diff --git a/ansible/playbooks/roles/containerd/handlers/main.yml b/ansible/playbooks/roles/containerd/handlers/main.yml
index 49f7022e0e..c4258bc0d4 100644
--- a/ansible/playbooks/roles/containerd/handlers/main.yml
+++ b/ansible/playbooks/roles/containerd/handlers/main.yml
@@ -2,6 +2,7 @@
   systemd:
     name: containerd
     state: restarted
+    enabled: true
 
 - name: Restart kubelet
   systemd:
diff --git a/ansible/playbooks/roles/containerd/tasks/configure-kubelet-env.yml b/ansible/playbooks/roles/containerd/tasks/configure-kubelet-env.yml
new file mode 100644
index 0000000000..47f38b53f0
--- /dev/null
+++ b/ansible/playbooks/roles/containerd/tasks/configure-kubelet-env.yml
@@ -0,0 +1,39 @@
+# To be replaced by filter plugin (https://github.com/epiphany-platform/epiphany/issues/2943)
+- name: Reconfigure kubelet args
+  notify:
+    - Restart containerd
+    - Restart kubelet
+  block:
+  - name: Get kubeadm-flags.env file content
+    slurp:
+      src: /var/lib/kubelet/kubeadm-flags.env
+    register: kubelet_kubeadm_args
+
+  - name: Set kubelet_kubeadmn_args_content
+    set_fact:
+      kubelet_kubeadmn_args_content: "{{ kubelet_kubeadm_args.content | b64decode }}"
+
+  - name: Modify container-runtime
+    replace:
+      path: /var/lib/kubelet/kubeadm-flags.env
+      regexp: '{{ item.regexp }}'
+      replace: '{{ item.replace }}'
+      backup: true
+    loop:
+      - { regexp: '^(KUBELET_KUBEADM_ARGS=\")(.*)(--container-runtime=[a-zA-Z0-9_]+)(.*)', replace: '\1\2--container-runtime=remote\4' }
+      - { regexp: '^(KUBELET_KUBEADM_ARGS=\")(.*)(--container-runtime-endpoint=.*\.sock)(.*)', replace: '\1\2--container-runtime-endpoint=/run/containerd/containerd.sock\4' }
+    when: kubelet_kubeadmn_args_content.find('--container-runtime') != -1
+
+  - name: Append container-runtime to kubelet config
+    replace:
+      path: /var/lib/kubelet/kubeadm-flags.env
+      regexp: '^(KUBELET_KUBEADM_ARGS=\")(.*)(\")$'
+      replace: '\1\2 --container-runtime=remote"'
+    when: kubelet_kubeadmn_args_content.find('--container-runtime') == -1
+
+  - name: Append container-runtime-endpoint to kubelet config
+    replace:
+      path: /var/lib/kubelet/kubeadm-flags.env
+      regexp: '^(KUBELET_KUBEADM_ARGS=\")(.*)(\")$'
+      replace: '\1\2 --container-runtime-endpoint=/run/containerd/containerd.sock"'
+    when: kubelet_kubeadmn_args_content.find('--container-runtime-endpoint') == -1
diff --git a/ansible/playbooks/roles/containerd/tasks/main.yml b/ansible/playbooks/roles/containerd/tasks/main.yml
index 20efe4463a..f8e314d822 100644
--- a/ansible/playbooks/roles/containerd/tasks/main.yml
+++ b/ansible/playbooks/roles/containerd/tasks/main.yml
@@ -40,44 +40,6 @@
 - name: Configure containerd
   include_tasks: configure-containerd.yml
 
-# To be replaced by filter plugin (https://github.com/epiphany-platform/epiphany/issues/2943)
-- name: Reconfigure kubelet args
-  when: is_upgrade_run
-  block:
-  - name: Get kubeadm-flags.env file content
-    slurp:
-      src: /var/lib/kubelet/kubeadm-flags.env
-    register: kubelet_kubeadm_args
-
-  - name: Set kubelet_kubeadmn_args_content
-    set_fact:
-      kubelet_kubeadmn_args_content: "{{ kubelet_kubeadm_args.content | b64decode }}"
-
-  - name: Modify container-runtime
-    replace:
-      path: /var/lib/kubelet/kubeadm-flags.env
-      regexp: '{{ item.regexp }}'
-      replace: '{{ item.replace }}'
-      backup: true
-    loop:
-      - { regexp: '^(KUBELET_KUBEADM_ARGS=\")(.*)(--container-runtime=[a-zA-Z0-9_]+)(.*)', replace: '\1\2--container-runtime=remote\4' }
-      - { regexp: '^(KUBELET_KUBEADM_ARGS=\")(.*)(--container-runtime-endpoint=.*\.sock)(.*)', replace: '\1\2--container-runtime-endpoint=/run/containerd/containerd.sock\4' }
-    when: kubelet_kubeadmn_args_content.find('--container-runtime') != -1
-
-  - name: Append container-runtime to kubelet config
-    replace:
-      path: /var/lib/kubelet/kubeadm-flags.env
-      regexp: '^(KUBELET_KUBEADM_ARGS=\")(.*)(\")$'
-      replace: '\1\2 --container-runtime=remote"'
-    when: kubelet_kubeadmn_args_content.find('--container-runtime') == -1
-
-  - name: Append container-runtime-endpoint to kubelet config
-    replace:
-      path: /var/lib/kubelet/kubeadm-flags.env
-      regexp: '^(KUBELET_KUBEADM_ARGS=\")(.*)(\")$'
-      replace: '\1\2 --container-runtime-endpoint=/run/containerd/containerd.sock"'
-    when: kubelet_kubeadmn_args_content.find('--container-runtime-endpoint') == -1
-
 - name: Provide crictl.yaml file
   copy:
     src: crictl.yaml
diff --git a/ansible/playbooks/roles/kubernetes_common/tasks/configure-kubelet.yml b/ansible/playbooks/roles/kubernetes_common/tasks/configure-kubelet.yml
index 9a73fe0ee5..7b4d0e1132 100644
--- a/ansible/playbooks/roles/kubernetes_common/tasks/configure-kubelet.yml
+++ b/ansible/playbooks/roles/kubernetes_common/tasks/configure-kubelet.yml
@@ -36,6 +36,13 @@
         backup: true
       register: apply_kubelet_custom_config
 
+- name: Configure kubelet-env
+  include_role:
+    name: containerd
+    tasks_from: configure-kubelet-env
+  when:
+    - is_upgrade_run or inventory_hostname in groups.image_registry
+
 - name: Restart kubelet service
   systemd:
     name: kubelet