diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index 01ce93f0cb73ee170a6eca4ce7cf5d32460c3e34..147033f3884d3ead9314219d29db044d194bb1e2 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -144,5 +144,9 @@ debian_os_family_extensions:
 # Sets DNSStubListener=no, useful if you get "0.0.0.0:53: bind: address already in use"
 systemd_resolved_disable_stub_listener: "{{ ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk'] }}"
 
+# Used to disable File Access Policy Daemon service.
+# If service is enabled, the CNI plugin installation will fail
+disable_fapolicyd: true
+
 # Enable 0120-growpart-azure-centos-7 tasks
 growpart_azure_enabled: true
diff --git a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
index 91a254290a03b14ed4be4cbb30faf01c09cba2bd..d4fa45b8bed84dec55b29e97942ed3d9160e7400 100644
--- a/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
+++ b/roles/kubernetes/preinstall/tasks/0080-system-configurations.yml
@@ -136,3 +136,11 @@
     state: present
     reload: yes
   with_items: "{{ additional_sysctl }}"
+
+- name: Disable fapolicyd service
+  failed_when: false
+  systemd:
+    name: fapolicyd
+    state: stopped
+    enabled: false
+  when: disable_fapolicyd