diff --git a/inventory/group_vars/k8s-cluster.yml b/inventory/group_vars/k8s-cluster.yml
index 73721d03bae516febb9d3848749f422228d77e6e..dce804ea9626c00dae2729f0898d24997cf66d9e 100644
--- a/inventory/group_vars/k8s-cluster.yml
+++ b/inventory/group_vars/k8s-cluster.yml
@@ -58,9 +58,16 @@ kube_users:
     role: admin
 
 
+
+## It is possible to activate / deactivate selected authentication methods (basic auth, static token auth)
+#kube_oidc_auth: false
+#kube_basic_auth: false
+#kube_token_auth: false
+
+
 ## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
 ## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
-# kube_oidc_auth: false
+
 # kube_oidc_url: https:// ...
 # kube_oidc_client_id: kubernetes
 ## Optional settings for OIDC
@@ -69,7 +76,6 @@ kube_users:
 # kube_oidc_groups_claim: groups
 
 
-
 # Choose network plugin (calico, weave or flannel)
 # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
 kube_network_plugin: calico
diff --git a/roles/kubernetes/master/defaults/main.yml b/roles/kubernetes/master/defaults/main.yml
index 527b168b927cec1602659fe6cd96fd05122ef4fe..f719a11386accf5c45bfdce15d52842fe22052ad 100644
--- a/roles/kubernetes/master/defaults/main.yml
+++ b/roles/kubernetes/master/defaults/main.yml
@@ -31,9 +31,15 @@ kube_apiserver_memory_requests: 256M
 kube_apiserver_cpu_requests: 300m
 kube_apiserver_storage_backend: etcd2
 
+
+## Enable/Disable Kube API Server Authentication Methods
+kube_basic_auth: true
+kube_token_auth: true
+kube_oidc_auth: false
+
 ## Variables for OpenID Connect Configuration https://kubernetes.io/docs/admin/authentication/
 ## To use OpenID you have to deploy additional an OpenID Provider (e.g Dex, Keycloak, ...)
-kube_oidc_auth: false
+
 #kube_oidc_url: https:// ...
 # kube_oidc_client_id: kubernetes
 ## Optional settings for OIDC
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index 96a0c738aa7a90e6eade3205beb4f6948073e389..65a30929b41928d3d44e7fd499e4c41dd9e0326e 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -34,10 +34,14 @@ spec:
     - --service-cluster-ip-range={{ kube_service_addresses }}
     - --service-node-port-range={{ kube_apiserver_node_port_range }}
     - --client-ca-file={{ kube_cert_dir }}/ca.pem
+{% if kube_basic_auth|default(true) %}
     - --basic-auth-file={{ kube_users_dir }}/known_users.csv
+{% endif %}
     - --tls-cert-file={{ kube_cert_dir }}/apiserver.pem
     - --tls-private-key-file={{ kube_cert_dir }}/apiserver-key.pem
+{% if kube_token_auth|default(true) %}
     - --token-auth-file={{ kube_token_dir }}/known_tokens.csv
+{% endif %}
     - --service-account-key-file={{ kube_cert_dir }}/apiserver-key.pem
 {% if kube_oidc_auth|default(false) and kube_oidc_url is defined and kube_oidc_client_id is defined %}
     - --oidc-issuer-url={{ kube_oidc_url }}
diff --git a/roles/kubernetes/secrets/tasks/check-tokens.yml b/roles/kubernetes/secrets/tasks/check-tokens.yml
index 14cfbb12439f50e219d55b9563a085c550f50614..16c3e4357c8b84acd7ef59b7f2e2f41dd588c69e 100644
--- a/roles/kubernetes/secrets/tasks/check-tokens.yml
+++ b/roles/kubernetes/secrets/tasks/check-tokens.yml
@@ -14,7 +14,7 @@
 - name: "Check_tokens | Set 'sync_tokens' and 'gen_tokens' to true"
   set_fact:
     gen_tokens: true
-  when: not known_tokens_master.stat.exists
+  when: not known_tokens_master.stat.exists and kube_token_auth|default(true)
   run_once: true
 
 - name: "Check tokens | check if a cert already exists"
diff --git a/roles/kubernetes/secrets/tasks/main.yml b/roles/kubernetes/secrets/tasks/main.yml
index 6da1471708277deb49e2e768a6cb6363eee06c67..919ed0df76450c03aea3fc857e8ad659245e7121 100644
--- a/roles/kubernetes/secrets/tasks/main.yml
+++ b/roles/kubernetes/secrets/tasks/main.yml
@@ -33,7 +33,7 @@
     line: '{{ item.value.pass }},{{ item.key }},{{ item.value.role }}'
     backup: yes
   with_dict: "{{ kube_users }}"
-  when: inventory_hostname in "{{ groups['kube-master'] }}"
+  when: inventory_hostname in "{{ groups['kube-master'] }}" and kube_basic_auth|default(true)
   notify: set secret_changed
 
 #