diff --git a/contexts/default/blueprint.yaml b/contexts/default/blueprint.yaml
index 7ceb94c38..8da455bdb 100644
--- a/contexts/default/blueprint.yaml
+++ b/contexts/default/blueprint.yaml
@@ -27,6 +27,16 @@ kustomize:
   - pki-base
   components:
   - public-issuer/selfsigned
+- name: lb-base
+  path: lb/base
+  components:
+  - metallb
+- name: lb-resources
+  path: lb/resources
+  dependsOn:
+  - lb-base
+  components:
+  - metallb/layer2
 - name: ingress-base
   path: ingress/base
   dependsOn:
diff --git a/contexts/default/terraform/cluster/talos.tfvars b/contexts/default/terraform/cluster/talos.tfvars
index 7269cc9df..385911642 100644
--- a/contexts/default/terraform/cluster/talos.tfvars
+++ b/contexts/default/terraform/cluster/talos.tfvars
@@ -61,7 +61,7 @@ controlplanes = [{
 
 // Machine config details for workers
 workers = [{
-  endpoint = "127.0.0.1:50002"
+  endpoint = "127.0.0.1:50001"
   hostname = "worker-1.test"
   node     = "127.0.0.1"
 }]
diff --git a/kustomize/kustomization.yaml b/kustomize/kustomization.yaml
new file mode 100644
index 000000000..e584213cf
--- /dev/null
+++ b/kustomize/kustomization.yaml
@@ -0,0 +1 @@
+resources: []
diff --git a/kustomize/lb/base/kustomization.yaml b/kustomize/lb/base/kustomization.yaml
new file mode 100644
index 000000000..736967b1a
--- /dev/null
+++ b/kustomize/lb/base/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+  - namespace.yaml
diff --git a/kustomize/lb/base/metallb/helm-release.yaml b/kustomize/lb/base/metallb/helm-release.yaml
new file mode 100644
index 000000000..52b207077
--- /dev/null
+++ b/kustomize/lb/base/metallb/helm-release.yaml
@@ -0,0 +1,17 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: metallb
+  namespace: system-lb
+spec:
+  interval: 5m
+  timeout: 5m
+  chart:
+    spec:
+      chart: metallb
+      # renovate: datasource=helm depName=metallb package=metallb helmRepo=https://metallb.github.io/metallb
+      version: 0.14.9
+      sourceRef:
+        kind: HelmRepository
+        name: metallb
+        namespace: system-gitops
diff --git a/kustomize/lb/base/metallb/helm-repository.yaml b/kustomize/lb/base/metallb/helm-repository.yaml
new file mode 100644
index 000000000..d54e56262
--- /dev/null
+++ b/kustomize/lb/base/metallb/helm-repository.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: metallb
+  namespace: system-gitops
+spec:
+  interval: 10m
+  timeout: 3m
+  url: https://metallb.github.io/metallb
diff --git a/kustomize/lb/base/metallb/kustomization.yaml b/kustomize/lb/base/metallb/kustomization.yaml
new file mode 100644
index 000000000..e768af5d7
--- /dev/null
+++ b/kustomize/lb/base/metallb/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - helm-repository.yaml
+  - helm-release.yaml
diff --git a/kustomize/lb/base/namespace.yaml b/kustomize/lb/base/namespace.yaml
new file mode 100644
index 000000000..bd04411d1
--- /dev/null
+++ b/kustomize/lb/base/namespace.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: system-lb
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
diff --git a/kustomize/lb/resources/kustomization.yaml b/kustomize/lb/resources/kustomization.yaml
new file mode 100644
index 000000000..e584213cf
--- /dev/null
+++ b/kustomize/lb/resources/kustomization.yaml
@@ -0,0 +1 @@
+resources: []
diff --git a/kustomize/lb/resources/metallb/layer2/ipaddresspool.yaml b/kustomize/lb/resources/metallb/layer2/ipaddresspool.yaml
new file mode 100644
index 000000000..c99ce24c9
--- /dev/null
+++ b/kustomize/lb/resources/metallb/layer2/ipaddresspool.yaml
@@ -0,0 +1,8 @@
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: metallb-layer2
+  namespace: system-lb
+spec:
+  addresses:
+  - ${LOADBALANCER_IP_RANGE}
diff --git a/kustomize/lb/resources/metallb/layer2/kustomization.yaml b/kustomize/lb/resources/metallb/layer2/kustomization.yaml
new file mode 100644
index 000000000..af77b55b7
--- /dev/null
+++ b/kustomize/lb/resources/metallb/layer2/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - ipaddresspool.yaml
+  - l2advertisement.yaml
diff --git a/kustomize/lb/resources/metallb/layer2/l2advertisement.yaml b/kustomize/lb/resources/metallb/layer2/l2advertisement.yaml
new file mode 100644
index 000000000..efdde446c
--- /dev/null
+++ b/kustomize/lb/resources/metallb/layer2/l2advertisement.yaml
@@ -0,0 +1,8 @@
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: metallb-layer2
+  namespace: system-lb
+spec:
+  ipAddressPools:
+    - metallb-layer2
diff --git a/windsor.yaml b/windsor.yaml
index c8690a594..39e67f296 100644
--- a/windsor.yaml
+++ b/windsor.yaml
@@ -46,6 +46,11 @@ contexts:
         - 8080:30080/tcp
         - 8443:30443/tcp
         - 9292:30292/tcp
+    network:
+      cidr_block: 10.5.0.0/16
+      loadbalancer_ips:
+        start: 10.5.1.1
+        end: 10.5.1.10
     dns:
       enabled: true
       domain: test