diff --git a/kubernetes-nodes.yaml b/kubernetes-nodes.yaml
index 967dc77..83ad85a 100644
--- a/kubernetes-nodes.yaml
+++ b/kubernetes-nodes.yaml
@@ -32,6 +32,7 @@
   hosts: kubelets
   gather_facts: true
   vars:
+    # Please use kubeadm upgrade plan and kubeadm upgrade apply!
     KUBERNETES_VERSION: v1.33.3 # https://kubernetes.io/releases/patch-releases/
     CRIO_VERSION: v1.33 # https://github.com/cri-o/cri-o/releases
     CALICOCTL_VERSION: v3.29.3 # https://github.com/projectcalico/calico/releases
@@ -214,14 +215,15 @@
       ansible.builtin.shell: "sysctl --system"
       when: sysctl.changed
 
-    - name: Reconfigure kube-apiserver to use Passmower OIDC endpoint
-      ansible.builtin.template:
-        src: kube-apiserver.j2
-        dest: /etc/kubernetes/manifests/kube-apiserver.yaml
-        mode: 600
-      notify: restart kubelet
-      when:
-        - inventory_hostname in groups["masters"]
+# managed by kubeadm, kubectl edit -n kube-system kubeadm-config
+#    - name: Reconfigure kube-apiserver to use Passmower OIDC endpoint
+#      ansible.builtin.template:
+#        src: kube-apiserver.j2
+#        dest: /etc/kubernetes/manifests/kube-apiserver.yaml
+#        mode: 600
+#      notify: restart kubelet
+#      when:
+#        - inventory_hostname in groups["masters"]
 
     - name: Enable kubelet service
       ansible.builtin.systemd_service: