diff --git a/calicoctl-utility/templates/bin/_utilscli-sudo.tpl b/calicoctl-utility/templates/bin/_utilscli-sudo.tpl
index c0bd50ea..09e2fcb7 100644
--- a/calicoctl-utility/templates/bin/_utilscli-sudo.tpl
+++ b/calicoctl-utility/templates/bin/_utilscli-sudo.tpl
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-nobody ALL = (root) NOPASSWD: /usr/bin/socat -d -v -s -t0 -T0 -u \
+nobody ALL=SETENV: NOPASSWD: /usr/bin/socat -d -v -s -t0 -T0 -u \
   UNIX-RECV\:/dev/log\,reuseaddr stdout, \
   /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf *, \
   /usr/local/bin/calicoctl version
diff --git a/calicoctl-utility/templates/bin/_utilscli.tpl b/calicoctl-utility/templates/bin/_utilscli.tpl
index 1b1df077..4be746b4 100644
--- a/calicoctl-utility/templates/bin/_utilscli.tpl
+++ b/calicoctl-utility/templates/bin/_utilscli.tpl
@@ -15,4 +15,4 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */}}
 
-sudo /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf $*
+sudo -E /usr/local/bin/calicoctl-utility-rootwrap /etc/calicoctl/rootwrap.conf $*
diff --git a/calicoctl-utility/templates/deployment-calicoctl-utility.yaml b/calicoctl-utility/templates/deployment-calicoctl-utility.yaml
index 87c8da29..4621d255 100644
--- a/calicoctl-utility/templates/deployment-calicoctl-utility.yaml
+++ b/calicoctl-utility/templates/deployment-calicoctl-utility.yaml
@@ -94,7 +94,13 @@ spec:
           readinessProbe:
             exec:
               command:
+              {{- if .Values.conf.utility.match_versions }}
                 - /usr/local/bin/version_check.sh
+              {{- else }}
+                - sudo
+                - calicoctl
+                - version
+              {{- end }}
             initialDelaySeconds: 5
             periodSeconds: 15
           livenessProbe:
diff --git a/calicoctl-utility/values.yaml b/calicoctl-utility/values.yaml
index 3e930e7b..86643c2f 100644
--- a/calicoctl-utility/values.yaml
+++ b/calicoctl-utility/values.yaml
@@ -170,6 +170,7 @@ conf:
 
       calicoctl_version_00: RegExpFilter, calicoctl, root, calicoctl, version
       calicoctl_version_01: RegExpFilter, calicoctl, root, calicoctl, -l, (?i)panic|fatal|error|warn|info|debug, version
+      calicoq_00: CommandFilter, calicoq, root
   calicoctl_rootwrap:
     DEFAULT:
       # Configuration for calicoctl-rootwrap
@@ -197,6 +198,9 @@ conf:
     # Set to true for development sites,
     # Set to false otherwise
     always_log_user: true
+    # Specify whether we need to check for exact match of calicoctl and cluster
+    # versions during readiness probe
+    match_versions: false
 
 manifests:
   configmap_bin: true