diff --git a/ansible/roles/assets/tasks/containerimages.yml b/ansible/roles/assets/tasks/containerimages.yml
index 4dfbcc9..9c70389 100644
--- a/ansible/roles/assets/tasks/containerimages.yml
+++ b/ansible/roles/assets/tasks/containerimages.yml
@@ -18,18 +18,25 @@
   ansible.builtin.shell:
     cmd: "{{ item.value.helm.parse_logic }}"
     chdir: /opt/metacluster/helm-charts/{{ item.key }}
-  register: containerimages
+  register: chartimages
   when: item.value.helm is defined
   loop: "{{ lookup('ansible.builtin.dict', components) }}"
   loop_control:
     label: "{{ item.key }}"
 
+- debug:
+    var: chartimages
+- debug:
+    var: kubeadmimages
+- debug:
+    var: parsedmanifests
+
 - name: Store container images in dicts
   ansible.builtin.set_fact:
     containerimages_{{ item.source }}: "{{ item.results }}"
   loop:
     - source: charts
-      results: "{{ containerimages | json_query('results[*].stdout_lines') | select() | flatten | list }}"
+      results: "{{ chartimages | json_query('results[*].stdout_lines') | select() | flatten | list }}"
     - source: kubeadm
       results: "{{ kubeadmimages | json_query('results[*].stdout_lines') | select() | flatten | list }}"
     - source: manifests
@@ -37,6 +44,13 @@
   loop_control:
     label: "{{ item.source }}"
 
+- debug:
+    var: containerimages_charts
+- debug:
+    var: containerimages_kubeadm
+- debug:
+    var: containerimages_manifests
+
 - name: Pull and store containerimages
   ansible.builtin.shell:
     cmd: >-
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/storage.yml b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/storage.yml
index d211c54..45ab68e 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/storage.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/storage.yml
@@ -1,19 +1,26 @@
-- name: Install longhorn chart
-  kubernetes.core.helm:
-    name: longhorn
-    chart_ref: /opt/metacluster/helm-charts/longhorn
-    release_namespace: longhorn-system
-    create_namespace: yes
-    wait: no
-    kubeconfig: "{{ kubeconfig.path }}"
-    values: "{{ components.longhorn.chart_values }}"
+- block:
+    - name: Install longhorn chart
+      kubernetes.core.helm:
+        name: longhorn
+        chart_ref: /opt/metacluster/helm-charts/longhorn
+        release_namespace: longhorn-system
+        create_namespace: yes
+        wait: no
+        kubeconfig: "{{ kubeconfig.path }}"
+        values: "{{ components.longhorn.chart_values }}"
 
-- name: Ensure longhorn API availability
-  ansible.builtin.uri:
-    url: https://storage.{{ vapp['metacluster.fqdn'] }}/v1
-    method: GET
-  register: api_readycheck
-  until:
-    - api_readycheck is not failed
-  retries: 5
-  delay: 30
+    - name: Ensure longhorn API availability
+      ansible.builtin.uri:
+        url: https://storage.{{ vapp['metacluster.fqdn'] }}/v1
+        method: GET
+      register: api_readycheck
+      until:
+        - api_readycheck is not failed
+      retries: 5
+      delay: 30
+
+  module_defaults:
+    ansible.builtin.uri:
+      validate_certs: no
+      status_code: [200, 201]
+      body_format: json
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/.note b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/.note
index b8bc971..3a22956 100644
--- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/.note
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/.note
@@ -1,3 +1,6 @@
+    clusterConfiguration:
+      imageRepository: registry.<fqdn>/library
+
     files:
     - [...]
     - encoding: base64
diff --git a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/registry.yml b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/registry.yml
new file mode 100644
index 0000000..162af5d
--- /dev/null
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/registry.yml
@@ -0,0 +1,40 @@
+- block:
+
+  - name: Create dedicated kubeadm project within container registry
+    ansible.builtin.uri:
+      url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/projects
+      method: POST
+      headers:
+        Authorization: "Basic {{ ('admin:' + vapp['metacluster.password']) | b64encode }}"
+      body:
+        project_name: kubeadm
+        public: true
+        storage_limit: 0
+        metadata:
+          enable_content_trust: 'false'
+          enable_content_trust_cosign: 'false'
+          auto_scan: 'true'
+          severity: none
+          prevent_vul: 'false'
+          public: 'true'
+          reuse_sys_cve_allowlist: 'true'
+
+  - name: Lookup kubeadm container images
+    ansible.builtin.set_fact:
+      kubeadm_images: "{{ lookup('ansible.builtin.file', '/opt/metacluster/cluster-api/imagelist').splitlines() }}"
+
+  # - name: Copy all stored rancher container images to dedicated project
+  #   ansible.builtin.uri:
+  #     url: https://registry.{{ vapp['metacluster.fqdn'] }}/api/v2.0/projects/kubeadm/repositories/{{ ( item | regex_findall('([^:/]+)') )[-2] }}/artifacts?from={{ item | replace('/', '%2F') | replace(':', '%3A') }}
+  #     method: POST
+  #     headers:
+  #       Authorization: "Basic {{ ('admin:' + vapp['metacluster.password']) | b64encode }}"
+  #     body:
+  #       from: "{{ item }}"
+  #   loop: "{{ kubeadm_images }}"
+
+  module_defaults:
+    ansible.builtin.uri:
+      validate_certs: no
+      status_code: [200, 201, 409]
+      body_format: json