diff --git a/kubernetes/kubernetes-unversioned/centos/files/kubelet_override.yaml b/kubernetes/kubernetes-unversioned/centos/files/kubelet_override.yaml
new file mode 100644
index 000000000..d6f2784aa
--- /dev/null
+++ b/kubernetes/kubernetes-unversioned/centos/files/kubelet_override.yaml
@@ -0,0 +1,4 @@
+---
+kind: KubeletConfiguration
+apiVersion: kubelet.config.k8s.io/v1beta1
+cgroupDriver: cgroupfs
diff --git a/kubernetes/kubernetes-unversioned/centos/files/upgrade_k8s_config.sh b/kubernetes/kubernetes-unversioned/centos/files/upgrade_k8s_config.sh
new file mode 100755
index 000000000..3aaa5edd8
--- /dev/null
+++ b/kubernetes/kubernetes-unversioned/centos/files/upgrade_k8s_config.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+# Copyright (c) 2021 Wind River Systems, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# This will run for every k8s upgrade as a part of the control-plane upgrade of the first master.
+# - updates kubeadm-config configmap to configure kube-apiserver manifest with RemoveSelfLink=false.
+# - generates a kubelet config override file to configure cgroupDriver=cgroupfs.
+#   This is consumed by kubeadm upgrade apply
+#
+# Background:
+# Kubernetes 1.21 changed cgroupDriver default to systemd (was cgroupfs).
+# Kubernetes 1.20 changed feature-gates RemoveSelfLink default to true.
+
+
+KUBEADM_CONFIGMAP_TMPFILE='/tmp/kubeadm_cm.yaml'
+
+function log {
+    logger -p local1.info "$1"
+}
+
+# Update the configmap for kubeadm
+function update_apiserver_configmap {
+
+    log "Retrieving kubeadm configmap to temporary location: ${KUBEADM_CONFIGMAP_TMPFILE}"
+    counter=0
+    RC=0
+    RETRIES=10
+    until  [ $counter -gt $RETRIES ]; do
+        kubectl --kubeconfig=/etc/kubernetes/admin.conf -n kube-system get \
+            configmap kubeadm-config -o yaml > ${KUBEADM_CONFIGMAP_TMPFILE}
+        RC=$?
+        if [ "$RC" = "0" ] ; then
+            log "Kubeadm configmap retrieved."
+            break
+        fi
+        log "Error retrieving kubeadm configmap, retrying..."
+        sleep 5
+        let "counter+=1"
+    done
+
+    if [ $counter -gt $RETRIES ]; then
+        log "Failed to retrieve kubeadm configmap with error code [$RC]".
+        exit $RC
+    fi
+
+    if ! grep -q 'RemoveSelfLink=false' ${KUBEADM_CONFIGMAP_TMPFILE}; then
+
+        log "Updating kube-apiserver feature-gates in retrieved kubeadm-config"
+
+        if sed -i \
+'/^\s*feature-gates:\s*.*HugePageStorageMediumSize='\
+'true/ s/$/,RemoveSelfLink=false/' ${KUBEADM_CONFIGMAP_TMPFILE}; then
+
+            if grep -q 'RemoveSelfLink=false' ${KUBEADM_CONFIGMAP_TMPFILE};
+            then
+                log "Successfully updated retrieved kubeadm-config"
+                if kubectl --kubeconfig=/etc/kubernetes/admin.conf replace -f \
+                        ${KUBEADM_CONFIGMAP_TMPFILE}; then
+                    log 'Successfully replaced updated kubeadm configmap.'
+                else
+                    RC=$?
+                    log "Failed to replace updated kubeadm configmap with error code: [$RC]"
+                    exit $RC
+                fi
+            else
+                log 'Failed to update kube-apiserver feature-gates with an unknown error'
+                exit -1
+            fi
+        else
+            RC=$?
+            log "Failed to update ${KUBEADM_CONFIGMAP_TMPFILE} with error code: [$RC]"
+            exit $RC
+        fi
+    else
+        log "Kubeadm configmap was already updated with RemoveSelfLink=false. Nothing to do."
+    fi
+
+    rm -f ${KUBEADM_CONFIGMAP_TMPFILE}
+
+}
+
+update_apiserver_configmap
+exit 0
diff --git a/kubernetes/kubernetes-unversioned/centos/kubernetes-unversioned.spec b/kubernetes/kubernetes-unversioned/centos/kubernetes-unversioned.spec
index cee00db5d..c9136ef0a 100644
--- a/kubernetes/kubernetes-unversioned/centos/kubernetes-unversioned.spec
+++ b/kubernetes/kubernetes-unversioned/centos/kubernetes-unversioned.spec
@@ -5,6 +5,7 @@
 #
 
 %define debug_package %{nil}
+%define local_sbindir /usr/local/sbin
 
 %global _k8s_name kubernetes
 
@@ -35,6 +36,11 @@ Source1: %{con_repo}-v%{con_commit}.tar.gz
 # systemd resource control enable CPU and Memory accounting for cgroups
 Source2: kubernetes-accounting.conf
 
+# kubelet config overrides parameters
+Source3: kubelet_override.yaml
+
+Source4: upgrade_k8s_config.sh
+
 Patch1: kubelet-service-remove-docker-dependency.patch
 
 BuildArch: noarch
@@ -89,6 +95,11 @@ install -v -d -m 0755 %{buildroot}%{_tmpfilesdir}
 install -v -p -m 0644 -t %{buildroot}/%{_tmpfilesdir} contrib/init/systemd/tmpfiles.d/kubernetes.conf
 mkdir -p %{buildroot}/run
 install -v -d -m 0755 %{buildroot}/run/%{_k8s_name}/
+install -p -D -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{_k8s_name}/kubelet_override.yaml
+
+install -d %{buildroot}%{local_sbindir}
+# install execution scripts
+install -m 700 %{SOURCE4} %{buildroot}/%{local_sbindir}/upgrade_k8s_config.sh
 
 # install service files
 install -v -d -m 0755 %{buildroot}%{_unitdir}
@@ -107,6 +118,9 @@ install -v -p -m 0644 -t %{buildroot}/%{_sysconfdir}/systemd/system.conf.d %{SOU
 %dir %{_curr_stage1}
 %dir %{_curr_stage2}
 
+# the following are execution scripts
+%{local_sbindir}/upgrade_k8s_config.sh
+
 # the following are symlinks
 %{_bindir}/kubeadm
 %{_bindir}/kubelet
@@ -123,6 +137,7 @@ install -v -p -m 0644 -t %{buildroot}/%{_sysconfdir}/systemd/system.conf.d %{SOU
 %config(noreplace) %{_sysconfdir}/%{_k8s_name}/config
 %config(noreplace) %{_sysconfdir}/%{_k8s_name}/kubelet
 %config(noreplace) %{_sysconfdir}/%{_k8s_name}/kubelet.kubeconfig
+%config(noreplace) %{_sysconfdir}/%{_k8s_name}/kubelet_override.yaml
 %config(noreplace) %{_sysconfdir}/%{_k8s_name}/proxy
 %config(noreplace) %{_sysconfdir}/systemd/system.conf.d/kubernetes-accounting.conf
 %{_tmpfilesdir}/kubernetes.conf