diff --git a/k8s/c0/README.md b/k8s/c0/README.md
new file mode 100644
index 0000000..cab3f15
--- /dev/null
+++ b/k8s/c0/README.md
@@ -0,0 +1,25 @@
+## c0.k8s.ooo
+
+Base cluster for managing other clusters.
+
+## Bootstrap Control Plane
+
+* apu1: `kubeadm init --config k8s/c0/kubeadm.yaml  --upload-certs`
+* apu2: `kubeadm join api.c0.k8s.ooo:6443 ...`
+* apu3: `kubeadm join api.c0.k8s.ooo:6443 ...`
+
+Removing taints, self contained cluster:
+
+```
+kubectl taint nodes --all node-role.kubernetes.io/master-
+```
+
+## Bootstrapping networking
+
+```
+mount --make-shared /sys
+mount --make-shared /run
+kubectl apply -f v3-calico/calico.yaml
+kubectl apply -f https://docs.projectcalico.org/manifests/calicoctl.yaml
+alias calicoctl="kubectl exec -i -n kube-system calicoctl -- /calicoctl"
+```
diff --git a/k8s/c0/calico-bgp.yaml b/k8s/c0/calico-bgp.yaml
new file mode 100644
index 0000000..1637469
--- /dev/null
+++ b/k8s/c0/calico-bgp.yaml
@@ -0,0 +1,21 @@
+---
+apiVersion: projectcalico.org/v3
+kind: BGPConfiguration
+metadata:
+  name: default
+spec:
+  logSeverityScreen: Info
+  nodeToNodeMeshEnabled: true
+  asNumber: 65534
+  serviceClusterIPs:
+  - cidr: 2a0a:e5c0:13:b1::/108
+  serviceExternalIPs:
+  - cidr: 2a0a:e5c0:13:b1::/108
+---
+apiVersion: projectcalico.org/v3
+kind: BGPPeer
+metadata:
+  name: red-place7
+spec:
+  peerIP: 2a0a:e5c0:13::42
+  asNumber: 213081