diff --git a/infrastructure/system-upgrades/kubernetes.yaml b/infrastructure/system-upgrades/kubernetes.yaml
index 309307a9abb33c918072309636032722bcd8784f..34be3b71475691960ce9afefdf663fef3db50795 100644
--- a/infrastructure/system-upgrades/kubernetes.yaml
+++ b/infrastructure/system-upgrades/kubernetes.yaml
@@ -20,15 +20,24 @@ stringData:
     set -x
     secrets="$(dirname "$0")"
     systemd-run --same-dir --wait --collect --service-type=exec dnf upgrade -y kubernetes-kubeadm
-    kubeadm upgrade apply --yes
-    systemd-run --same-dir --wait --collect --service-type=exec dnf upgrade -y kubernetes-kubeadm
+    if [ "$1" = "first" ]; then
+      kubeadm upgrade apply --yes "$(kubeadm version -o short)"
+    else
+      kubeadm upgrade node
+    fi
+    systemd-run --same-dir --wait --collect --service-type=exec dnf upgrade -y kubernetes
+    systemctl restart kubelet.service
   upgrade.sh: |
     #!/bin/bash
     set -e
     set -x
-    secrets="$(dirname "$0")"
-    source "$secrets/setup-copr.sh"
-    source "$secrets/kubernetes-upgrade.sh"
+    secrets="/run/system-upgrade/secrets/"
+    chroot /host sh "$secrets/setup-copr.sh"
+    if ! /host/usr/bin/kubectl get pods -n kube-system -o yaml | grep kube-apiserver:v1.21.10; then
+      chroot /host sh "$secrets/kubernetes-upgrade.sh" "first"
+    else
+      chroot /host sh "$secrets/kubernetes-upgrade.sh"
+    fi
 ---
 apiVersion: upgrade.cattle.io/v1
 kind: Plan
@@ -58,5 +67,4 @@ spec:
   version: "1.0"
   upgrade:
     image: docker.io/library/fedora:35
-    command: ["chroot", "/host"]
-    args: ["sh", "/run/system-upgrade/secrets/kubernetes-upgrade/upgrade.sh"]
+    command: ["sh", "/host/run/system-upgrade/secrets/kubernetes-upgrade/upgrade.sh"]