diff --git a/masterk8s.yaml b/masterk8s.yaml
new file mode 100644
index 0000000..261202b
--- /dev/null
+++ b/masterk8s.yaml
@@ -0,0 +1,174 @@
+---
+- name: Setup nodo master Kubernetes e genera comando join
+  hosts: master
+  become: yes
+  vars:
+    master_hostname: k8s-m
+    master_ip: 192.168.1.17
+    kube_version: "1.34"
+    calico_manifest: "https://raw.githubusercontent.com/projectcalico/calico/v3.30.3/manifests/calico.yaml"
+    dashboard_manifest: "https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml"
+
+  tasks:
+    - name: Aggiorna sistema operativo
+      dnf:
+        name: "*"
+        state: latest
+        update_cache: yes
+
+    - name: Imposta hostname master
+      hostname:
+        name: "{{ master_hostname }}"
+
+    - name: Aggiunge voce hosts master
+      lineinfile:
+        path: /etc/hosts
+        line: "{{ master_ip }} {{ master_hostname }}"
+
+    - name: Disabilita swap temporaneamente e permanentemente
+      block:
+        - command: swapoff -a
+          args:
+            warn: false
+          changed_when: false
+        - replace:
+            path: /etc/fstab
+            regexp: '(^.* swap .*$)'
+            replace: '#\1'
+
+    - name: Imposta SELinux in permissive (runtime e config)
+      block:
+        - command: setenforce 0
+          args:
+            warn: false
+        - lineinfile:
+            path: /etc/selinux/config
+            regexp: '^SELINUX='
+            line: 'SELINUX=permissive'
+
+    - name: Configura firewall master
+      firewalld:
+        port: "{{ item }}/tcp"
+        permanent: yes
+        state: enabled
+      loop: [6443,2379,2380,10250,10251,10252,10257,10259,179]
+
+    - name: Apre porta UDP firewall master
+      firewalld:
+        port: 4789/udp
+        permanent: yes
+        state: enabled
+
+    - name: Ricarica firewall
+      command: firewall-cmd --reload
+      args:
+        warn: false
+
+    - name: Carica moduli kernel containerd
+      copy:
+        dest: /etc/modules-load.d/containerd.conf
+        content: |
+          overlay
+          br_netfilter
+
+    - name: Carica modulo overlay
+      modprobe:
+        name: overlay
+        state: present
+
+    - name: Carica modulo br_netfilter
+      modprobe:
+        name: br_netfilter
+        state: present
+
+    - name: Configura sysctl per Kubernetes
+      copy:
+        dest: /etc/sysctl.d/k8s.conf
+        content: |
+          net.bridge.bridge-nf-call-iptables = 1
+          net.ipv4.ip_forward = 1
+          net.bridge.bridge-nf-call-ip6tables = 1
+
+    - name: Applica sysctl
+      command: sysctl --system
+      args:
+        warn: false
+
+    - name: Aggiungi repo Docker per containerd
+      get_url:
+        url: https://download.docker.com/linux/centos/docker-ce.repo
+        dest: /etc/yum.repos.d/docker-ce.repo
+
+    - name: Installa containerd
+      dnf:
+        name: containerd.io
+        state: present
+
+    - name: Configura containerd systemd
+      shell: |
+        containerd config default > /etc/containerd/config.toml
+        sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
+
+    - name: Riavvia e abilita containerd
+      systemd:
+        name: containerd
+        state: restarted
+        enabled: yes
+
+    - name: Aggiungi repo Kubernetes
+      copy:
+        dest: /etc/yum.repos.d/kubernetes.repo
+        content: |
+          [kubernetes]
+          name=Kubernetes
+          baseurl=https://pkgs.k8s.io/core:/stable:/v{{ kube_version }}/rpm/
+          enabled=1
+          gpgcheck=1
+          gpgkey=https://pkgs.k8s.io/core:/stable:/v{{ kube_version }}/rpm/repodata/repomd.xml.key
+          exclude=kubelet kubeadm kubectl cri-tools kubernetes-cni
+
+    - name: Installa kubelet kubeadm kubectl
+      dnf:
+        name:
+          - kubelet
+          - kubeadm
+          - kubectl
+        state: present
+        disable_excludes: kubernetes
+
+    - name: Avvia e abilita kubelet
+      systemd:
+        name: kubelet
+        state: started
+        enabled: yes
+
+    - name: Inizializza cluster Kubernetes
+      command: kubeadm init --control-plane-endpoint="{{ master_hostname }}"
+      register: kubeadm_init
+
+    - name: Configura kubectl per utente corrente
+      shell: |
+        mkdir -p $HOME/.kube
+        cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+        chown $(id -u):$(id -g) $HOME/.kube/config
+
+    - name: Installa Calico CNI
+      command: kubectl apply -f {{ calico_manifest }}
+
+    - name: Installa Kubernetes Dashboard
+      command: kubectl apply -f {{ dashboard_manifest }}
+
+    - name: Deploy nginx di test
+      command: kubectl create deployment web-app01 --image nginx --replicas 2
+
+    - name: Espone nginx via NodePort
+      command: kubectl expose deployment web-app01 --type NodePort --port 80
+
+    - name: Crea token per join worker (comando)
+      shell: kubeadm token create --print-join-command
+      register: join_command
+      changed_when: false
+
+    - name: Mostra comando join da usare nei worker
+      debug:
+        msg: "{{ join_command.stdout }}"