diff --git a/config/kubernetes.bu b/config/kubernetes.bu
index 93a651a89228fb76c0bbcc8ad9c9f7ecfbe6540b..95428234e5d46818c44695f88c4605e91e1fd051 100644
--- a/config/kubernetes.bu
+++ b/config/kubernetes.bu
@@ -33,42 +33,35 @@ storage:
       contents:
         inline: |-
           export KUBECONFIG=/etc/kubernetes/admin.conf
-    - path: /usr/local/bin/cilium
-      mode: 0755
-      contents:
-        source: https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
-        compression: gzip
 systemd:
   units:
     - name: kubernetes-install.service
       enabled: true
       contents: |
         [Unit]
-        Description=Install Overlay Packages
-        Requires=NetworkManager-wait-online.service
-        Requires=zincati.service
-        After=NetworkManager-wait-online.service
-        After=zincati.service
-        Before=multi-user.target
-
+        Description=Kubernetes Install
+        Wants=network-online.target
+        After=network-online.target
+        # We run before `zincati.service` to avoid conflicting rpm-ostree transactions.
+        Before=zincati.service
+        ConditionPathExists=!/var/lib/%N.stamp
         [Service]
         Type=oneshot
         RemainAfterExit=yes
-        ExecStart=rpm-ostree install kubelet kubeadm kubectl helm cri-o --idempotent --reboot
-
+        ExecStart=/bin/sh -c "curl -L https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz | tar xzf - -C /usr/local/bin/"
+        ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive kubelet kubeadm kubectl helm cri-o
+        ExecStart=/bin/touch /var/lib/%N.stamp
         [Install]
-        RequiredBy=multi-user.target
         WantedBy=multi-user.target
     - name: kubernetes-init.service
-      enabled: true
       contents: |
         [Unit]
         Description=Initialize Kubernetes Cluster
-        Requires=NetworkManager-wait-online.service
-        Requires=kubernetes-install.service
-        After=NetworkManager-wait-online.service
-        After=kubernetes-install.service
-        Before=multi-user.target
+        Wants=network-online.target
+        Wants=kubernetes-install.target
+        After=network-online.target
+        After=kubernetes-install.target
+        ConditionPathExists=!/var/lib/%N.stamp
 
         [Service]
         Type=oneshot
@@ -90,5 +83,6 @@ systemd:
             --set hubble.relay.enabled=true \
             --set hubble.ui.enabled=true \
             --set kubeProxyReplacement=disabled
+        ExecStartPost=/bin/touch /var/lib/%N.stamp
         [Install]
         WantedBy=multi-user.target
\ No newline at end of file
diff --git a/config/kubernetes/repo.conf b/config/kubernetes/repo.conf
index 65eda50b5bf0405c666239ad543d1a9cc7a59c17..9d12c2a2547b6c932aec1bd44580340f1911db8f 100644
--- a/config/kubernetes/repo.conf
+++ b/config/kubernetes/repo.conf
@@ -3,5 +3,5 @@ name=Kubernetes
 baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
 enabled=1
 gpgcheck=1
-repo_gpgcheck=1
-gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+gpgkey=https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+#exclude=kubelet kubeadm kubectl