diff --git a/apps/services/cert-manager.yaml b/apps/services/cert-manager.yaml
new file mode 100644
index 0000000..6ed13eb
--- /dev/null
+++ b/apps/services/cert-manager.yaml
@@ -0,0 +1,24 @@
+apiVersion: deployments.plural.sh/v1alpha1
+kind: ServiceDeployment
+metadata:
+  name: cert-manager
+  namespace: infra
+spec:
+  namespace: cert-manager
+  git:
+    folder: helm-values
+    ref: main
+  repositoryRef:
+    kind: GitRepository
+    name: infra
+    namespace: infra
+  helm:
+    version: "v1.x.x"
+    chart: cert-manager
+    url: https://charts.jetstack.io
+    valuesFiles:
+    - certmanager.yaml
+  clusterRef:
+    kind: Cluster
+    name: mgmt
+    namespace: infra
\ No newline at end of file
diff --git a/apps/services/console.yaml b/apps/services/console.yaml
index 98984df..96b5db7 100644
--- a/apps/services/console.yaml
+++ b/apps/services/console.yaml
@@ -15,11 +15,9 @@ spec:
   helm:
     version: "0.x.x"
     chart: console
+    url: https://pluralsh.github.io/console
     valuesFiles:
     - console.yaml
-    repository:
-      namespace: infra
-      name: console
   clusterRef:
     kind: Cluster
     name: mgmt
diff --git a/apps/services/flux.yaml b/apps/services/flux.yaml
new file mode 100644
index 0000000..6dbd5e5
--- /dev/null
+++ b/apps/services/flux.yaml
@@ -0,0 +1,24 @@
+apiVersion: deployments.plural.sh/v1alpha1
+kind: ServiceDeployment
+metadata:
+  name: flux
+  namespace: infra
+spec:
+  namespace: flux
+  git:
+    folder: helm-values
+    ref: main
+  repositoryRef:
+    kind: GitRepository
+    name: infra
+    namespace: infra
+  helm:
+    version: "2.12.2"
+    chart: flux2
+    url: https://fluxcd-community.github.io/helm-charts
+    valuesFiles:
+    - flux.yaml
+  clusterRef:
+    kind: Cluster
+    name: mgmt
+    namespace: infra
\ No newline at end of file
diff --git a/apps/services/runtime.yaml b/apps/services/runtime.yaml
index 49179a3..5fe2314 100644
--- a/apps/services/runtime.yaml
+++ b/apps/services/runtime.yaml
@@ -1,67 +1,9 @@
-
-apiVersion: deployments.plural.sh/v1alpha1
-kind: ServiceDeployment
-metadata:
-  name: cert-manager
-  namespace: infra
-spec:
-  version: 0.0.1
-  namespace: cert-manager
-  git:
-    folder: helm-values
-    ref: main
-  repositoryRef:
-    kind: GitRepository
-    name: infra
-    namespace: infra
-  helm:
-    version: "v1.13.3"
-    chart: cert-manager
-    valuesFiles:
-    - certmanager.yaml
-    repository:
-      namespace: infra
-      name: cert-manager
-  clusterRef:
-    kind: Cluster
-    name: mgmt
-    namespace: infra
----
-apiVersion: deployments.plural.sh/v1alpha1
-kind: ServiceDeployment
-metadata:
-  name: flux
-  namespace: infra
-spec:
-  version: 0.0.1
-  namespace: flux
-  git:
-    folder: helm-values
-    ref: main
-  repositoryRef:
-    kind: GitRepository
-    name: infra
-    namespace: infra
-  helm:
-    version: "2.12.2"
-    chart: flux2
-    valuesFiles:
-    - flux.yaml
-    repository:
-      namespace: infra
-      name: flux
-  clusterRef:
-    kind: Cluster
-    name: mgmt
-    namespace: infra
----
 apiVersion: deployments.plural.sh/v1alpha1
 kind: ServiceDeployment
 metadata:
   name: runtime
   namespace: infra
 spec:
-  version: 0.0.1
   namespace: plural-runtime
   git:
     folder: helm-values
@@ -73,11 +15,9 @@ spec:
   helm:
     version: "0.x.x"
     chart: runtime
+    url: https://pluralsh.github.io/bootstrap
     valuesFiles:
     - runtime.yaml
-    repository:
-      namespace: infra
-      name: runtime
   clusterRef:
     kind: Cluster
     name: mgmt
diff --git a/charts/runtime/values.yaml.tpl b/charts/runtime/values.yaml.tpl
index e53d4d5..5e8989e 100644
--- a/charts/runtime/values.yaml.tpl
+++ b/charts/runtime/values.yaml.tpl
@@ -1,3 +1,4 @@
+{{ if not .Cloud }}
 external-dns:
   extraArgs:
     plural-cluster: {{ .Cluster }}
@@ -19,6 +20,28 @@ pluralToken: {{ .Config.Token }}
 acmeEAB:
   kid: {{ .Acme.KeyId }}
   secret: {{ .Acme.HmacKey }}
+{{ end }}
+
+{{ if .Cloud }}
+
+ownerEmail: {{ .Config.Email }}
+
+
+external-dns:
+  enabled: false
+
+plural-certmanager-webhook:
+  enabled: false
+
+operator:
+  enabled: false
+
+application:
+  enabled: false
+
+plural:
+  enabled: false
+{{ end }}
 
 {{ if eq .Provider "aws" }}
 ingress-nginx:
diff --git a/templates/providers/apps/aws.tf b/templates/providers/apps/aws.tf
index d212168..fc25fdb 100644
--- a/templates/providers/apps/aws.tf
+++ b/templates/providers/apps/aws.tf
@@ -18,7 +18,7 @@ terraform {
     }
     plural = {
       source = "pluralsh/plural"
-      version = ">= 0.2.0"
+      version = ">= 0.2.16"
     }
   }
 }
diff --git a/templates/providers/apps/azure.tf b/templates/providers/apps/azure.tf
index 2aed3d5..d5404f4 100644
--- a/templates/providers/apps/azure.tf
+++ b/templates/providers/apps/azure.tf
@@ -19,7 +19,7 @@ terraform {
     }
     plural = {
       source = "pluralsh/plural"
-      version = ">= 0.2.0"
+      version = ">= 0.2.16"
     }
   }
 }
diff --git a/templates/providers/apps/cloud.tf b/templates/providers/apps/cloud.tf
new file mode 100644
index 0000000..5d831b4
--- /dev/null
+++ b/templates/providers/apps/cloud.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_version = ">= 1.0"
+
+  required_providers {
+    plural = {
+      source = "pluralsh/plural"
+      version = ">= 0.2.16"
+    }
+  }
+}
+
+provider "plural" {
+  use_cli = true
+}
\ No newline at end of file
diff --git a/templates/providers/apps/gcp.tf b/templates/providers/apps/gcp.tf
index af5a8c2..2442c95 100644
--- a/templates/providers/apps/gcp.tf
+++ b/templates/providers/apps/gcp.tf
@@ -14,7 +14,7 @@ terraform {
     }
     plural = {
       source = "pluralsh/plural"
-      version = ">= 0.2.0"
+      version = ">= 0.2.16"
     }
   }
   required_version = ">= 0.13"
diff --git a/templates/providers/bootstrap/aws.tf b/templates/providers/bootstrap/aws.tf
index 359583d..cf5acb2 100644
--- a/templates/providers/bootstrap/aws.tf
+++ b/templates/providers/bootstrap/aws.tf
@@ -28,6 +28,10 @@ terraform {
       source = "hashicorp/local"
       version = "2.5.1"
     }
+    plural = {
+      source = "pluralsh/plural"
+      version = ">= 0.2.16"
+    }
   }
 }
 
@@ -59,4 +63,8 @@ provider "helm" {
     cluster_ca_certificate = base64decode(module.mgmt.cluster.cluster_certificate_authority_data)
     token                  = data.aws_eks_cluster_auth.cluster.token
   }
+}
+
+provider "plural" {
+  use_cli = true # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
 }
\ No newline at end of file
diff --git a/templates/providers/bootstrap/azure.tf b/templates/providers/bootstrap/azure.tf
index 97eaaa4..1f2dad2 100644
--- a/templates/providers/bootstrap/azure.tf
+++ b/templates/providers/bootstrap/azure.tf
@@ -33,6 +33,10 @@ terraform {
       source = "hashicorp/local"
       version = "2.5.1"
     }
+    plural = {
+      source = "pluralsh/plural"
+      version = ">= 0.2.16"
+    }
   }
 }
 
@@ -62,4 +66,8 @@ provider "helm" {
     client_certificate     = base64decode(module.mgmt.cluster.client_certificate)
     client_key             = base64decode(module.mgmt.cluster.client_key)
   }
+}
+
+provider "plural" {
+  use_cli = true # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
 }
\ No newline at end of file
diff --git a/templates/providers/bootstrap/gcp.tf b/templates/providers/bootstrap/gcp.tf
index b5672da..53a567d 100644
--- a/templates/providers/bootstrap/gcp.tf
+++ b/templates/providers/bootstrap/gcp.tf
@@ -24,6 +24,10 @@ terraform {
       source = "hashicorp/local"
       version = "2.5.1"
     }
+    plural = {
+      source = "pluralsh/plural"
+      version = ">= 0.2.16"
+    }
   }
   required_version = ">= 0.13"
 }
@@ -36,4 +40,8 @@ provider "helm" {
     cluster_ca_certificate = base64decode(module.mgmt.cluster.ca_certificate)
     token                  = data.google_client_config.default.access_token
   }
+}
+
+provider "plural" {
+  use_cli = true # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
 }
\ No newline at end of file
diff --git a/templates/providers/bootstrap/linode.tf b/templates/providers/bootstrap/linode.tf
index e55f1ce..7c55b69 100644
--- a/templates/providers/bootstrap/linode.tf
+++ b/templates/providers/bootstrap/linode.tf
@@ -29,6 +29,10 @@ terraform {
       source = "hashicorp/local"
       version = "2.5.1"
     }
+    plural = {
+      source = "pluralsh/plural"
+      version = ">= 0.2.0"
+    }
   }
 }
 
@@ -45,4 +49,8 @@ provider "helm" {
     cluster_ca_certificate = base64decode(module.parsed.cluster.certificate-authority-data)
     token                  = module.parsed.user.token
   }
+}
+
+provider "plural" {
+  use_cli = true # If you want to have a Plural stack manage your console, comment this out and use the `actor` field
 }
\ No newline at end of file
diff --git a/templates/setup/cd.tf b/templates/setup/cd.tf
index c771af1..03c736c 100644
--- a/templates/setup/cd.tf
+++ b/templates/setup/cd.tf
@@ -10,38 +10,15 @@ data "plural_cluster" "mgmt" {
     handle = "mgmt"
 }
 
-// create the kubernetes namespace manually here so it can be used elsewhere w/in terraform w/o race conditions
-resource "kubernetes_namespace" "infra" {
-    metadata {
-      name = "infra"
-    }
-}
-
 resource "plural_git_repository" "infra" {
     url         = local.context.spec.configuration.console.repo_url
     private_key = local.context.spec.configuration.console.private_key
     decrypt     = true
 }
 
-resource "plural_service_deployment" "helm-repositories" {
-    name = "helm-repositories"
-    namespace = kubernetes_namespace.infra.metadata[0].name
-    repository = {
-        id = plural_git_repository.infra.id
-        ref = "main"
-        folder = "apps/repositories"
-    }
-    cluster = {
-        id = data.plural_cluster.mgmt.id
-    }
-    protect = true
-
-    depends_on = [ kubernetes_namespace.infra ]
-}
-
 resource "plural_service_deployment" "apps" {
     name = "apps"
-    namespace = kubernetes_namespace.infra.metadata[0].name
+    namespace = "infra"
     repository = {
         id = plural_git_repository.infra.id
         ref = "main"
@@ -50,11 +27,7 @@ resource "plural_service_deployment" "apps" {
     cluster = {
         id = data.plural_cluster.mgmt.id
     }
-    configuration = {
-        repoUrl  = local.context.spec.configuration.console.repo_url 
-    }
+    
     protect = true
     templated = true
-
-    depends_on = [ kubernetes_namespace.infra ]
 }
\ No newline at end of file
diff --git a/templates/setup/mgmt/aws.tf b/templates/setup/mgmt/aws.tf
new file mode 100644
index 0000000..1b0cc91
--- /dev/null
+++ b/templates/setup/mgmt/aws.tf
@@ -0,0 +1,16 @@
+resource "plural_cluster" "mgmt" {
+    handle = "mgmt"
+    name   = "[[ .CloudCluster ]]"
+    
+    kubeconfig = {
+      host                   = module.mgmt.cluster_endpoint
+      cluster_ca_certificate = base64decode(module.mgmt.cluster_certificate_authority_data)
+      token                  = data.aws_eks_cluster_auth.cluster.token
+    }
+
+    depends_on = [ module.mgmt ]
+}
+
+output "identity" {
+  value = module.mgmt.identity 
+}
\ No newline at end of file
diff --git a/templates/setup/mgmt/azure.tf b/templates/setup/mgmt/azure.tf
new file mode 100644
index 0000000..9536815
--- /dev/null
+++ b/templates/setup/mgmt/azure.tf
@@ -0,0 +1,17 @@
+resource "plural_cluster" "mgmt" {
+    handle = "mgmt"
+    name   = "[[ .CloudCluster ]]"
+    
+    kubeconfig = {
+      host                   = module.mgmt.cluster.cluster_fqdn
+      cluster_ca_certificate = base64decode(module.mgmt.cluster.cluster_ca_certificate)
+      client_certificate     = base64decode(module.mgmt.cluster.client_certificate)
+      client_key             = base64decode(module.mgmt.cluster.client_key)
+    }
+
+    depends_on = [ module.mgmt ]
+}
+
+output "identity" {
+  value = module.mgmt.identity 
+}
\ No newline at end of file
diff --git a/templates/setup/mgmt/gcp.tf b/templates/setup/mgmt/gcp.tf
new file mode 100644
index 0000000..da11041
--- /dev/null
+++ b/templates/setup/mgmt/gcp.tf
@@ -0,0 +1,16 @@
+resource "plural_cluster" "mgmt" {
+    handle = "mgmt"
+    name   = "[[ .CloudCluster ]]"
+    
+    kubeconfig = {
+      host                   = module.mgmt.cluster.endpoint
+      cluster_ca_certificate = base64decode(module.mgmt.cluster.ca_certificate)
+      token                  = data.google_client_config.default.access_token
+    }
+
+    depends_on = [ module.mgmt ]
+}
+
+output "identity" {
+  value = module.mgmt.identity 
+}
\ No newline at end of file
diff --git a/templates/setup/providers/aws.tf b/templates/setup/providers/aws.tf
index f93140f..1dfc146 100644
--- a/templates/setup/providers/aws.tf
+++ b/templates/setup/providers/aws.tf
@@ -1,4 +1,5 @@
 module "mgmt" {
     source        = "./cluster"
     cluster_name  = "{{ .Cluster }}"
+    create_db     = {{ .RequireDB }}
 }
\ No newline at end of file
diff --git a/templates/setup/providers/azure.tf b/templates/setup/providers/azure.tf
index 2f4e877..7eaa10a 100644
--- a/templates/setup/providers/azure.tf
+++ b/templates/setup/providers/azure.tf
@@ -3,4 +3,5 @@ module "mgmt" {
     resource_group_name = "{{ .Project }}"
     cluster_name        = "{{ .Cluster }}"
     location            = "{{ .Region }}"
+    create_db           = {{ .RequireDB }}
 }
\ No newline at end of file
diff --git a/templates/setup/providers/gcp.tf b/templates/setup/providers/gcp.tf
index f2cf561..2daeccf 100644
--- a/templates/setup/providers/gcp.tf
+++ b/templates/setup/providers/gcp.tf
@@ -3,4 +3,5 @@ module "mgmt" {
     project_id    = "{{ .Project }}"
     cluster_name  = "{{ .Cluster }}"
     region        = "{{ .Region }}"
+    create_db     = {{ .RequireDB }}
 }
\ No newline at end of file