diff --git a/nodeadm/internal/kubelet/config.go b/nodeadm/internal/kubelet/config.go
index ecf66a271..971efcf3d 100644
--- a/nodeadm/internal/kubelet/config.go
+++ b/nodeadm/internal/kubelet/config.go
@@ -201,9 +201,12 @@ func (ksc *kubeletSubConfig) withNodeIp(cfg *api.NodeConfig, kubeletArguments ma
 
 func (ksc *kubeletSubConfig) withVersionToggles(kubeletVersion string, kubeletArguments map[string]string) {
 	// TODO: remove when 1.26 is EOL
-	// --container-runtime flag is gone in 1.27+
 	if semver.Compare(kubeletVersion, "v1.27.0") < 0 {
+		// --container-runtime flag is gone in 1.27+
 		kubeletArguments["container-runtime"] = "remote"
+		// --container-runtime-endpoint moved to kubelet config start from 1.27
+		// https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md?plain=1#L1800-L1801
+		kubeletArguments["container-runtime-endpoint"] = "unix:///run/containerd/containerd.sock"
 	}
 
 	// TODO: Remove this during 1.27 EOL
@@ -220,27 +223,16 @@ func (ksc *kubeletSubConfig) withVersionToggles(kubeletVersion string, kubeletAr
 	}
 }
 
-func (ksc *kubeletSubConfig) withCloudProvider(kubeletVersion string, cfg *api.NodeConfig, kubeletArguments map[string]string) {
-	if semver.Compare(kubeletVersion, "v1.26.0") < 0 {
-		// TODO: remove when 1.25 is EOL
-		kubeletArguments["cloud-provider"] = "aws"
-	} else {
-		// ref: https://github.com/kubernetes/kubernetes/pull/121367
-		kubeletArguments["cloud-provider"] = "external"
-
-		// provider ID needs to be specified when the cloud provider is
-		// external. evaluate if this can be done within the cloud controller.
-		// since the values are coming from IMDS this might not be feasible
-		providerId := getProviderId(cfg.Status.Instance.AvailabilityZone, cfg.Status.Instance.ID)
-		ksc.ProviderID = &providerId
+func (ksc *kubeletSubConfig) withCloudProvider(cfg *api.NodeConfig, kubeletArguments map[string]string) {
+	// ref: https://github.com/kubernetes/kubernetes/pull/121367
+	kubeletArguments["cloud-provider"] = "external"
 
-		// When the external cloud provider is used, kubelet will use /etc/hostname as the name of the Node object.
-		// If the VPC has a custom `domain-name` in its DHCP options set, and the VPC has `enableDnsHostnames` set to `true`,
-		// then /etc/hostname is not the same as EC2's PrivateDnsName.
-		// The name of the Node object must be equal to EC2's PrivateDnsName for the aws-iam-authenticator to allow this kubelet to manage it.
-
-		// k.additionalArguments["hostname-override"] = cfg.Status.Instance.ID
-	}
+	// provider ID needs to be specified when the cloud provider is
+	// external. evaluate if this can be done within the cloud controller.
+	// since the values are coming from IMDS this might not be feasible
+	providerId := getProviderId(cfg.Status.Instance.AvailabilityZone, cfg.Status.Instance.ID)
+	ksc.ProviderID = &providerId
+	kubeletArguments["hostname-override"] = cfg.Status.Instance.ID
 }
 
 // When the DefaultReservedResources flag is enabled, override the kubelet
@@ -270,7 +262,7 @@ func (k *kubelet) GenerateKubeletConfig(cfg *api.NodeConfig) (*kubeletSubConfig,
 	}
 
 	kubeletConfig.withVersionToggles(kubeletVersion, k.additionalArguments)
-	kubeletConfig.withCloudProvider(kubeletVersion, cfg, k.additionalArguments)
+	kubeletConfig.withCloudProvider(cfg, k.additionalArguments)
 
 	if featuregates.DefaultTrue(featuregates.DefaultReservedResources, cfg.Spec.FeatureGates) {
 		kubeletConfig.withDefaultReservedResources()
diff --git a/nodeadm/internal/kubelet/config_test.go b/nodeadm/internal/kubelet/config_test.go
index 6435cbd79..543a2bb9f 100644
--- a/nodeadm/internal/kubelet/config_test.go
+++ b/nodeadm/internal/kubelet/config_test.go
@@ -31,13 +31,15 @@ func TestKubeletCredentialProvidersFeatureFlag(t *testing.T) {
 }
 
 func TestContainerRuntime(t *testing.T) {
+
+	expectedContainerRuntimeEndpoint := "unix:///run/containerd/containerd.sock"
 	var tests = []struct {
-		kubeletVersion string
-		expectedValue  *string
+		kubeletVersion           string
+		expectedContainerRuntime *string
 	}{
-		{kubeletVersion: "v1.26.0", expectedValue: ptr.String("remote")},
-		{kubeletVersion: "v1.27.0", expectedValue: nil},
-		{kubeletVersion: "v1.28.0", expectedValue: nil},
+		{kubeletVersion: "v1.26.0", expectedContainerRuntime: ptr.String("remote")},
+		{kubeletVersion: "v1.27.0", expectedContainerRuntime: nil},
+		{kubeletVersion: "v1.28.0", expectedContainerRuntime: nil},
 	}
 
 	for _, test := range tests {
@@ -45,11 +47,20 @@ func TestContainerRuntime(t *testing.T) {
 		kubetConfig := defaultKubeletSubConfig()
 		kubetConfig.withVersionToggles(test.kubeletVersion, kubeletAruments)
 		containerRuntime, present := kubeletAruments["container-runtime"]
-		if test.expectedValue == nil && present {
-			t.Errorf("container-runtime shouldn't be set for versions %s", test.kubeletVersion)
-		} else if test.expectedValue != nil && *test.expectedValue != containerRuntime {
-			t.Errorf("expected %v but got %s for container-runtime", *test.expectedValue, containerRuntime)
+		if test.expectedContainerRuntime == nil {
+			if present {
+				t.Errorf("container-runtime shouldn't be set for versions %s", test.kubeletVersion)
+			} else {
+				assert.Equal(t, expectedContainerRuntimeEndpoint, kubetConfig.ContainerRuntimeEndpoint)
+			}
+		} else if test.expectedContainerRuntime != nil {
+			if *test.expectedContainerRuntime != containerRuntime {
+				t.Errorf("expected %v but got %s for container-runtime", *test.expectedContainerRuntime, containerRuntime)
+			} else {
+				assert.Equal(t, expectedContainerRuntimeEndpoint, kubeletAruments["container-runtime-endpoint"])
+			}
 		}
+
 	}
 }
 
@@ -80,8 +91,8 @@ func TestProviderID(t *testing.T) {
 		kubeletVersion        string
 		expectedCloudProvider string
 	}{
-		{kubeletVersion: "v1.23.0", expectedCloudProvider: "aws"},
-		{kubeletVersion: "v1.25.0", expectedCloudProvider: "aws"},
+		{kubeletVersion: "v1.23.0", expectedCloudProvider: "external"},
+		{kubeletVersion: "v1.25.0", expectedCloudProvider: "external"},
 		{kubeletVersion: "v1.26.0", expectedCloudProvider: "external"},
 		{kubeletVersion: "v1.27.0", expectedCloudProvider: "external"},
 	}
@@ -99,7 +110,7 @@ func TestProviderID(t *testing.T) {
 	for _, test := range tests {
 		kubeletAruments := make(map[string]string)
 		kubetConfig := defaultKubeletSubConfig()
-		kubetConfig.withCloudProvider(test.kubeletVersion, &nodeConfig, kubeletAruments)
+		kubetConfig.withCloudProvider(&nodeConfig, kubeletAruments)
 		assert.Equal(t, test.expectedCloudProvider, kubeletAruments["cloud-provider"])
 		if kubeletAruments["cloud-provider"] == "external" {
 			assert.Equal(t, *kubetConfig.ProviderID, providerId)