diff --git a/ansible/rke2/inventory/group_vars/all.yaml b/ansible/rke2/inventory/group_vars/all.yaml
index e826e42..e704a6f 100644
--- a/ansible/rke2/inventory/group_vars/all.yaml
+++ b/ansible/rke2/inventory/group_vars/all.yaml
@@ -4,7 +4,7 @@ os: "linux"
 system_timezone: "Asia/Singapore"
 
 kube_vip_version: "v0.8.1"
-vip_interface: eth0
+vip_interface: enx207bd2d0439e
 vip: 192.168.50.210
 
 metallb_version: v0.14.5
diff --git a/ansible/rke2/kube-vip b/ansible/rke2/kube-vip
index 83dcbc5..da5b004 100644
--- a/ansible/rke2/kube-vip
+++ b/ansible/rke2/kube-vip
@@ -4,7 +4,7 @@ metadata:
   creationTimestamp: null
   labels:
     app.kubernetes.io/name: kube-vip-ds
-    app.kubernetes.io/version: v0.6.3
+    app.kubernetes.io/version: v0.8.1
   name: kube-vip-ds
   namespace: kube-system
 spec:
@@ -16,7 +16,7 @@ spec:
       creationTimestamp: null
       labels:
         app.kubernetes.io/name: kube-vip-ds
-        app.kubernetes.io/version: v0.6.3
+        app.kubernetes.io/version: v0.8.1
     spec:
       affinity:
         nodeAffinity:
@@ -64,7 +64,7 @@ spec:
           value: $vip
         - name: prometheus_server
           value: :2112
-        image: ghcr.io/kube-vip/kube-vip:v0.6.3
+        image: ghcr.io/kube-vip/kube-vip:v0.8.1
         imagePullPolicy: Always
         name: kube-vip
         resources: {}
diff --git a/ansible/rke2/rbac.yaml b/ansible/rke2/rbac.yaml
new file mode 100644
index 0000000..d6ecc93
--- /dev/null
+++ b/ansible/rke2/rbac.yaml
@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-vip
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  annotations:
+    rbac.authorization.kubernetes.io/autoupdate: "true"
+  name: system:kube-vip-role
+rules:
+  - apiGroups: [""]
+    resources: ["services/status"]
+    verbs: ["update"]
+  - apiGroups: [""]
+    resources: ["services", "endpoints"]
+    verbs: ["list","get","watch", "update"]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["list","get","watch", "update", "patch"]
+  - apiGroups: ["coordination.k8s.io"]
+    resources: ["leases"]
+    verbs: ["list", "get", "watch", "update", "create"]
+  - apiGroups: ["discovery.k8s.io"]
+    resources: ["endpointslices"]
+    verbs: ["list","get","watch", "update"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: system:kube-vip-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:kube-vip-role
+subjects:
+- kind: ServiceAccount
+  name: kube-vip
+  namespace: kube-system
diff --git a/ansible/rke2/rke2.sh b/ansible/rke2/rke2.sh
index 01fa957..ed99ecf 100755
--- a/ansible/rke2/rke2.sh
+++ b/ansible/rke2/rke2.sh
@@ -111,8 +111,6 @@ touch config.yaml
 echo "tls-san:" >> config.yaml 
 echo "  - $vip" >> config.yaml
 echo "  - $master1" >> config.yaml
-echo "  - $master2" >> config.yaml
-echo "  - $master3" >> config.yaml
 echo "write-kubeconfig-mode: 0644" >> config.yaml
 echo "disable:" >> config.yaml
 echo "  - rke2-ingress-nginx" >> config.yaml