diff --git a/packages/rke2-flannel/generated-changes/overlay/templates/_helpers.tpl b/packages/rke2-flannel/generated-changes/overlay/templates/_helpers.tpl
new file mode 100644
index 00000000..b647c75a
--- /dev/null
+++ b/packages/rke2-flannel/generated-changes/overlay/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/packages/rke2-flannel/generated-changes/patch/templates/config.yaml.patch b/packages/rke2-flannel/generated-changes/patch/templates/config.yaml.patch
new file mode 100644
index 00000000..04c624a9
--- /dev/null
+++ b/packages/rke2-flannel/generated-changes/patch/templates/config.yaml.patch
@@ -0,0 +1,20 @@
+--- charts-original/templates/config.yaml
++++ charts/templates/config.yaml
+@@ -29,13 +29,13 @@
+     }
+   net-conf.json: |
+     {
+-{{- if .Values.podCidr }}
+-      "Network": {{ .Values.podCidr | quote }},
++{{- if .Values.global.clusterCIDRv4 }}
++      "Network": {{ .Values.global.clusterCIDRv4 | quote }},
+ {{- else }}
+       "EnableIPv4": false,
+ {{- end }}
+-{{- if .Values.podCidrv6 }}
+-      "IPv6Network": {{ .Values.podCidrv6 | quote }},
++{{- if .Values.global.clusterCIDRv6 }}
++      "IPv6Network": {{ .Values.global.clusterCIDRv6 | quote }},
+       "EnableIPv6": true,
+ {{- end }}
+       "Backend": {
diff --git a/packages/rke2-flannel/generated-changes/patch/templates/daemonset.yaml.patch b/packages/rke2-flannel/generated-changes/patch/templates/daemonset.yaml.patch
new file mode 100644
index 00000000..b1cbcdce
--- /dev/null
+++ b/packages/rke2-flannel/generated-changes/patch/templates/daemonset.yaml.patch
@@ -0,0 +1,43 @@
+--- charts-original/templates/daemonset.yaml
++++ charts/templates/daemonset.yaml
+@@ -32,19 +32,13 @@
+         effect: NoSchedule
+       serviceAccountName: flannel
+       initContainers:
+-      - name: install-cni-plugin
+-        image: {{ .Values.flannel.image_cni.repository }}:{{ .Values.flannel.image_cni.tag }}
+-        command:
+-        - cp
+-        args:
+-        - -f
+-        - /flannel
+-        - /opt/cni/bin/flannel
++      - name: install-cni-plugins
++        image: {{ template "system_default_registry" . }}{{ .Values.flannel.image_cni.repository }}:{{ .Values.flannel.image_cni.tag }}
+         volumeMounts:
+         - name: cni-plugin
+-          mountPath: /opt/cni/bin
++          mountPath: /host/opt/cni/bin
+       - name: install-cni
+-        image: {{ .Values.flannel.image.repository }}:{{ .Values.flannel.image.tag }}
++        image: {{ template "system_default_registry" . }}{{ .Values.flannel.image.repository }}:{{ .Values.flannel.image.tag }}
+         command:
+         - cp
+         args:
+@@ -58,7 +52,7 @@
+           mountPath: /etc/kube-flannel/
+       containers:
+       - name: kube-flannel
+-        image: {{ .Values.flannel.image.repository }}:{{ .Values.flannel.image.tag }}
++        image: {{ template "system_default_registry" . }}{{ .Values.flannel.image.repository }}:{{ .Values.flannel.image.tag }}
+         command:
+         - "/opt/bin/flanneld"
+         {{- range .Values.flannel.args }}
+@@ -97,6 +91,7 @@
+       - name: cni-plugin
+         hostPath:
+           path: /opt/cni/bin
++          type: DirectoryOrCreate
+       - name: cni
+         hostPath:
+           path: /etc/cni/net.d
diff --git a/packages/rke2-flannel/generated-changes/patch/values.yaml.patch b/packages/rke2-flannel/generated-changes/patch/values.yaml.patch
new file mode 100644
index 00000000..5c8b5c53
--- /dev/null
+++ b/packages/rke2-flannel/generated-changes/patch/values.yaml.patch
@@ -0,0 +1,39 @@
+--- charts-original/values.yaml
++++ charts/values.yaml
+@@ -1,21 +1,13 @@
+ ---
+-global:
+-  imagePullSecrets:
+-# - name: "a-secret-name"
+-
+-# The IPv4 cidr pool to create on startup if none exists. Pod IPs will be
+-# chosen from this range.
+-podCidr: "10.244.0.0/16"
+-podCidrv6: ""
+ 
+ flannel:
+   # kube-flannel image
+   image:
+-    repository: docker.io/flannel/flannel
+-    tag: v0.24.0
++    repository: rancher/hardened-flannel
++    tag: v0.24.0-build20240108
+   image_cni:
+-    repository: docker.io/flannel/flannel-cni-plugin
+-    tag: v1.2.0
++    repository: rancher/hardened-cni-plugins
++    tag: v1.2.0-build20240108
+   # flannel command arguments
+   args:
+   - "--ip-masq"
+@@ -50,3 +42,10 @@
+   #tunnelMode: "separate"
+   # Persistent keep interval to use
+   #keepaliveInterval: 0
++  #
++
++global:
++  systemDefaultRegistry: ""
++  clusterCIDRv4: ""
++  clusterCIDRv6: ""
++
diff --git a/packages/rke2-flannel/package.yaml b/packages/rke2-flannel/package.yaml
new file mode 100644
index 00000000..ab014fac
--- /dev/null
+++ b/packages/rke2-flannel/package.yaml
@@ -0,0 +1,3 @@
+url: https://github.com/flannel-io/flannel.git
+subdirectory: chart/kube-flannel
+commit: v0.24.0