diff --git a/roles/download/tasks/prep_kubeadm_images.yml b/roles/download/tasks/prep_kubeadm_images.yml
index fa829e8f0eafa55b03b0f5cdac76a722d1dcec08..d004f9367f40ad083af4a40b0df0277ce5b24901 100644
--- a/roles/download/tasks/prep_kubeadm_images.yml
+++ b/roles/download/tasks/prep_kubeadm_images.yml
@@ -38,6 +38,7 @@
   shell: "set -o pipefail && {{ bin_dir }}/kubeadm config images list --config={{ kube_config_dir }}/kubeadm-images.yaml | grep -Ev 'coredns|pause'"
   args:
     executable: /bin/bash
+  environment: "{{ proxy_disable_env }}"
   register: kubeadm_images_raw
   run_once: true
   changed_when: false
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml b/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml
index 6ebfb179a916b2c08e30e56d6798a173e9c99c44..c589dd76da90c54724a46d25d5bc4b965e3f1e06 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-fix-apiserver.yml
@@ -20,6 +20,7 @@
     {{ bin_dir }}/kubeadm init phase kubeconfig all
     --config {{ kube_config_dir }}/kubeadm-config.yaml
     --kubeconfig-dir {{ kubeconfig_temp_dir.path }}
+  environment: "{{ proxy_disable_env }}"
   when: kubeconfig_correct_apiserver.rc != 0
 
 - name: Copy new kubeconfigs to kube config dir
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
index 75eea9132d3664564abe8d6ec19722fb91e36296..13b844204dc5a3f14fa59db26aa32ee87f6bb836 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-secondary.yml
@@ -16,6 +16,7 @@
     --config {{ kube_config_dir }}/kubeadm-config.yaml
     upload-certs
     --upload-certs
+  environment: "{{ proxy_disable_env }}"
   register: kubeadm_upload_cert
   when:
     - inventory_hostname == groups['kube-master']|first
@@ -57,6 +58,7 @@
     {{ bin_dir }}/kubeadm join
     --config {{ kube_config_dir }}/kubeadm-controlplane.yaml
     --ignore-preflight-errors=all
+  environment: '{{ proxy_disable_env | combine({"PATH": "{{ bin_dir }}:{{ ansible_env.PATH }}"}) }}'
   register: kubeadm_join_control_plane
   retries: 3
   throttle: 1
@@ -64,8 +66,6 @@
   when:
     - inventory_hostname != groups['kube-master']|first
     - kubeadm_already_run is not defined or not kubeadm_already_run.stat.exists
-  environment:
-    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
 
 - name: Set secret_changed to false to avoid extra token rotation
   set_fact:
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
index 6fa9cfd7fdcb0bf5c60bf6a8db9db6f6bf7a0527..eb89a91046ce82b121d35a301c217d6c59ab3b0e 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -165,8 +165,7 @@
   until: kubeadm_init is succeeded or "field is immutable" in kubeadm_init.stderr
   when: inventory_hostname == groups['kube-master']|first and not kubeadm_already_run.stat.exists
   failed_when: kubeadm_init.rc != 0 and "field is immutable" not in kubeadm_init.stderr
-  environment:
-    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}"
+  environment: '{{ proxy_disable_env | combine({"PATH": "{{ bin_dir }}:{{ ansible_env.PATH }}"}) }}'
   notify: Master | restart kubelet
 
 - name: set kubeadm certificate key
@@ -181,6 +180,7 @@
   shell: >-
     {{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token delete {{ kubeadm_token }} || :;
     {{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token create {{ kubeadm_token }}
+  environment: "{{ proxy_disable_env }}"
   changed_when: false
   when:
     - inventory_hostname == groups['kube-master']|first
@@ -191,6 +191,7 @@
 
 - name: Create kubeadm token for joining nodes with 24h expiration (default)
   command: "{{ bin_dir }}/kubeadm --kubeconfig /etc/kubernetes/admin.conf token create"
+  environment: "{{ proxy_disable_env }}"
   changed_when: false
   register: temp_token
   retries: 5
diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-version.yml b/roles/kubernetes/control-plane/tasks/kubeadm-version.yml
index 8c7feea3510bd11fe5ad30b8aa98b039b76e98fe..2793c77ab7e4d65cf324faa373e7b6802ba1238d 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-version.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-version.yml
@@ -1,6 +1,7 @@
 ---
 - name: Get the kubeadm version
   command: "{{ bin_dir }}/kubeadm version -o short"
+  environment: "{{ proxy_disable_env }}"
   register: kubeadm_output
   changed_when: false
 
diff --git a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
index b5c0f255253d0def1afac1edf7752998745d0a92..27e0c5f93b90a9584610f2603a6acd20bf5b019b 100644
--- a/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
+++ b/roles/kubernetes/kubeadm/tasks/kubeadm_etcd_node.yml
@@ -22,6 +22,7 @@
     {{ kubeadm_discovery_address }}
   args:
     creates: "{{ kube_cert_dir }}/apiserver-etcd-client.key"
+  environment: "{{ proxy_disable_env }}"
 
 - name: Delete unneeded certificates
   file:
diff --git a/roles/kubernetes/kubeadm/tasks/main.yml b/roles/kubernetes/kubeadm/tasks/main.yml
index b939b38c42687d3ca27cb0a7c3a776eddf7a4c07..276e139be5e6c3c47ca17353bd1b4b2f1b571061 100644
--- a/roles/kubernetes/kubeadm/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/tasks/main.yml
@@ -42,6 +42,7 @@
 
 - name: Create kubeadm token for joining nodes with 24h expiration (default)
   command: "{{ bin_dir }}/kubeadm token create"
+  environment: "{{ proxy_disable_env }}"
   register: temp_token
   delegate_to: "{{ groups['kube-master'][0] }}"
   when: kubeadm_token is not defined
@@ -54,6 +55,7 @@
 
 - name: Get the kubeadm version
   command: "{{ bin_dir }}/kubeadm version -o short"
+  environment: "{{ proxy_disable_env }}"
   register: kubeadm_output
   changed_when: false
 
@@ -69,8 +71,7 @@
   when: not is_kube_master
 
 - name: Join to cluster if needed
-  environment:
-    PATH: "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin"  # Make sure we can workaround RH / CentOS conservative path management
+  environment: '{{ proxy_disable_env | combine({"PATH": "{{ bin_dir }}:{{ ansible_env.PATH }}:/sbin"}) }}'
   when: not is_kube_master and (not kubelet_conf.stat.exists)
   block:
 
diff --git a/roles/kubernetes/node/tasks/kubelet.yml b/roles/kubernetes/node/tasks/kubelet.yml
index cb95cc174a82cd3740214a11aa1a28345cb7b6d5..68cd0ff63d1f022cbccba04004b323db5abe535d 100644
--- a/roles/kubernetes/node/tasks/kubelet.yml
+++ b/roles/kubernetes/node/tasks/kubelet.yml
@@ -8,6 +8,7 @@
 
 - name: Get the kubeadm version
   command: "{{ bin_dir }}/kubeadm version -o short"
+  environment: "{{ proxy_disable_env }}"
   register: kubeadm_output
   changed_when: false
 
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index cd8a47d6ccb726f23a57b2a1043cd1dff6c0898b..00a1dc00bd5f6790d23f5a04c5a6e1d0a15cd5af 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -553,3 +553,23 @@ host_architecture: >-
 # Sets the eventRecordQPS parameter in kubelet-config.yaml. The default value is 5 (see types.go)
 # Setting it to 0 allows unlimited requests per second.
 kubelet_event_record_qps: 5
+
+proxy_env:
+  http_proxy: "{{ http_proxy | default ('') }}"
+  HTTP_PROXY: "{{ http_proxy | default ('') }}"
+  https_proxy: "{{ https_proxy | default ('') }}"
+  HTTPS_PROXY: "{{ https_proxy | default ('') }}"
+  no_proxy: "{{ no_proxy | default ('') }}"
+  NO_PROXY: "{{ no_proxy | default ('') }}"
+
+proxy_disable_env:
+  ALL_PROXY: ''
+  FTP_PROXY: ''
+  HTTPS_PROXY: ''
+  HTTP_PROXY: ''
+  NO_PROXY: ''
+  all_proxy: ''
+  ftp_proxy: ''
+  http_proxy: ''
+  https_proxy: ''
+  no_proxy: ''
diff --git a/roles/kubespray-defaults/tasks/main.yaml b/roles/kubespray-defaults/tasks/main.yaml
index 7c0c5d240a6e4fe0047d69b928587a0e4fdc85f9..fe268e9533c4b990b252015a23771e713ebf85f1 100644
--- a/roles/kubespray-defaults/tasks/main.yaml
+++ b/roles/kubespray-defaults/tasks/main.yaml
@@ -5,19 +5,6 @@
   tags:
     - always
 
-- name: "Set up proxy environment"
-  set_fact:
-    proxy_env:
-      http_proxy: "{{ http_proxy | default ('') }}"
-      HTTP_PROXY: "{{ http_proxy | default ('') }}"
-      https_proxy: "{{ https_proxy | default ('') }}"
-      HTTPS_PROXY: "{{ https_proxy | default ('') }}"
-      no_proxy: "{{ no_proxy | default ('') }}"
-      NO_PROXY: "{{ no_proxy | default ('') }}"
-  no_log: true
-  tags:
-    - always
-
 # do not run gather facts when bootstrap-os in roles
 - name: set fallback_ips
   import_tasks: fallback_ips.yml
diff --git a/scale.yml b/scale.yml
index 52f59d22c4dd8bc0b511ec9a008bddb83592cfcc..a47e67507290f2eb9da7d20dece94e75a6cabf89 100644
--- a/scale.yml
+++ b/scale.yml
@@ -69,6 +69,7 @@
         --config {{ kube_config_dir }}/kubeadm-config.yaml
         upload-certs
         --upload-certs
+      environment: "{{ proxy_disable_env }}"
       register: kubeadm_upload_cert
       changed_when: false
     - name: set fact 'kubeadm_certificate_key' for later use