diff --git a/roles/kubernetes/control-plane/vars/main.yaml b/roles/kubernetes/control-plane/vars/main.yaml
index d387a15bc1448b6134e9e244855359bda7a768af..3775d253a7cc41d509a7190ea7403ceac9339228 100644
--- a/roles/kubernetes/control-plane/vars/main.yaml
+++ b/roles/kubernetes/control-plane/vars/main.yaml
@@ -1,6 +1,8 @@
 ---
 # list of admission plugins that needs to be configured
+# https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
 kube_apiserver_admission_plugins_needs_configuration:
 - EventRateLimit
+- ImagePolicyWebhook
 - PodSecurity
 - PodNodeSelector