   environment:
-    name: ${PROJECT}-${CLOUD}
+    name: ${CLOUD}-${CI_COMMIT_REF_SLUG}
     url: https://$CI_ENVIRONMENT_SLUG.cncf.ci/
-    action: stop
+    on_stop: MUST BE SET
+  script:
+    - /cncf/provision.sh ${CLOUD}-deploy ${CI_ENVIRONMENT_SLUG}
+    - helm init ; until [ ! -e $(
+        kubectl get pods --namespace=kube-system -l app=helm -l name=tiller
+        -o jsonpath='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}'
+        | grep "Ready=True") ] ;
+        do echo 'tiller not up yet' ;
+        sleep 2 ;
+        done
   artifacts:
     when: always
     expire_in: 4 weeks
-    name: "${CI_ENVIRONMENT_SLUG}"
     paths:
-    - ./data/
+      - ./data/
+
+.k8s_e2e_template: &k8s_e2e_template
+  image: ${CI_REGISTRY}/kubernetes/kubernetes/kubernetes-e2e:ci-v1-6-3.job.4793
+  stage: cncf-e2e
+  # dependencies:
+  #   - k8s_deploy_aws
+  variables:
+    CLOUD: MUST BE SET 
+  environment:
+    name: ${CLOUD}-${CI_COMMIT_REF_SLUG}
+    url: https://$CI_ENVIRONMENT_SLUG.demo.cncf.ci/
+  script:
+  - /kubernetes/e2e/run-conformance.sh
+
+.k8s_cloud_destroy_template: &k8s_cloud_destroy_template
+  allow_failure: true
+  image: ${CI_REGISTRY}/cncf/cross-cloud/provisioning:$CI_COMMIT_REF_SLUG
+  stage: cross-cloud
+  when: manual
+  variables:
+    CLOUD:  MUST BE SET
+  environment:
+    name: ${CLOUD}-${CI_COMMIT_REF_SLUG}
+    url: https://$CI_ENVIRONMENT_SLUG.demo.cncf.ci/
+    action: stop
+  script:
+    - /cncf/provision.sh ${CLOUD}-destroy ${CI_ENVIRONMENT_SLUG}
+
+.coredns_deploy_template: &coredns_deploy_template
+  allow_failure: true
+  image: ${CI_REGISTRY}/cncf/cross-cloud/provisioning:$CI_COMMIT_REF_SLUG
+  stage: cross-project
+  # when: manual
+  variables:
+    CLOUD: MUST BE SET
+  environment:
+    name: ${CLOUD}-${CI_COMMIT_REF_SLUG}
+    url: https://$CI_ENVIRONMENT_SLUG.demo.cncf.ci/
+  script:
+    - cat ./data/coredns.env
+    - env | grep COREDNS
+    - kubectl get nodes
+    - kubectl get pods
+    - kubectl get componentstatuses
+    - helm init
+    - echo Removing any previous deploys of coredns
+    - helm get coredns > /dev/null && helm delete --purge coredns
+    - COREDNS_INSTALL="helm install --name coredns
+        --set image.repository=${COREDNS_IMAGE}
+        --set image.tag=${COREDNS_TAG}
+        --set middleware.kubernetes.clusterCidr=10.0.0.0/24
+        --set middleware.kubernetes.clusterIP=10.0.0.10
+        stable/coredns"
+    - echo $COREDNS_INSTALL ; $COREDNS_INSTALL
+    - DEPLOYED_COREDNS_IMAGE=$(kubectl get pods -l k8s-app=coredns -o jsonpath="{.items[0].spec.containers[0].image}")
+    - echo Deployed CoreDNS Image - $DEPLOYED_COREDNS_IMAGE
+    - kubectl get svc -l k8s-app=coredns
+    - kubectl get pods -l k8s-app=coredns
+
+.coredns_e2e_template: &coredns_e2e_template
+  image: ${CI_REGISTRY}/coredns/coredns/coredns-e2e:ci-v007.job.4744
+  stage: cncf-e2e
+  # dependencies:
+  #   - coredns_deploy_aws
+  variables:
+    CLOUD: MUST BE SET
+  environment:
+    name: ${CLOUD}-${CI_COMMIT_REF_SLUG}
+    url: https://$CI_ENVIRONMENT_SLUG.demo.cncf.ci/
+  script:
+  - kubectl proxy --port 8080 &
+  - kubectl create -f /coredns/e2e/test.yml || kubectl replace -f /coredns/e2e/test.yml
+  - cd /go/src/github.com/coredns/coredns/test
+  - go test -v -tags k8s
+
+.prometheus_deploy_template: &prometheus_deploy_template
+  allow_failure: true
+  image: ${CI_REGISTRY}/cncf/cross-cloud/provisioning:$CI_COMMIT_REF_SLUG
+  stage: cross-project
+  # when: manual
+  variables:
+    CLOUD:  must be set
+  environment:
+    name: ${CLOUD}-${CI_COMMIT_REF_SLUG}
+    url: https://$CI_ENVIRONMENT_SLUG.demo.cncf.ci/
   script:
-    - ./provision.sh ${CLOUD}-destroy ${CI_ENVIRONMENT_SLUG}
-    
-# k8s_endpoint:
-#   stage: endpoint-auth
-#   artifacts:
-#     when: always
-#     expire_in: 4 weeks
-#     name: "${CI_ENVIRONMENT_SLUG}"
-#     paths:
-#     - ./data/
-#   script:
-#     - docker login -u "gitlab-ci-token" -p "$CI_JOB_TOKEN" $CI_REGISTRY
-#     - docker build --pull -t "$CI_REGISTRY_IMAGE/$CI_JOB_NAME:$CI_COMMIT_REF_SLUG" -f Dockerfile-auth .
-#     - docker push "$CI_REGISTRY_IMAGE/$CI_JOB_NAME:$CI_COMMIT_REF_SLUG"
+    - find ./data/
+    - ls -la $(pwd)/data/${CI_ENVIRONMENT_SLUG}/
+    - kubectl get nodes
+    - kubectl get pods
+    - kubectl get componentstatuses
+    - helm init
+    - echo Removing any previous deploys of prometheus
+    - helm get prometheus > /dev/null && helm delete --purge prometheus
+    - PROMETHEUS_INSTALL="helm install --name prometheus
+        --set server.image.repository=$PROMETHEUS_IMAGE
+        --set server.image.tag=$PROMETHEUS_TAG
+        --set server.persistentVolume.enabled=false
+        --set nodeExporter.image.repository=$NODE_EXPORTER_IMAGE
+        --set nodeExporter.image.tag=$NODE_EXPORTER_TAG
+        --set alertManager.image.repository=$ALERT_MANAGER_IMAGE
+        --set alertManager.image.tag=$ALERT_MANAGER_TAG
+        --set alertManager.persistentVolume.enabled=false
+        stable/prometheus"
+    - echo $PROMETHEUS_INSTALL ; $PROMETHEUS_INSTALL
+    - DEPLOYED_PROMETHEUS_IMAGE="$(kubectl describe pods -l app=prometheus,component=server  | grep cncf.ci| grep prometheus | awk '{print $2}')"
+    - echo Deployed Prometheus Image - $DEPLOYED_PROMETHEUS_IMAGE
+    - kubectl get svc
+    - kubectl get pods
+
+.prometheus_e2e_template: &prometheus_e2e_template
+  image: ${CI_REGISTRY}/coredns/coredns/coredns-e2e:ci-v007.job.4744
+  stage: cncf-e2e
+  # dependencies:
+  #   - prometheus_deploy_aws
+  variables:
+    CLOUD: MUST BE SET
+  environment:
+    name: ${CLOUD}-${CI_COMMIT_REF_SLUG}
+    url: https://$CI_ENVIRONMENT_SLUG.demo.cncf.ci/
+  script:
+  - echo FIXME && exit 1
+
+aws_k8s_deploy:
+  <<: *k8s_deploy_template
+  variables:
+    CLOUD: aws
+  environment:
+    name: ${CLOUD}-${CI_COMMIT_REF_SLUG}
+    url: https://$CI_ENVIRONMENT_SLUG.cncf.ci/
+    on_stop: aws_k8s_destroy
+
+aws_k8s_e2e:
+  <<: *k8s_e2e_template
+  variables:
+    CLOUD: aws
+
+aws_k8s_destroy:
+  <<: *k8s_cloud_destroy_template
+  variables:
+    CLOUD: aws
+
+aws_coredns_deploy:
+  <<: *coredns_deploy_template
+  variables:
+    CLOUD: aws
+  dependencies:
+    - aws_k8s_deploy
+
+aws_coredns_e2e:
+  <<: *coredns_e2e_template
+  variables:
+    CLOUD: aws
+
+aws_prom_deploy:
+  <<: *prometheus_deploy_template
+  variables:
+    CLOUD: aws
+  dependencies:
+    - aws_k8s_deploy
+
+aws_prom_e2e:
+  <<: *prometheus_e2e_template
+  variables:
+    CLOUD: aws
+
+packet_k8s_deploy:
+  <<: *k8s_deploy_template
+  variables:
+    CLOUD: packet
+  environment:
+    name: ${CLOUD}-${CI_COMMIT_REF_SLUG}
+    url: https://$CI_ENVIRONMENT_SLUG.cncf.ci/
+    on_stop: packet_k8s_destroy
+
+packet_k8s_e2e:
+  <<: *k8s_e2e_template
+  variables:
+    CLOUD: packet
+
+packet_k8s_destroy:
+  <<: *k8s_cloud_destroy_template
+  variables:
+    CLOUD: packet
+
+packet_coredns_deploy:
+  <<: *coredns_deploy_template
+  variables:
+    CLOUD: packet
+  dependencies:
+    - packet_k8s_deploy
+
+packet_coredns_e2e:
+  <<: *coredns_e2e_template
+  variables:
+    CLOUD: packet
+
+packet_prom_deploy:
+  <<: *prometheus_deploy_template
+  variables:
+    CLOUD: packet
+  dependencies:
+    - packet_k8s_deploy
 
+packet_prom_e2e:
+  <<: *prometheus_e2e_template
+  variables:
+    CLOUD: packet
diff --git a/Dockerfile b/Dockerfile
index dbcadd3..bd09dfa 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -43,18 +43,28 @@ rm -rf helm-*gz linux-amd64
 RUN wget https://releases.hashicorp.com/terraform/$TERRAFORM_VERSION/terraform_"${TERRAFORM_VERSION}"_linux_$ARC.zip
 RUN unzip terraform*.zip -d /usr/bin
 
-# Install CFSSL
-RUN go get -u github.com/cloudflare/cfssl/cmd/cfssl && \
-go get -u github.com/cloudflare/cfssl/cmd/...
+# # Install CFSSL
+# RUN go get -u github.com/cloudflare/cfssl/cmd/cfssl && \
+# go get -u github.com/cloudflare/cfssl/cmd/...
 
-# Install Gzip+base64 Provider
+# Install Gzip+base64 & ETCD Provider
 RUN go get -u github.com/jakexks/terraform-provider-gzip && \
+    go get -u github.com/paperg/terraform-provider-etcdiscovery && \
   echo providers { >> ~/.terraformrc && \
   echo '    gzip = "terraform-provider-gzip"' >> ~/.terraformrc && \
+  echo '    etcdiscovery = "terraform-provider-etcdiscovery"' >> ~/.terraformrc && \
   echo } >> ~/.terraformrc
 
 #Add Terraform Modules
 
+COPY aws/ /cncf/aws/
+COPY azure/ /cncf/azure/
+COPY gce/ /cncf/gce/
+COPY gke/ /cncf/gke/
+COPY packet/ /cncf/packet/
+COPY cross-cloud/ /cncf/cross-cloud/
+COPY kubeconfig/ /cncf/kubeconfig/
+COPY tls/ /cncf/tls/
 COPY provision.sh /cncf/
 RUN chmod +x /cncf/provision.sh
 #ENTRYPOINT ["/cncf/provision.sh"]
diff --git a/aws/input.tf b/aws/input.tf
index 06f48d4..a057f96 100644
--- a/aws/input.tf
+++ b/aws/input.tf
@@ -20,9 +20,9 @@ variable "aws_bastion_vm_size" { default = "t2.nano" }
 # Kubernetes
 variable "cluster_domain" { default = "cluster.local" }
 variable "pod_cidr" { default = "10.2.0.0/16" }
-variable "service_cidr"   { default = "10.3.0.0/24" }
-variable "k8s_service_ip" { default = "10.3.0.1" }
-variable "dns_service_ip" { default = "10.3.0.10" }
+variable "service_cidr"   { default = "10.0.0.0/24" }
+variable "k8s_service_ip" { default = "10.0.0.1" }
+variable "dns_service_ip" { default = "10.0.0.10" }
 variable "master_node_count" { default = "3" }
 variable "worker_node_count" { default = "3" }
 variable "worker_node_min" { default = "3" }
diff --git a/aws/modules.tf b/aws/modules.tf
index cce5046..dff9c93 100644
--- a/aws/modules.tf
+++ b/aws/modules.tf
@@ -149,7 +149,7 @@ module "tls" {
   tls_apiserver_cert_validity_period_hours = 1000
   tls_apiserver_cert_early_renewal_hours = 100
   tls_apiserver_cert_dns_names = "kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,master.${ var.internal_tld },*.ap-southeast-2.elb.amazonaws.com"
-  tls_apiserver_cert_ip_addresses = "127.0.0.1,10.3.0.1"
+  tls_apiserver_cert_ip_addresses = "127.0.0.1,10.0.0.1"
 
   tls_worker_cert_subject_common_name = "k8s-worker"
   tls_worker_cert_validity_period_hours = 1000
diff --git a/gke/gke.tf b/gke/gke.tf
index ab2565c..7688cdb 100644
--- a/gke/gke.tf
+++ b/gke/gke.tf
@@ -1,2 +1,9 @@
 provider "google" {}
 
+terraform {
+  backend "s3" {
+    bucket = "aws"
+    key    = "setme"
+    region = "ap-southeast-2"
+  }
+}
diff --git a/gke/modules.tf b/gke/modules.tf
index bd6639f..5d0d40e 100644
--- a/gke/modules.tf
+++ b/gke/modules.tf
@@ -25,10 +25,10 @@ module "cluster" {
 module "kubeconfig" {
   source = "../kubeconfig"
 
-  ca_pem = "${ var.data_dir }/ca.pem"
-  admin_pem = "${ var.data_dir }/k8s-admin.pem"
-  admin_key_pem = "${ var.data_dir }/k8s-admin-key.pem"
-  fqdn_k8s = "${ module.cluster.fqdn_k8s }"
+  ca = "${base64decode(module.cluster.ca)}"
+  client = "${base64decode(module.cluster.client)}"
+  client_key = "${base64decode(module.cluster.client_key)}"
+  endpoint = "${ module.cluster.endpoint }"
   data_dir = "${ var.data_dir }"
   name = "gke_${ var.project }_${ var.zone }-a_${ var.name }"
 }
diff --git a/gke/modules/cluster/cluster.tf b/gke/modules/cluster/cluster.tf
index f783c81..937e999 100644
--- a/gke/modules/cluster/cluster.tf
+++ b/gke/modules/cluster/cluster.tf
@@ -11,7 +11,7 @@ resource "google_container_cluster" "cncf" {
 
   network            = "${ var.network }"
   subnetwork         = "${ var.subnetwork }"
-  node_version       = "${ var.node_version }"
+  #node_version       = "${ var.node_version }"
 
   master_auth {
     username         = "${ var.master_user }"
diff --git a/gke/modules/cluster/node-pool.tf b/gke/modules/cluster/node-pool.tf
index 1eacac8..8ed7132 100644
--- a/gke/modules/cluster/node-pool.tf
+++ b/gke/modules/cluster/node-pool.tf
@@ -1,7 +1,7 @@
-resource "google_container_node_pool" "cncf" {
-  name               = "${ var.name }"
-  project            = "${ var.project }"
-  zone               = "${ var.zone }"
-  cluster            = "${google_container_cluster.cncf.name}"
-  initial_node_count = "${ var.node_pool_count }"
-}
+#resource "google_container_node_pool" "cncf" {
+#  name               = "${ var.name }"
+#  project            = "${ var.project }"
+#  zone               = "${ var.zone }"
+#  cluster            = "${google_container_cluster.cncf.name}"
+#  initial_node_count = "${ var.node_pool_count }"
+#}
diff --git a/gke/modules/cluster/output.tf b/gke/modules/cluster/output.tf
index bf4a453..0c8a740 100644
--- a/gke/modules/cluster/output.tf
+++ b/gke/modules/cluster/output.tf
@@ -1 +1,4 @@
-output "fqdn_k8s" { value = "${ google_container_cluster.cncf.endpoint }" }
+output "endpoint" { value = "${ google_container_cluster.cncf.endpoint }" }
+output "ca" { value = "${ google_container_cluster.cncf.master_auth.0.cluster_ca_certificate }" }
+output "client" { value = "${ google_container_cluster.cncf.master_auth.0.client_certificate }" }
+output "client_key" { value = "${ google_container_cluster.cncf.master_auth.0.client_key }" }
\ No newline at end of file
diff --git a/gke/output.tf b/gke/output.tf
index 2234222..b2f0234 100644
--- a/gke/output.tf
+++ b/gke/output.tf
@@ -1 +1,2 @@
 output "kubeconfig" { value = "${ module.kubeconfig.kubeconfig }"}
+output "endpoint" { value = "${ module.cluster.endpoint }"}
diff --git a/packet/input.tf b/packet/input.tf
index f30f20c..4fe17c5 100644
--- a/packet/input.tf
+++ b/packet/input.tf
@@ -2,6 +2,7 @@ variable "name" { default = "packet" }
 
 # Set with env TF_VAR_packet_project_id
 variable "packet_project_id" {} # required for now
+variable "packet_api_key" {}
 # https://www.packet.net/locations/
 variable "packet_facility" { default = "sjc1" }
 variable "packet_billing_cycle" { default = "hourly" }
@@ -18,9 +19,9 @@ variable "admin_username" { default = "core"}
 # Kubernetes
 variable "cluster_domain" { default = "cluster.local" }
 variable "pod_cidr" { default = "10.2.0.0/16" }
-variable "service_cidr"   { default = "10.3.0.0/24" }
-variable "k8s_service_ip" { default = "10.3.0.1" }
-variable "dns_service_ip" { default = "10.3.0.10" }
+variable "service_cidr"   { default = "10.0.0.0/24" }
+variable "k8s_service_ip" { default = "10.0.0.1" }
+variable "dns_service_ip" { default = "10.0.0.10" }
 variable "master_node_count" { default = "3" }
 variable "worker_node_count" { default = "3" }
 # Autoscaling not supported by Kuberenetes on Azure yet
diff --git a/packet/modules.tf b/packet/modules.tf
index bb80ac2..7008b02 100644
--- a/packet/modules.tf
+++ b/packet/modules.tf
@@ -20,7 +20,6 @@ module "dns" {
 module "etcd" {
   source                    = "./modules/etcd"
   name                      = "${ var.name }"
-  etcd_discovery            = "${ var.data_dir }/etcd"
   master_node_count         = "${ var.master_node_count }"
   packet_project_id         = "${ var.packet_project_id }"
   packet_facility           = "${ var.packet_facility }"
@@ -39,7 +38,6 @@ module "etcd" {
   etcd_key                  = "${ module.tls.etcd_key }"
   apiserver                 = "${ module.tls.apiserver }"
   apiserver_key             = "${ module.tls.apiserver_key }"
-
   data_dir                  = "${ var.data_dir }"
 }
 
@@ -80,7 +78,7 @@ module "worker" {
   ca = "${ module.tls.ca }"
   worker = "${ module.tls.worker }"
   worker_key = "${ module.tls.worker_key }"
-  etcd_discovery            = "${ var.data_dir }/etcd"
+  etcd_discovery            = "${ module.etcd.etcd_discovery }"
   data_dir                  = "${ var.data_dir }"
 }
 
@@ -124,7 +122,7 @@ module "tls" {
   tls_apiserver_cert_validity_period_hours = 1000
   tls_apiserver_cert_early_renewal_hours = 100
   tls_apiserver_cert_dns_names = "kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster.local,master.${ var.name }.${ var.domain },endpoint.${ var.name }.${ var.domain }"
-  tls_apiserver_cert_ip_addresses = "127.0.0.1,10.3.0.1"
+  tls_apiserver_cert_ip_addresses = "127.0.0.1,10.0.0.1"
 
   tls_worker_cert_subject_common_name = "k8s-worker"
   tls_worker_cert_validity_period_hours = 1000
diff --git a/packet/modules/etcd/discovery.tf b/packet/modules/etcd/discovery.tf
index a321d09..bd4e3a3 100644
--- a/packet/modules/etcd/discovery.tf
+++ b/packet/modules/etcd/discovery.tf
@@ -1,18 +1,10 @@
-#Get Discovery URL
-resource "null_resource" "discovery_gen" {
-
-  provisioner "local-exec" {
-    command = <<EOF
-curl https://discovery.etcd.io/new?size=${ var.master_node_count } > ${ var.etcd_discovery }
-EOF
-  }
+provider "etcdiscovery" {
+}
 
-  provisioner "local-exec" {
-    when = "destroy"
-    on_failure = "continue"
-    command = <<EOF
-rm -rf ${ var.etcd_discovery }
-EOF
-  }
+resource "etcdiscovery_token" "etcd" {
+  size = "${ var.master_node_count }"
+}
 
+output "etcd_discovery" {
+  value = "${ etcdiscovery_token.etcd.id }"
 }
diff --git a/packet/modules/etcd/etcd-cloud-config.tf b/packet/modules/etcd/etcd-cloud-config.tf
index ed59cd6..f581411 100644
--- a/packet/modules/etcd/etcd-cloud-config.tf
+++ b/packet/modules/etcd/etcd-cloud-config.tf
@@ -93,6 +93,6 @@ data "template_file" "etcd_user_data" {
     kube_proxy = "${ gzip_me.kube_proxy.output }"
     kube_scheduler = "${ gzip_me.kube_scheduler.output }"
     kube_controller_manager = "${ gzip_me.kube_controller_manager.output }"
-    etcd_discovery = "${ file(var.etcd_discovery) }"
+    etcd_discovery = "${ etcdiscovery_token.etcd.id }"
   }
 }
diff --git a/packet/modules/etcd/input.tf b/packet/modules/etcd/input.tf
index 524a9e7..415294b 100644
--- a/packet/modules/etcd/input.tf
+++ b/packet/modules/etcd/input.tf
@@ -18,4 +18,3 @@ variable "etcd_key" {}
 variable "apiserver" {}
 variable "apiserver_key" {}
 variable "data_dir" {}
-variable "etcd_discovery" {}
diff --git a/packet/modules/worker/worker-cloud-config.tf b/packet/modules/worker/worker-cloud-config.tf
index 70ffe42..de6cbf5 100644
--- a/packet/modules/worker/worker-cloud-config.tf
+++ b/packet/modules/worker/worker-cloud-config.tf
@@ -39,7 +39,7 @@ data "template_file" "worker_user_data" {
     ca                = "${ gzip_me.ca.output }"
     worker            = "${ gzip_me.worker.output }"
     worker_key        = "${ gzip_me.worker_key.output }"
-    etcd_discovery    = "${file(var.etcd_discovery)}"
+    etcd_discovery    = "${ var.etcd_discovery }"
   }
 }
 
diff --git a/packet/packet.tf b/packet/packet.tf
index 421a20a..20da376 100644
--- a/packet/packet.tf
+++ b/packet/packet.tf
@@ -7,13 +7,15 @@
 #   payment_method = ""
 # }
 
-resource "packet_ssh_key" "cncf" {
-  name     = "${ var.name }"
-  public_key = "${file("${ var.data_dir }/.ssh/id_rsa.pub")}"
-}
-
- # terraform {
-#   backend "local" {
-#     path = "${ var.data_dir}/terraform.tfstate"
-#   }
+# resource "packet_ssh_key" "cncf" {
+#   name     = "${ var.name }"
+#   public_key = "${file("${ var.data_dir }/.ssh/id_rsa.pub")}"
 # }
+
+terraform {
+  backend "s3" {
+    bucket = "aws"
+    key    = "aws"
+    region = "ap-southeast-2"
+  }
+}
diff --git a/packet/ssh-cloud.tf b/packet/ssh-cloud.tf
index a771164..9658f5d 100644
--- a/packet/ssh-cloud.tf
+++ b/packet/ssh-cloud.tf
@@ -16,6 +16,12 @@ EOF
 EOF
   }
 
+  provisioner "local-exec" {
+    command = <<EOF
+    packet admin -k ${ var.packet_api_key } create-sshkey --label ${ var.name } --file ${ var.data_dir}/.ssh/id_rsa.pub
+EOF
+  }
+
 }
 
 resource "null_resource" "dummy_dependency" {
diff --git a/provision.sh b/provision.sh
index 844600d..60eaeab 100755
--- a/provision.sh
+++ b/provision.sh
@@ -12,7 +12,15 @@ NC='\033[0m' # No Color
 
 export TF_VAR_name="$2"
 export TF_VAR_internal_tld=${TF_VAR_name}.cncf.demo
-export TF_VAR_data_dir=${DIR}/data/${TF_VAR_name}
+export TF_VAR_data_dir=$(pwd)/data/${TF_VAR_name}
+export TF_VAR_aws_key_name=${TF_VAR_name}
+export TF_VAR_packet_api_key=${PACKET_AUTH_TOKEN}
+if [ ! -e $KUBERNETES_IMAGE ] ; then
+  export TF_VAR_kubelet_image_url=$KUBERNETES_IMAGE
+fi
+if [ ! -e $KUBERNETES_TAG ] ; then
+  export TF_VAR_kubelet_image_tag=$KUBERNETES_TAG
+fi
 # tfstate, sslcerts, and ssh keys are currently stored in TF_VAR_data_dir
 mkdir -p $TF_VAR_data_dir
 
@@ -21,10 +29,11 @@ if [ "$1" = "aws-deploy" ] ; then
     cd ${DIR}/aws
     terraform init \
               -backend-config 'bucket=aws65972563' \
-              -backend-config "key=${TF_VAR_name}" \
+              -backend-config "key=aws-${TF_VAR_name}" \
               -backend-config 'region=ap-southeast-2'
-
-        time terraform apply ${DIR}/aws
+    # ensure kubeconfig is written to disk on infrastructure refresh
+    terraform taint -module=kubeconfig null_resource.kubeconfig || true
+    time terraform apply ${DIR}/aws
 
     ELB=$(terraform output external_elb)
     export KUBECONFIG=${TF_VAR_data_dir}/kubeconfig
@@ -37,7 +46,7 @@ elif [ "$1" = "aws-destroy" ] ; then
     cd ${DIR}/aws
     terraform init \
               -backend-config 'bucket=aws65972563' \
-              -backend-config "key=${TF_VAR_name}" \
+              -backend-config "key=aws-${TF_VAR_name}" \
               -backend-config 'region=ap-southeast-2'
 
     time terraform destroy -force ${DIR}/aws
@@ -50,58 +59,83 @@ elif [ "$1" = "azure-deploy" ] ; then
               -backend-config 'bucket=aws65972563' \
               -backend-config "key=${TF_VAR_name}" \
               -backend-config 'region=ap-southeast-2'
-    
-        terraform apply -target null_resource.ssl_ssh_cloud_gen ${DIR}/azure && \
+    terraform apply -target null_resource.ssl_ssh_cloud_gen ${DIR}/azure && \
         terraform apply -target module.dns.null_resource.dns_gen ${DIR}/azure && \
-        time terraform apply ${DIR}/azure && \
-        printf "${RED}\n#Commands to Configue Kubectl \n\n" && \
-        printf 'sudo chown -R $(whoami):$(whoami) $(pwd)/data/${name} \n\n' && \
-        printf 'export KUBECONFIG=$(pwd)/data/${name}/kubeconfig \n\n'${NC}
+        time terraform apply ${DIR}/azure
 elif [ "$1" = "azure-destroy" ] ; then
     cd ${DIR}/azure
     terraform init \
               -backend-config 'bucket=aws65972563' \
               -backend-config "key=${TF_VAR_name}" \
               -backend-config 'region=ap-southeast-2'
- 
     terraform destroy -force -target null_resource.ssl_ssh_cloud_gen ${DIR}/azure && \
     terraform destroy -force -target module.dns.null_resource.dns_gen ${DIR}/azure && \
     terraform apply -target null_resource.ssl_ssh_cloud_gen ${DIR}/azure && \
     terraform apply -target module.dns.null_resource.dns_gen ${DIR}/azure && \
-
     time terraform destroy -force ${DIR}/azure || true
-  
 elif [ "$1" = "packet-deploy" ] ; then
-    terraform get ${DIR}/packet && \
-        terraform apply -target module.etcd.null_resource.discovery_gen ${DIR}/packet && \
-        terraform apply -target null_resource.ssl_ssh_gen ${DIR}/packet && \
-        time terraform apply ${DIR}/packet && \
-        printf "${RED}\n#Commands to Configue Kubectl \n\n" && \
-        printf 'sudo chown -R $(whoami):$(whoami) $(pwd)/data/${name} \n\n' && \
-        printf 'export KUBECONFIG=$(pwd)/data/${name}/kubeconfig \n\n'${NC}
+    cd ${DIR}/packet
+    terraform init \
+              -backend-config 'bucket=aws65972563' \
+              -backend-config "key=packet-${TF_VAR_name}" \
+              -backend-config 'region=ap-southeast-2'
+    # ensure kubeconfig is written to disk on infrastructure refresh
+    terraform taint -module=kubeconfig null_resource.kubeconfig || true
+    time terraform apply ${DIR}/packet 
+    
+    ELB=$(terraform output endpoint)
+    export KUBECONFIG=${TF_VAR_data_dir}/kubeconfig
+    echo "❤ Polling for cluster life - this could take a minute or more"
+    _retry "❤ Waiting for DNS to resolve for ${ELB}" ping -c1 "${ELB}"
+    _retry "❤ Curling apiserver external elb" curl --insecure --silent "https://${ELB}"
+    _retry "❤ Trying to connect to cluster with kubectl" kubectl cluster-info
+    kubectl cluster-info
 elif [ "$1" = "packet-destroy" ] ; then
+cd ${DIR}/packet
+    terraform init \
+              -backend-config 'bucket=aws65972563' \
+              -backend-config "key=packet-${TF_VAR_name}" \
+              -backend-config 'region=ap-southeast-2'
     time terraform destroy -force ${DIR}/packet
+    
 elif [ "$1" = "gce-deploy" ] ; then
     terraform get ${DIR}/gce && \
         terraform apply -target module.etcd.null_resource.discovery_gen ${DIR}/gce && \
         terraform apply -target null_resource.ssl_gen ${DIR}/gce && \
-        time terraform apply ${DIR}/gce && \
-        printf "${RED}\n#Commands to Configue Kubectl \n\n" && \
-        printf 'sudo chown -R $(whoami):$(whoami) $(pwd)/data/${name} \n\n' && \
-        printf 'export KUBECONFIG=$(pwd)/data/${name}/kubeconfig \n\n'${NC}
+        time terraform apply ${DIR}/gce 
+        
 elif [ "$1" = "gce-destroy" ] ; then
     time terraform destroy -force ${DIR}/gce
 elif [ "$1" = "gke-deploy" ] ; then
-    terraform get ${DIR}/gke && \
-    terraform apply -target module.vpc ${DIR}/gke && \
-        time terraform apply ${DIR}/gke
+cd ${DIR}/gke
+    terraform init \
+              -backend-config 'bucket=aws65972563' \
+              -backend-config "key=gke-${TF_VAR_name}" \
+              -backend-config 'region=ap-southeast-2'
+    # ensure kubeconfig is written to disk on infrastructure refresh
+    terraform taint -module=kubeconfig null_resource.kubeconfig || true          
+    time terraform apply -target module.vpc ${DIR}/gke && \
+    time terraform apply ${DIR}/gke
+    
+    ELB=$(terraform output endpoint)
+    export KUBECONFIG=${TF_VAR_data_dir}/kubeconfig
+    echo "❤ Polling for cluster life - this could take a minute or more"
+    _retry "❤ Waiting for DNS to resolve for ${ELB}" ping -c1 "${ELB}"
+    _retry "❤ Curling apiserver external elb" curl --insecure --silent "https://${ELB}"
+    _retry "❤ Trying to connect to cluster with kubectl" kubectl cluster-info
+    kubectl cluster-info
 elif [ "$1" = "gke-destroy" ] ; then
-    terraform get ${DIR}/gke && \
+cd ${DIR}/gke
+    terraform init \
+              -backend-config 'bucket=aws65972563' \
+              -backend-config "key=gke-${TF_VAR_name}" \
+              -backend-config 'region=ap-southeast-2'
 
     time terraform destroy -force -target module.cluster.google_container_cluster.cncf ${DIR}/gke || true 
     echo "sleep" && sleep 10 && \
     time terraform destroy -force -target module.vpc.google_compute_network.cncf ${DIR}/gke || true 
     time terraform destroy -force ${DIR}/gke || true 
+    
 elif [ "$1" = "cross-cloud-deploy" ] ; then
     terraform get ${DIR}/cross-cloud && \
         terraform apply -target module.aws.null_resource.ssl_gen ${DIR}/cross-cloud && \