diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_nutanixmachines.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_nutanixmachines.yaml
index c4ca53d223..a15b74b966 100644
--- a/config/crd/bases/infrastructure.cluster.x-k8s.io_nutanixmachines.yaml
+++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_nutanixmachines.yaml
@@ -32,10 +32,6 @@ spec:
       jsonPath: .spec.providerID
       name: ProviderID
       type: string
-    - description: Corresponding workload cluster node
-      jsonPath: .status.nodeRef.name
-      name: NodeRef
-      type: string
     name: v1alpha4
     schema:
       openAPIV3Schema:
@@ -309,8 +305,9 @@ spec:
                 description: Will be set in case of failure of Machine instance
                 type: string
               nodeRef:
-                description: NodeRef is a reference to the corresponding workload
-                  cluster Node if it exists.
+                description: 'NodeRef is a reference to the corresponding workload
+                  cluster Node if it exists. Deprecated: Do not use. Will be removed
+                  in a future release.'
                 properties:
                   apiVersion:
                     description: API version of the referent.
@@ -370,10 +367,6 @@ spec:
       jsonPath: .spec.providerID
       name: ProviderID
       type: string
-    - description: Corresponding workload cluster node
-      jsonPath: .status.nodeRef.name
-      name: NodeRef
-      type: string
     name: v1beta1
     schema:
       openAPIV3Schema:
@@ -669,8 +662,9 @@ spec:
                 description: Will be set in case of failure of Machine instance
                 type: string
               nodeRef:
-                description: NodeRef is a reference to the corresponding workload
-                  cluster Node if it exists.
+                description: 'NodeRef is a reference to the corresponding workload
+                  cluster Node if it exists. Deprecated: Do not use. Will be removed
+                  in a future release.'
                 properties:
                   apiVersion:
                     description: API version of the referent.
diff --git a/templates/base/ccm-patch.yaml b/templates/base/ccm-patch.yaml
index 790de17905..28b3d114a9 100644
--- a/templates/base/ccm-patch.yaml
+++ b/templates/base/ccm-patch.yaml
@@ -2,7 +2,6 @@ apiVersion: controlplane.cluster.x-k8s.io/v1beta1
 kind: KubeadmControlPlane
 metadata:
   name: "${CLUSTER_NAME}-kcp"
-  namespace: "${NAMESPACE}"
 spec:
   kubeadmConfigSpec:
     clusterConfiguration:
@@ -25,7 +24,6 @@ apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
 kind: KubeadmConfigTemplate
 metadata:
   name: "${CLUSTER_NAME}-kcfg-0"
-  namespace: "${NAMESPACE}"
 spec:
   template:
     spec:
@@ -40,4 +38,3 @@ metadata:
   labels:
     ccm: "nutanix"
   name: "${CLUSTER_NAME}"
-  namespace: "${NAMESPACE}"
diff --git a/templates/cluster-template-clusterclass.yaml b/templates/cluster-template-clusterclass.yaml
index 6353241c6e..2a2cc8b951 100644
--- a/templates/cluster-template-clusterclass.yaml
+++ b/templates/cluster-template-clusterclass.yaml
@@ -212,7 +212,8 @@ spec:
         initConfiguration:
           nodeRegistration:
             kubeletExtraArgs:
-              eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
+              eviction-hard: nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<15%,memory.available<100Mi,imagefs.inodesFree<10%
+              tls-cipher-suites: ${TLS_CIPHER_SUITES=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}
         postKubeadmCommands:
         - echo export KUBECONFIG=/etc/kubernetes/admin.conf >> /root/.bashrc
         - echo "after kubeadm call" > /var/log/postkubeadm.log
diff --git a/templates/cluster-template-csi.yaml b/templates/cluster-template-csi.yaml
index 36d438cc04..c7af537dfc 100644
--- a/templates/cluster-template-csi.yaml
+++ b/templates/cluster-template-csi.yaml
@@ -223,6 +223,7 @@ data:
 kind: ConfigMap
 metadata:
   name: nutanix-ccm
+  namespace: ${NAMESPACE}
 ---
 apiVersion: v1
 data:
@@ -1557,6 +1558,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: nutanix-ccm-secret
+  namespace: ${NAMESPACE}
 stringData:
   nutanix-ccm-secret.yaml: "apiVersion: v1\nkind: Secret\nmetadata:\n  name: nutanix-creds\n
     \ namespace: kube-system\nstringData:\n  credentials: |\n    [\n      {\n        \"type\":
@@ -1569,6 +1571,7 @@ apiVersion: addons.cluster.x-k8s.io/v1beta1
 kind: ClusterResourceSet
 metadata:
   name: nutanix-ccm-crs
+  namespace: ${NAMESPACE}
 spec:
   clusterSelector:
     matchLabels:
@@ -1846,7 +1849,7 @@ spec:
   prismCentral:
     additionalTrustBundle:
       kind: ConfigMap
-      name: user-ca-bundle
+      name: ${CLUSTER_NAME}-pc-trusted-ca-bundle
     address: ${NUTANIX_ENDPOINT}
     credentialRef:
       kind: Secret
diff --git a/templates/cluster-template.yaml b/templates/cluster-template.yaml
index f5f23bf50c..544cc52968 100644
--- a/templates/cluster-template.yaml
+++ b/templates/cluster-template.yaml
@@ -223,6 +223,7 @@ data:
 kind: ConfigMap
 metadata:
   name: nutanix-ccm
+  namespace: ${NAMESPACE}
 ---
 apiVersion: v1
 kind: Secret
@@ -238,6 +239,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: nutanix-ccm-secret
+  namespace: ${NAMESPACE}
 stringData:
   nutanix-ccm-secret.yaml: "apiVersion: v1\nkind: Secret\nmetadata:\n  name: nutanix-creds\n
     \ namespace: kube-system\nstringData:\n  credentials: |\n    [\n      {\n        \"type\":
@@ -250,6 +252,7 @@ apiVersion: addons.cluster.x-k8s.io/v1beta1
 kind: ClusterResourceSet
 metadata:
   name: nutanix-ccm-crs
+  namespace: ${NAMESPACE}
 spec:
   clusterSelector:
     matchLabels:
@@ -513,7 +516,7 @@ spec:
   prismCentral:
     additionalTrustBundle:
       kind: ConfigMap
-      name: user-ca-bundle
+      name: ${CLUSTER_NAME}-pc-trusted-ca-bundle
     address: ${NUTANIX_ENDPOINT}
     credentialRef:
       kind: Secret
diff --git a/templates/clusterclass/kcpt.yaml b/templates/clusterclass/kcpt.yaml
index 8bbcd06123..a820223c6c 100644
--- a/templates/clusterclass/kcpt.yaml
+++ b/templates/clusterclass/kcpt.yaml
@@ -85,7 +85,8 @@ spec:
               # We have to pin the cgroupDriver to cgroupfs as kubeadm >=1.21 defaults to systemd
               # kind will implement systemd support in: https://github.com/kubernetes-sigs/kind/issues/1726
               #cgroup-driver: cgroupfs
-              eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0%
+              eviction-hard: nodefs.available<10%,nodefs.inodesFree<5%,imagefs.available<15%,memory.available<100Mi,imagefs.inodesFree<10%
+              tls-cipher-suites: "${TLS_CIPHER_SUITES=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}"
         users:
           - name: capiuser
             lockPassword: false