diff --git a/data/data/manifests/openshift/kubeconfig-kubelet-secret.yaml.template b/data/data/manifests/openshift/kubeconfig-kubelet-secret.yaml.template
new file mode 100644
index 00000000000..9ac5c57e744
--- /dev/null
+++ b/data/data/manifests/openshift/kubeconfig-kubelet-secret.yaml.template
@@ -0,0 +1,7 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  namespace: openshift-machine-api
+  name: kubeconfig-kubelet-secret
+data:
+  kubeconfig: {{.Base64EncodedKubeconfigKubeletData}}
diff --git a/pkg/asset/manifests/openshift.go b/pkg/asset/manifests/openshift.go
index 4c064771be2..014edf53dcc 100644
--- a/pkg/asset/manifests/openshift.go
+++ b/pkg/asset/manifests/openshift.go
@@ -14,8 +14,9 @@ import (
 	"github.com/openshift/installer/pkg/asset"
 	"github.com/openshift/installer/pkg/asset/installconfig"
 	"github.com/openshift/installer/pkg/asset/installconfig/gcp"
-	kubeconfig "github.com/openshift/installer/pkg/asset/installconfig/kubevirt"
+	"github.com/openshift/installer/pkg/asset/installconfig/kubevirt"
 	"github.com/openshift/installer/pkg/asset/installconfig/ovirt"
+	"github.com/openshift/installer/pkg/asset/kubeconfig"
 	"github.com/openshift/installer/pkg/asset/machines"
 	osmachine "github.com/openshift/installer/pkg/asset/machines/openstack"
 	openstackmanifests "github.com/openshift/installer/pkg/asset/manifests/openstack"
@@ -58,11 +59,13 @@ func (o *Openshift) Dependencies() []asset.Asset {
 	return []asset.Asset{
 		&installconfig.InstallConfig{},
 		&installconfig.ClusterID{},
+		&kubeconfig.Kubelet{},
 		&password.KubeadminPassword{},
 		&openshiftinstall.Config{},
 
 		&openshift.CloudCredsSecret{},
 		&openshift.KubeadminPasswordSecret{},
+		&openshift.KubeconfigKubeletSecret{},
 		&openshift.RoleCloudCredsSecretReader{},
 		&openshift.PrivateClusterOutbound{},
 		&openshift.BaremetalConfig{},
@@ -75,8 +78,9 @@ func (o *Openshift) Generate(dependencies asset.Parents) error {
 	installConfig := &installconfig.InstallConfig{}
 	clusterID := &installconfig.ClusterID{}
 	kubeadminPassword := &password.KubeadminPassword{}
+	kubeconfigKubelet := &kubeconfig.Kubelet{}
 	openshiftInstall := &openshiftinstall.Config{}
-	dependencies.Get(installConfig, kubeadminPassword, clusterID, openshiftInstall)
+	dependencies.Get(installConfig, kubeadminPassword, kubeconfigKubelet, clusterID, openshiftInstall)
 	var cloudCreds cloudCredsSecretData
 	platform := installConfig.Config.Platform.Name()
 	switch platform {
@@ -185,7 +189,7 @@ func (o *Openshift) Generate(dependencies asset.Parents) error {
 			},
 		}
 	case kubevirttypes.Name:
-		kubeconfigContent, err := kubeconfig.LoadKubeConfigContent()
+		kubeconfigContent, err := kubevirt.LoadKubeConfigContent()
 		if err != nil {
 			return err
 		}
@@ -196,13 +200,19 @@ func (o *Openshift) Generate(dependencies asset.Parents) error {
 		}
 	}
 
+	kubeconfigKubeletData, err := yaml.Marshal(kubeconfigKubelet.Config)
+	if err != nil {
+		return err
+	}
 	templateData := &openshiftTemplateData{
-		CloudCreds:                   cloudCreds,
-		Base64EncodedKubeadminPwHash: base64.StdEncoding.EncodeToString(kubeadminPassword.PasswordHash),
+		CloudCreds:                         cloudCreds,
+		Base64EncodedKubeadminPwHash:       base64.StdEncoding.EncodeToString(kubeadminPassword.PasswordHash),
+		Base64EncodedKubeconfigKubeletData: base64.StdEncoding.EncodeToString(kubeconfigKubeletData),
 	}
 
 	cloudCredsSecret := &openshift.CloudCredsSecret{}
 	kubeadminPasswordSecret := &openshift.KubeadminPasswordSecret{}
+	kubeconfigKubeletSecret := &openshift.KubeconfigKubeletSecret{}
 	roleCloudCredsSecretReader := &openshift.RoleCloudCredsSecretReader{}
 	baremetalConfig := &openshift.BaremetalConfig{}
 	rhcosImage := new(rhcos.Image)
@@ -210,12 +220,14 @@ func (o *Openshift) Generate(dependencies asset.Parents) error {
 	dependencies.Get(
 		cloudCredsSecret,
 		kubeadminPasswordSecret,
+		kubeconfigKubeletSecret,
 		roleCloudCredsSecretReader,
 		baremetalConfig,
 		rhcosImage)
 
 	assetData := map[string][]byte{
 		"99_kubeadmin-password-secret.yaml": applyTemplateData(kubeadminPasswordSecret.Files()[0].Data, templateData),
+		"99_kubeconfig-kubelet-secret.yaml": applyTemplateData(kubeconfigKubeletSecret.Files()[0].Data, templateData),
 	}
 
 	switch platform {
diff --git a/pkg/asset/manifests/template.go b/pkg/asset/manifests/template.go
index 4980193b40a..7ebf6aa99b9 100644
--- a/pkg/asset/manifests/template.go
+++ b/pkg/asset/manifests/template.go
@@ -88,6 +88,7 @@ type baremetalTemplateData struct {
 }
 
 type openshiftTemplateData struct {
-	CloudCreds                   cloudCredsSecretData
-	Base64EncodedKubeadminPwHash string
+	CloudCreds                         cloudCredsSecretData
+	Base64EncodedKubeadminPwHash       string
+	Base64EncodedKubeconfigKubeletData string
 }
diff --git a/pkg/asset/templates/content/openshift/kubeconfig-kubelet-secret.go b/pkg/asset/templates/content/openshift/kubeconfig-kubelet-secret.go
new file mode 100644
index 00000000000..1d0bbabb2e5
--- /dev/null
+++ b/pkg/asset/templates/content/openshift/kubeconfig-kubelet-secret.go
@@ -0,0 +1,65 @@
+package openshift
+
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/openshift/installer/pkg/asset"
+	"github.com/openshift/installer/pkg/asset/templates/content"
+)
+
+const (
+	kubeconfigKubeletSecretFileName = "kubeconfig-kubelet-secret.yaml.template"
+)
+
+var _ asset.WritableAsset = (*KubeconfigKubeletSecret)(nil)
+
+// KubeconfigKubeletSecret is the constant to represent contents of
+// kubeconfig-kubelet-password-secret.yaml.template file
+type KubeconfigKubeletSecret struct {
+	FileList []*asset.File
+}
+
+// Dependencies returns all of the dependencies directly needed by the asset
+func (t *KubeconfigKubeletSecret) Dependencies() []asset.Asset {
+	return []asset.Asset{}
+}
+
+// Name returns the human-friendly name of the asset.
+func (t *KubeconfigKubeletSecret) Name() string {
+	return "KubeconfigKubeletSecret"
+}
+
+// Generate generates the actual files by this asset
+func (t *KubeconfigKubeletSecret) Generate(parents asset.Parents) error {
+	fileName := kubeconfigKubeletSecretFileName
+	data, err := content.GetOpenshiftTemplate(fileName)
+	if err != nil {
+		return err
+	}
+	t.FileList = []*asset.File{
+		{
+			Filename: filepath.Join(content.TemplateDir, fileName),
+			Data:     []byte(data),
+		},
+	}
+	return nil
+}
+
+// Files returns the files generated by the asset.
+func (t *KubeconfigKubeletSecret) Files() []*asset.File {
+	return t.FileList
+}
+
+// Load returns the asset from disk.
+func (t *KubeconfigKubeletSecret) Load(f asset.FileFetcher) (bool, error) {
+	file, err := f.FetchByName(filepath.Join(content.TemplateDir, kubeconfigKubeletSecretFileName))
+	if err != nil {
+		if os.IsNotExist(err) {
+			return false, nil
+		}
+		return false, err
+	}
+	t.FileList = []*asset.File{file}
+	return true, nil
+}