diff --git a/nodeadm/internal/kubelet/config.go b/nodeadm/internal/kubelet/config.go
index 6fce79f28..e04742d6f 100644
--- a/nodeadm/internal/kubelet/config.go
+++ b/nodeadm/internal/kubelet/config.go
@@ -55,6 +55,8 @@ func (k *kubelet) writeKubeletConfig(cfg *api.NodeConfig) error {
 // KubeletConfiguration types:
 // https://pkg.go.dev/k8s.io/kubelet/config/v1beta1#KubeletConfiguration
 type kubeletConfig struct {
+	metav1.TypeMeta `json:",inline"`
+
 	Address                  string                           `json:"address"`
 	Authentication           k8skubelet.KubeletAuthentication `json:"authentication"`
 	Authorization            k8skubelet.KubeletAuthorization  `json:"authorization"`
@@ -63,6 +65,7 @@ type kubeletConfig struct {
 	ClusterDNS               []string                         `json:"clusterDNS"`
 	ClusterDomain            string                           `json:"clusterDomain"`
 	ContainerRuntimeEndpoint string                           `json:"containerRuntimeEndpoint"`
+	EnforceNodeAllocatable   []string                         `json:"enforceNodeAllocatable"`
 	EvictionHard             map[string]string                `json:"evictionHard,omitempty"`
 	FeatureGates             map[string]bool                  `json:"featureGates"`
 	HairpinMode              string                           `json:"hairpinMode"`
@@ -78,9 +81,9 @@ type kubeletConfig struct {
 	RegisterWithTaints       []v1.Taint                       `json:"registerWithTaints,omitempty"`
 	SerializeImagePulls      bool                             `json:"serializeImagePulls"`
 	ServerTLSBootstrap       bool                             `json:"serverTLSBootstrap"`
+	SystemReserved           map[string]string                `json:"systemReserved,omitempty"`
 	SystemReservedCgroup     *string                          `json:"systemReservedCgroup,omitempty"`
 	TLSCipherSuites          []string                         `json:"tlsCipherSuites"`
-	metav1.TypeMeta          `json:",inline"`
 }
 
 type loggingConfiguration struct {
@@ -119,6 +122,7 @@ func defaultKubeletSubConfig() kubeletConfig {
 		CgroupRoot:               "/",
 		ClusterDomain:            "cluster.local",
 		ContainerRuntimeEndpoint: containerd.ContainerRuntimeEndpoint,
+		EnforceNodeAllocatable:   []string{"pods"},
 		EvictionHard: map[string]string{
 			"memory.available":  "100Mi",
 			"nodefs.available":  "10%",
@@ -261,6 +265,12 @@ func (ksc *kubeletConfig) withCloudProvider(kubeletVersion string, cfg *api.Node
 // config with reserved cgroup values on behalf of the user
 func (ksc *kubeletConfig) withDefaultReservedResources(cfg *api.NodeConfig) {
 	ksc.SystemReservedCgroup = ptr.String("/system")
+	ksc.SystemReserved = map[string]string{
+		"cpu":               "",
+		"memory":            "",
+		"ephemeral-storage": "",
+	}
+
 	ksc.KubeReservedCgroup = ptr.String("/runtime")
 	maxPods, ok := MaxPodsPerInstanceType[cfg.Status.Instance.Type]
 	if !ok {