diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml
index e84bd9360..876701d75 100644
--- a/.github/workflows/dependency-review.yaml
+++ b/.github/workflows/dependency-review.yaml
@@ -20,7 +20,7 @@ jobs:
         with:
           go-version: '1.21.6'
       - run: go install github.com/securego/gosec/v2/cmd/gosec@latest
-      - run: gosec -exclude=G101,G103,G204 ./...
+      - run: gosec -exclude-generated ./...
         working-directory: nodeadm
   govulncheck:
     runs-on: ubuntu-latest
diff --git a/nodeadm/internal/kubelet/config.go b/nodeadm/internal/kubelet/config.go
index f3643405b..b6ef8b5c4 100644
--- a/nodeadm/internal/kubelet/config.go
+++ b/nodeadm/internal/kubelet/config.go
@@ -6,9 +6,9 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"net"
 	"net/url"
 	"os"
-	"os/exec"
 	"path"
 	"strings"
 	"time"
@@ -171,7 +171,17 @@ func (ksc *kubeletConfig) withOutpostSetup(cfg *api.NodeConfig) error {
 		}
 
 		// TODO: cleanup
-		output, err := exec.Command("getent", "hosts", apiUrl.Host).Output()
+		ipAddresses, err := net.LookupHost(apiUrl.Host)
+		if err != nil {
+			return err
+		}
+		var ipHostMappings []string
+		for _, ip := range ipAddresses {
+			ipHostMappings = append(ipHostMappings, fmt.Sprintf("%s\t%s", ip, apiUrl.Host))
+		}
+		output := strings.Join(ipHostMappings, "\n") + "\n"
+		zap.L().Info(fmt.Sprintf("Log returned ipAddress: %v", output))
+
 		if err != nil {
 			return err
 		}
@@ -182,7 +192,7 @@ func (ksc *kubeletConfig) withOutpostSetup(cfg *api.NodeConfig) error {
 			return err
 		}
 		defer f.Close()
-		if _, err := f.Write(output); err != nil {
+		if _, err := f.WriteString(output); err != nil {
 			return err
 		}
 	}
diff --git a/nodeadm/internal/kubelet/image-credential-provider.go b/nodeadm/internal/kubelet/image-credential-provider.go
index 5b623e082..a245f0fde 100644
--- a/nodeadm/internal/kubelet/image-credential-provider.go
+++ b/nodeadm/internal/kubelet/image-credential-provider.go
@@ -1,3 +1,5 @@
+// #nosec G101
+
 package kubelet
 
 import (
diff --git a/nodeadm/test/e2e/cases/kubeconfig-outpost/config.yaml b/nodeadm/test/e2e/cases/kubeconfig-outpost/config.yaml
new file mode 100644
index 000000000..7ed2c5597
--- /dev/null
+++ b/nodeadm/test/e2e/cases/kubeconfig-outpost/config.yaml
@@ -0,0 +1,11 @@
+---
+apiVersion: node.eks.aws/v1alpha1
+kind: NodeConfig
+spec:
+  cluster:
+    id: my-cluster-id
+    name: my-cluster
+    apiServerEndpoint: http://localhost
+    certificateAuthority: Y2VydGlmaWNhdGVBdXRob3JpdHk=
+    cidr: 10.100.0.0/16
+    enableOutpost: true
diff --git a/nodeadm/test/e2e/cases/kubeconfig-outpost/run.sh b/nodeadm/test/e2e/cases/kubeconfig-outpost/run.sh
new file mode 100755
index 000000000..ca259a73f
--- /dev/null
+++ b/nodeadm/test/e2e/cases/kubeconfig-outpost/run.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+source /helpers.sh
+
+mock::imds
+wait::dbus-ready
+
+mock::kubelet 1.28.0
+nodeadm init --skip run --config-source file://config.yaml
+assert::file-contains /etc/hosts $'127.0.0.1\tlocalhost'
+assert::file-contains /etc/hosts $'::1\tlocalhost'