diff --git a/.werf/base_images.yaml b/.werf/base_images.yaml
new file mode 100644
index 00000000..2b7ccb95
--- /dev/null
+++ b/.werf/base_images.yaml
@@ -0,0 +1,9 @@
+---
+# Base Images
+{{- $_ := set . "Images" (.Files.Get "./image_versions.yml" | fromYaml) }}
+{{- range $k, $v := .Images }}
+  {{ $baseImagePath := (printf "%s%s" $.Images.REGISTRY_PATH (trimSuffix "/" $v)) }}
+  {{- if ne $k "REGISTRY_PATH" }}
+    {{- $_ := set $.Images $k $baseImagePath }}
+  {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/.werf/bundle.yaml b/.werf/bundle.yaml
index dbeaadfa..3ca59804 100644
--- a/.werf/bundle.yaml
+++ b/.werf/bundle.yaml
@@ -15,7 +15,11 @@ import:
   to: /lib/python/dist
   after: setup
 git:
+{{- if (env "EMBEDDED_MODULE" "") }}
+- add: /modules/999-csi-ceph
+{{- else }}
 - add: /
+{{- end }}
   to: /
   includePaths:
   - .helmignore
diff --git a/.werf/images.yaml b/.werf/images.yaml
index 47b93856..8789f469 100644
--- a/.werf/images.yaml
+++ b/.werf/images.yaml
@@ -1,7 +1,9 @@
 {{- $ImagesBuildFiles := .Files.Glob "images/*/{Dockerfile,werf.inc.yaml}" }}
 
 {{- range $path, $content := $ImagesBuildFiles  }}
-  {{ $ctx := (dict "ImageName" ($path | split "/")._1) }}
+  {{- $ctx := dict }}
+  {{- $_ := set $ctx "ImageName" (($path | split "/")._1) }}
+  {{- $_ := set $ctx "Images" $.Images }}
 ---
   {{- /* For Dockerfile just render it from the folder. */ -}}
   {{- if not (regexMatch "/werf.inc.yaml$" $path) }}
diff --git a/.werf/python-deps.yaml b/.werf/python-deps.yaml
index 5222800f..22311990 100644
--- a/.werf/python-deps.yaml
+++ b/.werf/python-deps.yaml
@@ -4,7 +4,11 @@ image: python-dependencies
 from: registry.deckhouse.io/base_images/alpine:3.16.3
 fromCacheVersion: 2024-05-26
 git:
+{{- if (env "EMBEDDED_MODULE" "") }}
+  - add: /modules/999-csi-ceph
+{{- else }}
   - add: /
+{{- end }}
     to: /
     includePaths:
       - lib/python
diff --git a/image_versions.yml b/image_versions.yml
new file mode 100644
index 00000000..11a356b7
--- /dev/null
+++ b/image_versions.yml
@@ -0,0 +1,59 @@
+# From https://github.com/deckhouse/deckhouse/blob/main/candi/image_versions.yml
+# REGISTRY_PATH is a special key which is concatenated with other base images
+REGISTRY_PATH: "registry.deckhouse.io/base_images/"
+
+BASE_ALPINE: "alpine:3.16.3@sha256:5548e9172c24a1b0ca9afdd2bf534e265c94b12b36b3e0c0302f5853eaf00abb"
+BASE_GOLANG_16_ALPINE: "golang:1.16.3-alpine3.12@sha256:371dc6bf7e0c7ce112a29341b000c40d840aef1dbb4fdcb3ae5c0597e28f3061"
+BASE_GOLANG_16_BUSTER: "golang:1.16.3-buster@sha256:9d64369fd3c633df71d7465d67d43f63bb31192193e671742fa1c26ebc3a6210"
+BASE_GOLANG_17_ALPINE: "golang:1.17.3-alpine3.14@sha256:78a88e6a712e60f9d942450e02508f3c0d8aa931853f02793a4c3aa30063eae0"
+BASE_GOLANG_17_BUSTER: "golang:1.17.3-buster@sha256:be7aa81b44dc85ddf4008bc5f3d5a5acfca8517620d0c4a393601c8e0495fb05"
+BASE_GOLANG_18_ALPINE: "golang:1.18.5-alpine3.15@sha256:387b102dcb6bd5f5b138cbfd85e8d9ced14f33bbbb7e859610463cc8fa47e8fc"
+BASE_GOLANG_18_BUSTER: "golang:1.18.5-buster@sha256:eb4b3bd59da4604b0ab27d3837e39dacfba4a48cdd289419a3c49993c0eadba4"
+BASE_GOLANG_19_ALPINE: "golang:1.19.3-alpine3.16@sha256:3bca98bef4cee2647c0eb8d2663e3cee596466654612f0d2752655196be18100"
+BASE_GOLANG_19_BUSTER: "golang:1.19.3-buster@sha256:8d8e539a9945447972fc69134117139c3280cafd2cc3bec17acc95d46d688f84"
+BASE_GOLANG_19_BULLSEYE: "golang:1.19.3-bullseye@sha256:3d68e9eabd09f01f5851297902f2756ee2456a2e28b212e553315a3ddfcffe4b"
+BASE_GOLANG_20_ALPINE: "golang:1.20.5-alpine3.18@sha256:51a47fb0851397db2f506c15c426735bc23de31177cbdd962880c0879d1906a4"
+BASE_GOLANG_20_BUSTER: "golang:1.20.5-buster@sha256:30f88a03eb6faea72ed5bb9d24d2b9888c5ad6f5f1f410658f9f8c58c9c328cd"
+BASE_GOLANG_20_BULLSEYE: "golang:1.20.5-bullseye@sha256:f4d105d309640104fa86c85b828746ec123833b8c5a8c6ea099f421ec4a8fd59"
+BASE_GOLANG_21_ALPINE: "golang:1.21.4-alpine3.18@sha256:cf84f3d6882c49ea04b6478ac514a2582c8922d7e5848b43d2918fff8329f6e6"
+BASE_GOLANG_21_BULLSEYE: "golang:1.21.6-bullseye@sha256:a363973b58d4d5a91d6e8f700c847e87c1143459e55464fefca9e6135358af98"
+BASE_GOLANG_22_ALPINE: "golang:1.22.6-alpine@sha256:41ad3e6d91b2e10a15e871672578b11a51c7f2eb126c82e193e38b647da0bbb2"
+BASE_GOLANG_22_BULLSEYE: "golang:1.22.6-bullseye@sha256:260918a3795372a6d33225d361fe5349723be9667de865a23411b50fbcc76c5a"
+BASE_GOLANG_ALPINE: "golang:1.15.3-alpine3.12@sha256:df0119b970c8e5e9f0f5c40f6b55edddf616bab2b911927ebc3b361c469ea29c"
+BASE_GOLANG_BUSTER: "golang:1.15.3-buster@sha256:fb04edf20446eed8af9eb6137d02fdf607f47028a0a806131f8b175a09620aab"
+BASE_JEKYLL: "jekyll/jekyll:3.8@sha256:9521c8aae4739fcbc7137ead19f91841b833d671542f13e91ca40280e88d6e34"
+BASE_NGINX_ALPINE: "nginx:1.23.3-alpine@sha256:a0f9316954518e63ef32fc505cc3ab7cbf25d67c29e865f8e47ab37504309918"
+BASE_NODE_16_ALPINE: "node:16.13.0-alpine3.14@sha256:5277c7d171e02ee76417bb290ef488aa80e4e64572119eec0cb9fffbcffb8f6a"
+BASE_NODE_18_ALPINE: "node:18.19.0-alpine3.18@sha256:cfbd74f4f3a94c64f67e4e27a3770c7faaadf56d2ed02b902910fb7808d6974b"
+BASE_NODE_20_ALPINE: "node:20.11.0-alpine3.18@sha256:bd2eb17dcdc3541d4986bebcfc997a24c499358827899b1029af3601d4c4569d"
+BASE_PYTHON_ALPINE: "python:3.7.16-alpine3.16@sha256:054c898ee5eacb0b3d85bdb603d6229b93619964cc01be5274acdf3e451e5ef8"
+BASE_SCRATCH: "scratch@sha256:b054705fcc9f2205777d80a558d920c0b4209efdc3163c22b5bfcb5dda1db5fc"
+BASE_UBUNTU_BIONIC: "ubuntu:bionic-20220531@sha256:2776b2dc16a72a7dabcbb0b0b70c181922c45e9a08aa740ddc65f53511863e32"
+BASE_UBUNTU: "ubuntu:jammy-20221130@sha256:c14c3b1242536729ce5227ff833144977b4e378723858fb73a4cf40ea6daaf6a"
+BASE_ALT: "alt:p10@sha256:f105773c682498700680d7cd61a702a4315c4235aee3622757591fd510fb8b4a"
+BASE_ALT_P11: "alt:p11@sha256:c396cd7348a48f9236413e2ef5569223c15e554c0a3ca37f9d92fb787d4f1893"
+
+BASE_ALPINE_DEV: "dev-alpine:3.16.3@sha256:c706fa83cc129079e430480369a3f062b8178cac9ec89266ebab753a574aca8e"
+BASE_GOLANG_ALPINE_DEV: "dev-golang:1.15.3-alpine3.12@sha256:40cf8e4b055defe3a47175db978275eb8c8618756ed204a1dc96521f102cf4d7"
+BASE_GOLANG_16_ALPINE_DEV: "dev-golang:1.16.3-alpine3.12@sha256:bb3e595d848f910ce3df920ea6db2dd14d047738429edb909fa418eb35ce6bb0"
+BASE_GOLANG_17_ALPINE_DEV: "dev-golang:1.17.3-alpine3.14@sha256:6fe38ae991cd11d3da54ea9a96d41a962d3625ed7df71b20a80f1c484a0c02dc"
+BASE_GOLANG_18_ALPINE_DEV: "dev-golang:1.18.5-alpine3.15@sha256:7392a898ed5e296b8e4234bad9b62b085778e17d018fb77dffd56e92b2174977"
+BASE_GOLANG_19_ALPINE_DEV: "dev-golang:1.19.3-alpine3.16@sha256:86c74337e2bce796f6cbf5f12487ba50ffd8a65d5669db28faa534dcbdf2d5a0"
+BASE_GOLANG_20_ALPINE_DEV: "dev-golang:1.20.5-alpine3.18@sha256:b948129419476603fd2f161b8dcd323d8dfea72e36be685034fbcee29774d208"
+BASE_GOLANG_21_ALPINE_DEV: "dev-golang:1.21.4-alpine3.18@sha256:cc3f95c4c55c3c9695e8663027bbc20395c39ba8b4512bdf981935a7690ff73b"
+BASE_GOLANG_22_ALPINE_DEV: "dev-golang:1.22.6-alpine@sha256:b0cdd64fc953080fd543848e7cc1a4b866c77358b782868ae19cce1e44e40dd5"
+BASE_ALT_DEV: "dev-alt:p10@sha256:76e6e163fa982f03468166203488b569e6d9fc10855d6a259c662706436cdcad"
+BASE_ALT_DEV_CILIUM: "dev-alt:p10-cilium@sha256:971b16aa3410db3e86cecc1c94dcab5fd8396473d3a7f91361fbee6c196e0a9e"
+
+BASE_GOLANG_19_BULLSEYE_DEV: "dev-golang:1.19.3-bullseye@sha256:190025d38aa56b9042ec4db212e11e8e7737735c9e5f53208d183b972c1fa6a3"
+BASE_GOLANG_20_BULLSEYE_DEV: "dev-golang:1.20.5-bullseye@sha256:8089b9fc5a0d665a2251236178bb79cefec383d22b3e2289f63c3d37add09fe0"
+BASE_GOLANG_21_BULLSEYE_DEV: "dev-golang:1.21.6-bullseye@sha256:48cd9e541f52bb503998344b8e4fefb1165f8d5286de022de09adaa2dfe43d6d"
+BASE_GOLANG_22_BULLSEYE_DEV: "dev-golang:1.22.6-bullseye@sha256:fcad0a1f64f49e2a9a3481a5eaeefe64e6b758c8445bd9bf16712d964b2d2277"
+BASE_UBUNTU_DEV: "dev-ubuntu:jammy-20221130@sha256:ec1ae88b1c734aa20fa54687337c77a807fbc1218254f53b1e9a8fae338759f6"
+
+BASE_GOLANG_BUSTER_DEV: "dev-golang:1.15.3-buster@sha256:b9cf1292234a39bf80b071520a04ef435bfa99eaa3b6b348fba744ee0d8c0644"
+BASE_NGINX_ALPINE_DEV: "dev-nginx:1.23.3-alpine@sha256:68716532bc5205e1e365a061db32f25546b27ee3aed64afbc5c90d3ef6833cfd"
+BASE_NODE_16_ALPINE_DEV: "dev-node:16.13.0-alpine3.14@sha256:7e25b051d5d12996edfb0cef513f8552ac1ec4962b781bc7a14f96a84b29fd75"
+BASE_NODE_18_ALPINE_DEV: "dev-node:18.19.0-alpine3.18@sha256:88cd829080040a72aac875a289f02c432c3a287333e108a42d46ffc0cbbc4b50"
+BASE_NODE_20_ALPINE_DEV: "dev-node:20.11.0-alpine3.18@sha256:ae94035d5be9d8dc2a75adcb890d75bc01646030052f7afb63ce72f8f87785a0"
+BASE_PYTHON_ALPINE_DEV: "dev-python:3.7.16-alpine3.16@sha256:710758af945c3663465b3f54308c0188afdc3c12d042780f4f4916cbde132908"
\ No newline at end of file
diff --git a/images/controller/werf.inc.yaml b/images/controller/werf.inc.yaml
index 0943530b..75cec555 100644
--- a/images/controller/werf.inc.yaml
+++ b/images/controller/werf.inc.yaml
@@ -1,13 +1,14 @@
-{{- $_ := set . "BASE_GOLANG" "registry.deckhouse.io/base_images/golang:1.22.6-bullseye@sha256:260918a3795372a6d33225d361fe5349723be9667de865a23411b50fbcc76c5a" }}
-{{- $_ := set . "BASE_SCRATCH"    "registry.deckhouse.io/base_images/scratch@sha256:b054705fcc9f2205777d80a558d920c0b4209efdc3163c22b5bfcb5dda1db5fc" }}
-
 ---
 image: {{ $.ImageName }}-golang-artifact
-from: {{ $.BASE_GOLANG }}
+from: {{ $.Images.BASE_GOLANG_22_BULLSEYE }}
 final: false
 
 git:
+{{- if (env "EMBEDDED_MODULE" "") }}
+  - add: /modules/999-csi-nfs/images/{{ $.ImageName }}/src
+{{- else }}
   - add: /images/controller/src
+{{- end }}
     to: /src
     stageDependencies:
       setup:
@@ -24,7 +25,7 @@ shell:
 
 ---
 image: {{ $.ImageName }}
-from: {{ $.BASE_SCRATCH }}
+from: {{ $.Images.BASE_SCRATCH }}
 
 import:
   - image: {{ $.ImageName }}-golang-artifact
diff --git a/images/csi-nfs/werf.inc.yaml b/images/csi-nfs/werf.inc.yaml
index 9827165a..e37e241f 100644
--- a/images/csi-nfs/werf.inc.yaml
+++ b/images/csi-nfs/werf.inc.yaml
@@ -1,34 +1,28 @@
 {{- $version := "4.7.0" }}
-
-{{- $_ := set . "BASE_GOLANG" "registry.deckhouse.io/base_images/golang:1.22.6-bullseye@sha256:260918a3795372a6d33225d361fe5349723be9667de865a23411b50fbcc76c5a" }}
-{{- $_ := set . "BASE_SCRATCH"    "registry.deckhouse.io/base_images/scratch@sha256:b054705fcc9f2205777d80a558d920c0b4209efdc3163c22b5bfcb5dda1db5fc" }}
-{{- $_ := set . "BASE_ALPINE_DEV" "registry.deckhouse.io/base_images/dev-alpine:3.16.3@sha256:c706fa83cc129079e430480369a3f062b8178cac9ec89266ebab753a574aca8e" }}
-{{- $_ := set . "BASE_ALT_DEV"    "registry.deckhouse.io/base_images/dev-alt:p10@sha256:76e6e163fa982f03468166203488b569e6d9fc10855d6a259c662706436cdcad" }}
-
 ---
 image: {{ $.ImageName }}-golang-artifact
-from: {{ $.BASE_GOLANG }}
+from: {{ $.Images.BASE_GOLANG_22_BULLSEYE }}
 final: false
 
 git:
-  - add: /images/{{ $.ImageName }}
-    to: /
+{{- if (env "EMBEDDED_MODULE" "") }}
+  - add: /modules/999-csi-nfs/images/{{ $.ImageName }}/patches
+{{- else }}
+  - add: /images/{{ $.ImageName }}/patches
+{{- end }}
+    to: /patches
     stageDependencies:
       setup:
         - "**/*"
-    includePaths:
-    - patches
-
 mount:
   - fromPath: ~/go-pkg-cache
     to: /go/pkg
 shell:
   install:
-    - export GO_VERSION={{ env "GOLANG_VERSION" }}
     - export GOPROXY={{ env "GOPROXY" }}
     - git clone --depth 1 --branch v{{ $version }} {{ env "SOURCE_REPO" }}/kubernetes-csi/csi-driver-nfs.git /csi-driver-nfs
     - cd /csi-driver-nfs
-    - for patchfile in /patches/*.patch ; do echo -n "Apply ${patchfile} ... "; git apply ${patchfile}; done
+    - git apply /patches/*.patch --verbose
     - cd /csi-driver-nfs/cmd/nfsplugin
     - go mod vendor
     - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags="-s -w" -o /nfsplugin
@@ -38,7 +32,7 @@ shell:
 {{ $csiBinaries := "/bin/mount /bin/umount /sbin/mount.nfs /sbin/mount.nfs4 /sbin/umount.nfs /sbin/umount.nfs4 /bin/tar /bin/gzip /bin/cp" }}
 ---
 image: {{ $.ImageName }}-binaries-artifact
-from: {{ $.BASE_ALT_DEV }}
+from: {{ $.Images.BASE_ALT_DEV }}
 final: false
 
 shell:
@@ -47,7 +41,7 @@ shell:
 
 ---
 image: {{ $.ImageName }}-distroless-artifact
-from: {{ $.BASE_ALPINE_DEV }}
+from: {{ $.Images.BASE_ALPINE_DEV }}
 final: false
 
 shell:
@@ -65,7 +59,7 @@ shell:
 
 ---
 image: {{ $.ImageName }}-distroless
-from: {{ $.BASE_SCRATCH }}
+from: {{ $.Images.BASE_SCRATCH }}
 final: false
 
 import:
diff --git a/images/webhooks/werf.inc.yaml b/images/webhooks/werf.inc.yaml
index a8d03c04..885423c8 100644
--- a/images/webhooks/werf.inc.yaml
+++ b/images/webhooks/werf.inc.yaml
@@ -1,13 +1,14 @@
-{{- $_ := set . "BASE_GOLANG" "registry.deckhouse.io/base_images/golang:1.22.6-bullseye@sha256:260918a3795372a6d33225d361fe5349723be9667de865a23411b50fbcc76c5a" }}
-{{- $_ := set . "BASE_SCRATCH"    "registry.deckhouse.io/base_images/scratch@sha256:b054705fcc9f2205777d80a558d920c0b4209efdc3163c22b5bfcb5dda1db5fc" }}
-
 ---
 image: {{ $.ImageName }}-golang-artifact
-from: {{ $.BASE_GOLANG }}
+from: {{ $.Images.BASE_GOLANG_22_BULLSEYE }}
 final: false
 
 git:
+{{- if (env "EMBEDDED_MODULE" "") }}
+  - add: /modules/999-csi-nfs/images/{{ $.ImageName }}/src
+{{- else }}
   - add: /images/webhooks/src
+{{- end }}
     to: /src
     stageDependencies:
       setup:
@@ -23,7 +24,7 @@ shell:
     - chmod +x /webhooks
 ---
 image: {{ $.ImageName }}
-from: {{ $.BASE_SCRATCH }}
+from: {{ $.Images.BASE_SCRATCH }}
 
 import:
   - image: {{ $.ImageName }}-golang-artifact
diff --git a/werf-giterminism.yaml b/werf-giterminism.yaml
index 81455060..4ee1b699 100644
--- a/werf-giterminism.yaml
+++ b/werf-giterminism.yaml
@@ -1,7 +1,7 @@
 giterminismConfigVersion: 1
 config:
   goTemplateRendering:	# The rules for the Go-template functions to be able to pass build context to the release
-    allowEnvVariables: [ /CI_.+/, MODULES_MODULE_TAG, GOLANG_VERSION, GOPROXY, SOURCE_REPO ]
+    allowEnvVariables: [ /CI_.+/, MODULES_MODULE_TAG, GOLANG_VERSION, GOPROXY, SOURCE_REPO, EMBEDDED_MODULE ]
   stapel:
     mount:
       allowBuildDir: true
diff --git a/werf.yaml b/werf.yaml
index 98b74aec..d2c4faac 100644
--- a/werf.yaml
+++ b/werf.yaml
@@ -1,6 +1,7 @@
 project: csi-nfs
 configVersion: 1
 ---
+{{ tpl (.Files.Get ".werf/base_images.yaml") $ }}
 {{ tpl (.Files.Get ".werf/images.yaml") $ }}
 {{ tpl (.Files.Get ".werf/images-digests.yaml") $ }}
 {{ tpl (.Files.Get ".werf/python-deps.yaml") $ }}