diff --git a/deploy_apps/tks-primary-cluster.yaml b/deploy_apps/tks-primary-cluster.yaml
index c9eb20fa..3c876ff4 100644
--- a/deploy_apps/tks-primary-cluster.yaml
+++ b/deploy_apps/tks-primary-cluster.yaml
@@ -264,7 +264,7 @@ spec:
           parameters:
           - name: cluster_id
             value: "{{ workflow.parameters.github_account }}/{{steps.sync-organization-changes.outputs.parameters.changed_primary_id}}"
-        when: "{{steps.sync-organization-changes.outputs.parameters.changed_primary_id}} != NONE"
+        when: "'{{steps.sync-organization-changes.outputs.parameters.changed_primary_id}}' != NONE"
 
   #######################
   # Template Definition #
diff --git a/git-repo/create-cluster-repo.yaml b/git-repo/create-cluster-repo.yaml
index 6563e95c..2170a968 100644
--- a/git-repo/create-cluster-repo.yaml
+++ b/git-repo/create-cluster-repo.yaml
@@ -134,7 +134,7 @@ spec:
 
             yq -i e ".global.clusterEndpointHost=\"$cluster_endpoint_host\"" $CLUSTER_ID/$CLUSTER_ID/tks-cluster/site-values.yaml
             yq -i e ".global.clusterEndpointPort=$cluster_endpoint_port" $CLUSTER_ID/$CLUSTER_ID/tks-cluster/site-values.yaml
-            yq -i e ".global.keycloakIssuerUri=\"$KEYCLOAK_URL\"" $CLUSTER_ID/$CLUSTER_ID/tks-cluster/site-values.yaml
+            yq -i e ".global.keycloakIssuerUri=\"$KEYCLOAK_URL/realms/$CONTRACT_ID\"" $CLUSTER_ID/$CLUSTER_ID/tks-cluster/site-values.yaml
             yq -i e ".global.keycloakClientId=\"$client_id\"" $CLUSTER_ID/$CLUSTER_ID/tks-cluster/site-values.yaml
             ;;
 
diff --git a/git-repo/render-manifests.yaml b/git-repo/render-manifests.yaml
index 7338e661..88b8ed96 100644
--- a/git-repo/render-manifests.yaml
+++ b/git-repo/render-manifests.yaml
@@ -72,7 +72,7 @@ spec:
       - name: https_enabled
     container:
       name: render-manifests-template
-      image: harbor.taco-cat.xyz/tks/decapod-render:v3.3.0
+      image: harbor.taco-cat.xyz/tks/decapod-render:v3.3.4
       command:
       - /bin/bash
       - '-exc'
diff --git a/tks-cluster/manage-internal-communication.yaml b/tks-cluster/manage-internal-communication.yaml
index aec4ce6e..06a5e001 100644
--- a/tks-cluster/manage-internal-communication.yaml
+++ b/tks-cluster/manage-internal-communication.yaml
@@ -64,9 +64,9 @@ spec:
         # Create Security Group
         SG=$(aws ec2 create-security-group --group-name taco-internal --description "Security group for interanl communication among nodes" --vpc-id $VPC  --output text)
         # Set ingress rule
-        # - 2379  for kube-etcd
+        # - 2381  for kube-etcd metrics
         # - 10249 for kube-proxy
-        aws ec2 authorize-security-group-ingress --group-id $SG --protocol tcp --port 2379 --cidr $CIDR
+        aws ec2 authorize-security-group-ingress --group-id $SG --protocol tcp --port 2381 --cidr $CIDR
         aws ec2 authorize-security-group-ingress --group-id $SG --protocol tcp --port 10249 --cidr $CIDR
 
         # Add Security Group to all node in the VPC