diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
index 294cf00923..a61575a40b 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
@@ -17,13 +17,14 @@ ETCD_CURL_OPTIONS="--cacert $CERT_DIR/ca.crt \
 --cert $CERT_DIR/client.crt --key $CERT_DIR/client.key"
 ETCD_SERVER_IP=${ETCD_SERVER_IP:-$KUBE_MASTER_IP}
 KUBE_PROTOCOL="https"
-KUBE_CONFIG=""
+KUBECONFIG=/etc/kubernetes/kubeconfig.yaml
 FLANNELD_CONFIG=/etc/sysconfig/flanneld
 
 if [ "$TLS_DISABLED" = "True" ]; then
     PROTOCOL=http
     FLANNEL_OPTIONS=""
     ETCD_CURL_OPTIONS=""
+    KUBE_PROTOCOL="http"
 fi
 
 sed -i '/FLANNEL_OPTIONS/'d $FLANNELD_CONFIG
@@ -32,13 +33,38 @@ cat >> $FLANNELD_CONFIG <<EOF
 FLANNEL_OPTIONS="$FLANNEL_OPTIONS"
 EOF
 
-if [ "$TLS_DISABLED" = "True" ]; then
-    KUBE_PROTOCOL="http"
-else
-    KUBE_CONFIG="--kubeconfig=/etc/kubernetes/kubeconfig.yaml"
-fi
 KUBE_MASTER_URI="$KUBE_PROTOCOL://$KUBE_MASTER_IP:$KUBE_API_PORT"
 
+cat << EOF >> ${KUBECONFIG}
+apiVersion: v1
+kind: Config
+users:
+- name: kubeclient
+  user:
+    client-certificate: ${CERT_DIR}/client.crt
+    client-key: ${CERT_DIR}/client.key
+clusters:
+- name: kubernetes
+  cluster:
+    server: ${KUBE_MASTER_URI}
+    certificate-authority: ${CERT_DIR}/ca.crt
+contexts:
+- context:
+    cluster: kubernetes
+    user: kubeclient
+  name: service-account-context
+current-context: service-account-context
+EOF
+
+if [ "$TLS_DISABLED" = "True" ]; then
+    sed -i 's/^.*user:$//' ${KUBECONFIG}
+    sed -i 's/^.*client-certificate.*$//' ${KUBECONFIG}
+    sed -i 's/^.*client-key.*$//' ${KUBECONFIG}
+    sed -i 's/^.*certificate-authority.*$//' ${KUBECONFIG}
+fi
+
+chmod 0644 ${KUBECONFIG}
+
 sed -i '
     /^KUBE_ALLOW_PRIV=/ s/=.*/="--allow-privileged='"$KUBE_ALLOW_PRIV"'"/
     /^KUBE_ETCD_SERVERS=/ s|=.*|="--etcd-servers=http://'"$ETCD_SERVER_IP"':2379"|
@@ -52,7 +78,7 @@ sed -i '
 # the option --hostname-override for kubelet uses the hostname to register the node.
 # Using any other name will break the load balancer and cinder volume features.
 HOSTNAME_OVERRIDE=$(hostname --short | sed 's/\.novalocal//')
-KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests --cadvisor-port=4194 ${KUBE_CONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
+KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests --cadvisor-port=4194 --kubeconfig ${KUBECONFIG} --hostname-override=${HOSTNAME_OVERRIDE}"
 KUBELET_ARGS="${KUBELET_ARGS} --cluster_dns=${DNS_SERVICE_IP} --cluster_domain=${DNS_CLUSTER_DOMAIN}"
 
 if [ -n "$TRUST_ID" ]; then
@@ -78,12 +104,12 @@ KUBELET_ARGS="${KUBELET_ARGS} --cgroup-driver=systemd"
 sed -i '
     /^KUBELET_ADDRESS=/ s/=.*/="--address=0.0.0.0"/
     /^KUBELET_HOSTNAME=/ s/=.*/=""/
-    /^KUBELET_API_SERVER=/ s|=.*|="--api-servers='"$KUBE_MASTER_URI"'"|
+    s/^KUBELET_API_SERVER=.*$//
     /^KUBELET_ARGS=/ s|=.*|="'"${KUBELET_ARGS}"'"|
 ' /etc/kubernetes/kubelet
 
 sed -i '
-    /^KUBE_PROXY_ARGS=/ s|=.*|='"$KUBE_CONFIG"'|
+    /^KUBE_PROXY_ARGS=/ s|=.*|=--kubeconfig='"$KUBECONFIG"'|
 ' /etc/kubernetes/proxy
 
 if [ "$NETWORK_DRIVER" = "flannel" ]; then
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh b/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
index 1dcfd38487..5d6510dfe5 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/make-cert-client.sh
@@ -114,9 +114,3 @@ usermod -a -G kube_etcd kube
 chmod 550 "${cert_dir}"
 chown -R kube:kube_etcd "${cert_dir}"
 chmod 440 $CLIENT_KEY
-
-sed -i '
-    s|CA_CERT|'"$CA_CERT"'|
-    s|CLIENT_CERT|'"$CLIENT_CERT"'|
-    s|CLIENT_KEY|'"$CLIENT_KEY"'|
-' /etc/kubernetes/kubeconfig.yaml
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/write-kubeconfig.yaml b/magnum/drivers/common/templates/kubernetes/fragments/write-kubeconfig.yaml
deleted file mode 100644
index 838c82b267..0000000000
--- a/magnum/drivers/common/templates/kubernetes/fragments/write-kubeconfig.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-#cloud-config
-merge_how: dict(recurse_array)+list(append)
-write_files:
-  - path: /etc/kubernetes/kubeconfig.yaml
-    owner: "root:root"
-    permissions: "0644"
-    content: |
-      apiVersion: v1
-      kind: Config
-      users:
-      - name: kubeclient
-        user:
-          client-certificate: CLIENT_CERT
-          client-key: CLIENT_KEY
-      clusters:
-      - name: kubernetes
-        cluster:
-          certificate-authority: CA_CERT
-      contexts:
-      - context:
-          cluster: kubernetes
-          user: kubeclient
-        name: service-account-context
-      current-context: service-account-context
diff --git a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
index 16ba69fe4d..53ef59dde7 100644
--- a/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
+++ b/magnum/drivers/k8s_fedora_atomic_v1/templates/kubeminion.yaml
@@ -295,12 +295,6 @@ resources:
             $DNS_SERVICE_IP: {get_param: dns_service_ip}
             $DNS_CLUSTER_DOMAIN: {get_param: dns_cluster_domain}
 
-  write_kubeconfig:
-    type: OS::Heat::SoftwareConfig
-    properties:
-      group: ungrouped
-      config: {get_file: ../../common/templates/kubernetes/fragments/write-kubeconfig.yaml}
-
   write_kube_os_config:
     type: OS::Heat::SoftwareConfig
     properties:
@@ -389,7 +383,6 @@ resources:
       parts:
         - config: {get_resource: disable_selinux}
         - config: {get_resource: write_heat_params}
-        - config: {get_resource: write_kubeconfig}
         - config: {get_resource: write_kube_os_config}
         - config: {get_resource: make_cert}
         - config: {get_resource: configure_docker_storage}
diff --git a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml
index a5d3298c7f..0c7bd45a70 100644
--- a/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml
+++ b/magnum/drivers/k8s_fedora_ironic_v1/templates/kubeminion_software_configs.yaml
@@ -230,12 +230,6 @@ resources:
             $CONTAINER_INFRA_PREFIX: {get_param: container_infra_prefix}
             $ENABLE_CINDER: "False"
 
-  write_kubeconfig:
-    type: OS::Heat::SoftwareConfig
-    properties:
-      group: ungrouped
-      config: {get_file: ../../common/templates/kubernetes/fragments/write-kubeconfig.yaml}
-
   make_cert:
     type: OS::Heat::SoftwareConfig
     properties:
@@ -324,7 +318,6 @@ resources:
       parts:
         - config: {get_resource: disable_selinux}
         - config: {get_resource: write_heat_params}
-        - config: {get_resource: write_kubeconfig}
         - config: {get_resource: make_cert}
         - config: {get_resource: configure_docker_storage}
         - config: {get_resource: configure_docker_registry}