diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml
index 25cfbb2bd..3a58d0bfd 100644
--- a/.github/workflows/update-dependencies.yml
+++ b/.github/workflows/update-dependencies.yml
@@ -159,6 +159,11 @@ jobs:
             repository: kubernetes-sigs/kustomize
             version_jsonpath: kustomize_version
 
+          - key: openstack-resource-controller
+            path: ./roles/clusterapi/defaults/main.yml
+            repository: k-orc/openstack-resource-controller
+            version_jsonpath: clusterapi_orc_version
+
           - key: velero-cli
             path: ./roles/velero/defaults/main.yml
             repository: vmware-tanzu/velero
diff --git a/roles/clusterapi/defaults/main.yml b/roles/clusterapi/defaults/main.yml
index f2339c99f..306c6e4b6 100644
--- a/roles/clusterapi/defaults/main.yml
+++ b/roles/clusterapi/defaults/main.yml
@@ -7,9 +7,14 @@ clusterapi_core_components: "{{ clusterapi_core_repo }}/releases/download/{{ clu
 
 # The repo, version and manifest URL for the Cluster API OpenStack provider components
 clusterapi_openstack_repo: https://github.com/kubernetes-sigs/cluster-api-provider-openstack
-clusterapi_openstack_version: v0.10.5
+clusterapi_openstack_version: v0.12.3
 clusterapi_openstack_components: "{{ clusterapi_openstack_repo }}/releases/download/{{ clusterapi_openstack_version }}/infrastructure-components.yaml"
 
+# The repo, version and manifest URL for the OpenStack Resource controller
+clusterapi_orc_repo: https://github.com/k-orc/openstack-resource-controller
+clusterapi_orc_version: v2.1.0
+clusterapi_orc_components: "{{ clusterapi_orc_repo }}/releases/download/{{ clusterapi_orc_version }}/install.yaml"
+
 # The diagnostics address for Cluster API components
 clusterapi_diagnostics_address: 0.0.0.0:8443
 clusterapi_insecure_diagnostics: false
@@ -42,17 +47,6 @@ clusterapi_manifests:
 
 # List of patches to apply to the resources in the manifests
 clusterapi_patches:
-  # Remove the caBundle from the CAPO custom resource definitions
-  # It is injected by cert-manager and causes validation issues if set outside of that
-  # The CAPI CRDs do not have the field set in the manifests that are shipped
-  # The caBundle exists on every CRD _except_ openstackfloatingippools
-  - patch: |-
-      - op: remove
-        path: /spec/conversion/webhook/clientConfig/caBundle
-    target:
-      kind: CustomResourceDefinition
-      labelSelector: cluster.x-k8s.io/provider=infrastructure-openstack
-      name: openstack(cluster|machine).*
   # The manifests contain environment variable substitutions for feature gates that we do not need
   - patch: |-
       - op: replace
diff --git a/roles/clusterapi/tasks/main.yml b/roles/clusterapi/tasks/main.yml
index 865af99d4..7d67610be 100644
--- a/roles/clusterapi/tasks/main.yml
+++ b/roles/clusterapi/tasks/main.yml
@@ -37,6 +37,24 @@
     loop_var: watch
     label: "{{ watch.namespace }}/{{ watch.kind }}/{{ watch.name }}"
 
+- name: Install OpenStack Resource Controller
+  block:
+    - name: Install OpenStack Resource Controller resources
+      ansible.builtin.command: >-
+        kubectl apply
+          --server-side
+          -f {{ clusterapi_orc_components }}
+      changed_when: true
+
+  rescue:
+    - name: Install OpenStack Resource Controller resources [forcing conflicts]
+      ansible.builtin.command: >-
+        kubectl apply
+          --server-side
+          --force-conflicts
+          -f {{ clusterapi_orc_components }}
+      changed_when: true
+
 - name: Install Cluster API addon provider
   kubernetes.core.helm:
     chart_ref: "{{ clusterapi_addon_provider_chart_name }}"