diff --git a/pkg/services/cloudprovider/cloud-controller-manager.go b/pkg/services/cloudprovider/cloud-controller-manager.go
index c53bd4848e..d4198ebba6 100644
--- a/pkg/services/cloudprovider/cloud-controller-manager.go
+++ b/pkg/services/cloudprovider/cloud-controller-manager.go
@@ -106,9 +106,6 @@ func CloudControllerManagerDaemonSet(image string, args []string) *appsv1.Daemon
 					},
 				},
 				Spec: corev1.PodSpec{
-					NodeSelector: map[string]string{
-						"node-role.kubernetes.io/master": "",
-					},
 					SecurityContext: &corev1.PodSecurityContext{
 						RunAsUser: int64ptr(0),
 					},
@@ -122,6 +119,10 @@ func CloudControllerManagerDaemonSet(image string, args []string) *appsv1.Daemon
 							Key:    "node-role.kubernetes.io/master",
 							Effect: corev1.TaintEffectNoSchedule,
 						},
+						{
+							Key:    "node-role.kubernetes.io/control-plane",
+							Effect: corev1.TaintEffectNoSchedule,
+						},
 						{
 							Key:    "node.kubernetes.io/not-ready",
 							Effect: corev1.TaintEffectNoSchedule,
diff --git a/pkg/services/cloudprovider/csi.go b/pkg/services/cloudprovider/csi.go
index f45068f3ac..0d317f6188 100644
--- a/pkg/services/cloudprovider/csi.go
+++ b/pkg/services/cloudprovider/csi.go
@@ -406,16 +406,17 @@ func CSIControllerDeployment(storageConfig *types.CPIStorageConfig) *appsv1.Depl
 				},
 				Spec: corev1.PodSpec{
 					ServiceAccountName: CSIControllerName,
-					NodeSelector: map[string]string{
-						"node-role.kubernetes.io/master": "",
-					},
 					Tolerations: []corev1.Toleration{
-
 						{
 							Key:      "node-role.kubernetes.io/master",
 							Operator: corev1.TolerationOpExists,
 							Effect:   corev1.TaintEffectNoSchedule,
 						},
+						{
+							Key:      "node-role.kubernetes.io/control-plane",
+							Operator: corev1.TolerationOpExists,
+							Effect:   corev1.TaintEffectNoSchedule,
+						},
 					},
 					DNSPolicy: corev1.DNSDefault,
 					Containers: []corev1.Container{
diff --git a/templates/cluster-template-external-loadbalancer.yaml b/templates/cluster-template-external-loadbalancer.yaml
index 91739643eb..89ccea2ecb 100644
--- a/templates/cluster-template-external-loadbalancer.yaml
+++ b/templates/cluster-template-external-loadbalancer.yaml
@@ -664,6 +664,9 @@ data:
           - effect: NoSchedule
             key: node-role.kubernetes.io/master
             operator: Exists
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/control-plane
+            operator: Exists
           volumes:
           - name: vsphere-config-volume
             secret:
@@ -899,6 +902,8 @@ data:
             value: "true"
           - effect: NoSchedule
             key: node-role.kubernetes.io/master
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/control-plane
           - effect: NoSchedule
             key: node.kubernetes.io/not-ready
           volumes:
diff --git a/templates/cluster-template-ignition.yaml b/templates/cluster-template-ignition.yaml
index 14d3fd0b6c..2b00e217fd 100644
--- a/templates/cluster-template-ignition.yaml
+++ b/templates/cluster-template-ignition.yaml
@@ -807,6 +807,9 @@ data:
           - effect: NoSchedule
             key: node-role.kubernetes.io/master
             operator: Exists
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/control-plane
+            operator: Exists
           volumes:
           - name: vsphere-config-volume
             secret:
@@ -1042,6 +1045,8 @@ data:
             value: "true"
           - effect: NoSchedule
             key: node-role.kubernetes.io/master
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/control-plane
           - effect: NoSchedule
             key: node.kubernetes.io/not-ready
           volumes:
diff --git a/templates/cluster-template-topology.yaml b/templates/cluster-template-topology.yaml
index 5fa71d775f..9ec17177a3 100644
--- a/templates/cluster-template-topology.yaml
+++ b/templates/cluster-template-topology.yaml
@@ -559,6 +559,9 @@ data:
           - effect: NoSchedule
             key: node-role.kubernetes.io/master
             operator: Exists
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/control-plane
+            operator: Exists
           volumes:
           - name: vsphere-config-volume
             secret:
@@ -794,6 +797,8 @@ data:
             value: "true"
           - effect: NoSchedule
             key: node-role.kubernetes.io/master
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/control-plane
           - effect: NoSchedule
             key: node.kubernetes.io/not-ready
           volumes:
diff --git a/templates/cluster-template.yaml b/templates/cluster-template.yaml
index 7905b3b145..c1296fece5 100644
--- a/templates/cluster-template.yaml
+++ b/templates/cluster-template.yaml
@@ -720,6 +720,9 @@ data:
           - effect: NoSchedule
             key: node-role.kubernetes.io/master
             operator: Exists
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/control-plane
+            operator: Exists
           volumes:
           - name: vsphere-config-volume
             secret:
@@ -955,6 +958,8 @@ data:
             value: "true"
           - effect: NoSchedule
             key: node-role.kubernetes.io/master
+          - effect: NoSchedule
+            key: node-role.kubernetes.io/control-plane
           - effect: NoSchedule
             key: node.kubernetes.io/not-ready
           volumes: