diff --git a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
index c13b6e833d319fedb7443a02f966cdb9541ee92c..08450579a7d53957eff98309fbe20afd11a943c4 100644
--- a/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/control-plane/tasks/kubeadm-setup.yml
@@ -122,15 +122,6 @@
     - item in kube_apiserver_admission_plugins_needs_configuration
   loop: "{{ kube_apiserver_enable_admission_plugins }}"
 
-- name: Kubeadm | Configure default cluster podnodeslector
-  template:
-    src: "podnodeselector.yaml.j2"
-    dest: "{{ kube_config_dir }}/admission-controls/podnodeselector.yaml"
-    mode: "0640"
-  when:
-    - kube_apiserver_admission_plugins_podnodeselector_default_node_selector is defined
-    - kube_apiserver_admission_plugins_podnodeselector_default_node_selector | length > 0
-
 - name: Kubeadm | Check apiserver.crt SANs
   vars:
     apiserver_ips: "{{ apiserver_sans | map('ansible.utils.ipaddr') | reject('equalto', False) | list }}"
diff --git a/roles/kubernetes/control-plane/vars/main.yaml b/roles/kubernetes/control-plane/vars/main.yaml
index f888d6b0ce80d912cd974ee53ad26a0a8e989cd7..3775d253a7cc41d509a7190ea7403ceac9339228 100644
--- a/roles/kubernetes/control-plane/vars/main.yaml
+++ b/roles/kubernetes/control-plane/vars/main.yaml
@@ -1,3 +1,8 @@
 ---
 # list of admission plugins that needs to be configured
-kube_apiserver_admission_plugins_needs_configuration: [EventRateLimit, PodSecurity]
+# https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/
+kube_apiserver_admission_plugins_needs_configuration:
+- EventRateLimit
+- ImagePolicyWebhook
+- PodSecurity
+- PodNodeSelector