diff --git a/roles/bootstrap-os/defaults/main.yml b/roles/bootstrap-os/defaults/main.yml
index 40054b2e39cca0a14a5e2d49602b6efb414d48b7..b9aee516a9ddbb7789b68abfdbdfebab6a7c225b 100644
--- a/roles/bootstrap-os/defaults/main.yml
+++ b/roles/bootstrap-os/defaults/main.yml
@@ -13,7 +13,7 @@ use_oracle_public_repo: true
 
 fedora_coreos_packages:
   - python
-  - libselinux-python3
+  - python3-libselinux
   - ethtool                 # required in kubeadm preflight phase for verifying the environment
   - ipset                   # required in kubeadm preflight phase for verifying the environment
   - conntrack-tools         # required by kube-proxy
diff --git a/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml b/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml
index 39acdcc7f82a9be04e907a6270ef8cdce0942fb8..0d70a339843b73d7a55d916606aa700bb65f6f4a 100644
--- a/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml
+++ b/roles/bootstrap-os/tasks/bootstrap-fedora-coreos.yml
@@ -8,17 +8,38 @@
   tags:
     - facts
 
+- name: Remove podman network cni
+  raw: "podman network rm podman"
+  become: true
+  ignore_errors: yes
+  when: need_bootstrap.rc != 0
+
 - name: Clean up possible pending packages on fedora coreos
   raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree cleanup -p }}"
   become: true
   when: need_bootstrap.rc != 0
 
+  # Because the package "python3-libselinux" has a dependency on libselinux,
+  # which is a base package in Fedora CoreOS and cannot be upgraded.
+  # Temporary disabling update repo allows to install python3-libselinux
+  # see https://github.com/coreos/fedora-coreos-tracker/issues/592
+- name: Temporary disable fedora updates repo because of base packages conflicts
+  raw: "sed -i 's|^enabled=1|enabled=0|g' /etc/yum.repos.d/fedora-updates.repo"
+  become: true
+  when: need_bootstrap.rc != 0
+
 - name: Install required packages on fedora coreos
   raw: "export http_proxy={{ http_proxy | default('') }};rpm-ostree install {{ fedora_coreos_packages|join(' ') }}"
   become: true
   when: need_bootstrap.rc != 0
 
-# playbook fails because connection lost
+  # see https://github.com/coreos/fedora-coreos-tracker/issues/592
+- name: Enable fedora updates repo
+  raw: "sed -i 's|^enabled=0|enabled=1|g' /etc/yum.repos.d/fedora-updates.repo"
+  become: true
+  when: need_bootstrap.rc != 0
+
+  # playbook fails because connection lost
 - name: Reboot immediately for updated ostree, please run playbook again if failed first time.
   raw: "nohup bash -c 'sleep 5s && shutdown -r now'"
   become: true
diff --git a/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml b/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml
index 4d94231aad8942b77df2f35da41d9dc3e53ff5b6..0676f9c8e75e444409d5c5d5f2080aaab3be01dd 100644
--- a/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml
+++ b/roles/kubernetes/preinstall/tasks/0062-networkmanager.yml
@@ -1,9 +1,9 @@
 ---
 - name: NetworkManager | Add nameservers to NM configuration
   ini_file:
-    path: /etc/NetworkManager/system-connections/default_connection.nmconnection
-    section: ipv4
-    option: dns
+    path: /etc/NetworkManager/conf.d/dns.conf
+    section: global-dns-domain-*
+    option: servers
     value: "{{ ( coredns_server + nameservers|d([]) + cloud_resolver|d([])) | unique | join(';') }}"
     mode: '0600'
     backup: yes
@@ -11,9 +11,9 @@
 
 - name: NetworkManager | Add DNS search to NM configuration
   ini_file:
-    path: /etc/NetworkManager/system-connections/default_connection.nmconnection
-    section: ipv4
-    option: dns-search
+    path: /etc/NetworkManager/conf.d/dns.conf
+    section: global-dns
+    option: searches
     value: "{{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(';') }}"
     mode: '0600'
     backup: yes
@@ -21,20 +21,10 @@
 
 - name: NetworkManager | Add DNS options to NM configuration
   ini_file:
-    path: /etc/NetworkManager/system-connections/default_connection.nmconnection
-    section: ipv4
-    option: dns-options
+    path: /etc/NetworkManager/conf.d/dns.conf
+    section: global-dns
+    option: options
     value: "ndots:{{ ndots }};timeout:2;attempts:2;"
     mode: '0600'
     backup: yes
   notify: Preinstall | update resolvconf for Fedora CoreOS
-
-- name: NetworkManager | Ignore DNS auto configuration
-  ini_file:
-    path: /etc/NetworkManager/system-connections/default_connection.nmconnection
-    section: ipv4
-    option: ignore-auto-dns
-    value: 'true'
-    mode: '0600'
-    backup: yes
-  notify: Preinstall | update resolvconf for Fedora CoreOS