diff --git a/ansible/roles/rke_configuration/files/cluster-defaults.yml b/ansible/roles/rke_configuration/files/cluster-defaults.yml
index 349fb604691470ad46c5b812ede748b0daa98217..eceec75985967a86b41e015f8dfa305972cd8f28 100644
--- a/ansible/roles/rke_configuration/files/cluster-defaults.yml
+++ b/ansible/roles/rke_configuration/files/cluster-defaults.yml
@@ -55,13 +55,17 @@ services:
     cluster_cidr: 10.42.0.0/16
     image: ''
     service_cluster_ip_range: 10.43.0.0/16
+    extra_args:
+      feature-gates: 'RotateKubeletServerCertificate=true'
   kubelet:
     cluster_dns_server: 10.43.0.10
     cluster_domain: cluster.local
     extra_args:
       containerized: 'true'
-      eviction-hard: "memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi"
-      eviction-minimum-reclaim: "memory.available=0Mi,nodefs.available=0Mi,imagefs.available=0Gi"
+      eviction-hard: 'memory.available<100Mi,nodefs.available<1Gi,imagefs.available<1Gi'
+      eviction-minimum-reclaim: 'memory.available=0Mi,nodefs.available=0Mi,imagefs.available=0Gi'
+      protect-kernel-defaults: 'true'
+      hostname-override: 'false'
     extra_binds:
     # Make local storage work with persistent volumes that use `subpath`
     # see https://open.greenhost.net/openappstack/openappstack/issues/236