diff --git a/pkg/api/steve/clusters/shell.go b/pkg/api/steve/clusters/shell.go
index 3c27fc55473d25dcdc2e9d1ae3ad897f4ead08de..9acd0f8b014dcca1345babe7e9891c9362d54259 100644
--- a/pkg/api/steve/clusters/shell.go
+++ b/pkg/api/steve/clusters/shell.go
@@ -103,6 +103,7 @@ func (s *shell) createPod() *v1.Pod {
 			Namespace:    s.namespace,
 		},
 		Spec: v1.PodSpec{
+			DNSPolicy:                     "Default",
 			TerminationGracePeriodSeconds: new(int64),
 			RestartPolicy:                 v1.RestartPolicyNever,
 			NodeSelector: map[string]string{
@@ -115,6 +116,18 @@ func (s *shell) createPod() *v1.Pod {
 					Value:    "linux",
 					Effect:   "NoSchedule",
 				},
+				{
+					Key:      "node-role.kubernetes.io/controlplane",
+					Operator: "Equal",
+					Value:    "true",
+					Effect:   "NoSchedule",
+				},
+				{
+					Key:      "node-role.kubernetes.io/etcd",
+					Operator: "Equal",
+					Value:    "true",
+					Effect:   "NoExecute",
+				},
 			},
 			Containers: []v1.Container{
 				{
diff --git a/pkg/catalogv2/helmop/operation.go b/pkg/catalogv2/helmop/operation.go
index 832b6b6965ce17252e630db4b37a06f7c2f4d776..28bd3875f3f3cf5f09191e672d4dba72f319485b 100644
--- a/pkg/catalogv2/helmop/operation.go
+++ b/pkg/catalogv2/helmop/operation.go
@@ -732,6 +732,7 @@ func (s *Operations) createPod(secretData map[string][]byte) (*v1.Pod, *podimper
 			Namespace:    s.namespace,
 		},
 		Spec: v1.PodSpec{
+			DNSPolicy: "Default",
 			Volumes: []v1.Volume{
 				{
 					Name: "data",
@@ -754,6 +755,18 @@ func (s *Operations) createPod(secretData map[string][]byte) (*v1.Pod, *podimper
 					Value:    "linux",
 					Effect:   "NoSchedule",
 				},
+				{
+					Key:      "node-role.kubernetes.io/controlplane",
+					Operator: "Equal",
+					Value:    "true",
+					Effect:   "NoSchedule",
+				},
+				{
+					Key:      "node-role.kubernetes.io/etcd",
+					Operator: "Equal",
+					Value:    "true",
+					Effect:   "NoExecute",
+				},
 			},
 			Containers: []v1.Container{
 				{
diff --git a/pkg/systemtemplate/template.go b/pkg/systemtemplate/template.go
index acb2fc6222f1ef8e6f85b498ada8e8ddc1d9b4a7..ac4af8caff3ba8f91ad351e50a3a00fb26a2f676 100644
--- a/pkg/systemtemplate/template.go
+++ b/pkg/systemtemplate/template.go
@@ -161,6 +161,7 @@ spec:
                 - "true"
             weight: 1
       serviceAccountName: cattle
+      dnsPolicy: Default
       tolerations:
       {{- if .Tolerations }}
       # Tolerations added based on found taints on controlplane nodes