diff --git a/README.md b/README.md
index f7a1601..be5a957 100644
--- a/README.md
+++ b/README.md
@@ -46,7 +46,7 @@ No modules.
 | <a name="input_cluster_secondary_range_name"></a> [cluster\_secondary\_range\_name](#input\_cluster\_secondary\_range\_name) | VPC Secondary range name for pods | `string` | `""` | no |
 | <a name="input_cluster_subnet_id"></a> [cluster\_subnet\_id](#input\_cluster\_subnet\_id) | Subnetwork name for the cluster. | `string` | n/a | yes |
 | <a name="input_control_plane_enabled"></a> [control\_plane\_enabled](#input\_control\_plane\_enabled) | Whether control plane is enabled or not | `bool` | `false` | no |
-| <a name="input_control_plane_pool_config"></a> [control\_plane\_pool\_config](#input\_control\_plane\_pool\_config) | Control plane node pool config | <pre>object({<br/>    disk_size_gb = optional(string, "100")<br/>    disk_type    = optional(string, "pd-balanced")<br/>    machine_type = optional(string, "e2-medium")<br/>    autoscaling = optional(object({<br/>      min_node_count  = optional(number, 1)<br/>      max_node_count  = optional(number, 2)<br/>      location_policy = optional(string, "BALANCED")<br/>    }), {})<br/>    enable_secure_boot            = optional(bool, true)<br/>    enable_integrity_monitoring   = optional(bool, true)<br/>    auto_repair                   = optional(bool, true)<br/>    auto_upgrade                  = optional(bool, true)<br/>    workload_metadata_config_mode = optional(string, "GKE_METADATA")<br/>    service_account               = optional(string, "default")<br/>    labels = optional(map(string), {<br/>      "class.truefoundry.io/component" = "control-plane"<br/>    })<br/>    taints = optional(object(<br/>      {<br/>        key    = optional(string, "class.truefoundry.io/component")<br/>        value  = optional(string, "control-plane")<br/>        effect = optional(string, "NO_SCHEDULE")<br/>      }<br/>    ), {})<br/>    preemptible = optional(bool, false)<br/>    spot        = optional(bool, true)<br/>  })</pre> | `{}` | no |
+| <a name="input_control_plane_pool_config"></a> [control\_plane\_pool\_config](#input\_control\_plane\_pool\_config) | Control plane node pool config | <pre>object({<br/>    disk_size_gb = optional(string, "100")<br/>    disk_type    = optional(string, "pd-balanced")<br/>    machine_type = optional(string, "e2-medium")<br/>    autoscaling = optional(object({<br/>      min_node_count  = optional(number, 1)<br/>      max_node_count  = optional(number, 2)<br/>      location_policy = optional(string, "BALANCED")<br/>    }), {})<br/>    enable_secure_boot            = optional(bool, true)<br/>    enable_integrity_monitoring   = optional(bool, true)<br/>    auto_repair                   = optional(bool, true)<br/>    auto_upgrade                  = optional(bool, true)<br/>    workload_metadata_config_mode = optional(string, "GKE_METADATA")<br/>    service_account               = optional(string, "default")<br/>    labels = optional(map(string), {<br/>      "class.truefoundry.com/component" = "control-plane"<br/>    })<br/>    taints = optional(object(<br/>      {<br/>        key    = optional(string, "class.truefoundry.com/component")<br/>        value  = optional(string, "control-plane")<br/>        effect = optional(string, "NO_SCHEDULE")<br/>      }<br/>    ), {})<br/>    preemptible = optional(bool, false)<br/>    spot        = optional(bool, true)<br/>  })</pre> | `{}` | no |
 | <a name="input_deletion_protection"></a> [deletion\_protection](#input\_deletion\_protection) | Deletion protection enabled/disabled | `bool` | `false` | no |
 | <a name="input_enable_container_image_streaming"></a> [enable\_container\_image\_streaming](#input\_enable\_container\_image\_streaming) | Enable/disable container image streaming | `bool` | `true` | no |
 | <a name="input_kubernetes_version"></a> [kubernetes\_version](#input\_kubernetes\_version) | Version of GKE | `string` | `"1.28"` | no |
diff --git a/gke.tf b/gke.tf
index a7a6324..15f43de 100644
--- a/gke.tf
+++ b/gke.tf
@@ -262,7 +262,7 @@ resource "google_container_node_pool" "control_plane_pool" {
 #  *****************************************/
 resource "google_compute_firewall" "fix_webhooks" {
   # count       = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
-  count       = var.use_existing_cluster && var.shared_vpc ? 0 : 1
+  count       = var.use_existing_cluster || var.shared_vpc ? 0 : 1
   name        = "${var.cluster_name}-webhook"
   description = "Allow Nodes access to Control Plane"
   project     = var.project
diff --git a/variables.tf b/variables.tf
index 026b1e2..92248fe 100644
--- a/variables.tf
+++ b/variables.tf
@@ -176,11 +176,11 @@ variable "control_plane_pool_config" {
     workload_metadata_config_mode = optional(string, "GKE_METADATA")
     service_account               = optional(string, "default")
     labels = optional(map(string), {
-      "class.truefoundry.io/component" = "control-plane"
+      "class.truefoundry.com/component" = "control-plane"
     })
     taints = optional(object(
       {
-        key    = optional(string, "class.truefoundry.io/component")
+        key    = optional(string, "class.truefoundry.com/component")
         value  = optional(string, "control-plane")
         effect = optional(string, "NO_SCHEDULE")
       }