diff --git a/helm/cluster/templates/clusterapi/_helpers_files.tpl b/helm/cluster/templates/clusterapi/_helpers_files.tpl
index 6f45a6b0..d47460ef 100644
--- a/helm/cluster/templates/clusterapi/_helpers_files.tpl
+++ b/helm/cluster/templates/clusterapi/_helpers_files.tpl
@@ -1,11 +1,10 @@
 {{- define "cluster.internal.kubeadm.files" }}
-{{- include "cluster.internal.kubeadm.files.sysctl" . }}
-{{- include "cluster.internal.kubeadm.files.systemd" . }}
-{{- include "cluster.internal.kubeadm.files.ssh" . }}
-{{- include "cluster.internal.kubeadm.files.cri" . }}
-{{- include "cluster.internal.kubeadm.files.kubelet" . }}
-{{- include "cluster.internal.kubeadm.files.kubernetes" . }}
-{{- include "cluster.internal.kubeadm.files.proxy" . }}
+{{- include "cluster.internal.kubeadm.files.sysctl" $ }}
+{{- include "cluster.internal.kubeadm.files.systemd" $ }}
+{{- include "cluster.internal.kubeadm.files.ssh" $ }}
+{{- include "cluster.internal.kubeadm.files.cri" $ }}
+{{- include "cluster.internal.kubeadm.files.kubelet" $ }}
+{{- include "cluster.internal.kubeadm.files.proxy" $ }}
 {{- end }}
 
 {{- define "cluster.internal.kubeadm.files.sysctl" }}
@@ -61,19 +60,6 @@
 {{- end }}
 {{- end }}
 
-{{- define "cluster.internal.kubeadm.files.kubernetes" }}
-- path: /etc/kubernetes/policies/audit-policy.yaml
-  permissions: "0600"
-  encoding: base64
-  content: {{ $.Files.Get "files/etc/kubernetes/policies/audit-policy.yaml" | b64enc }}
-- path: /etc/kubernetes/encryption/config.yaml
-  permissions: "0600"
-  contentFrom:
-    secret:
-      name: {{ include "cluster.resource.name" $ }}-encryption-provider-config
-      key: encryption
-{{- end }}
-
 {{- define "cluster.internal.kubeadm.files.proxy" }}
 {{- if and $.Values.global.connectivity.proxy $.Values.global.connectivity.proxy.enabled }}
 - path: /etc/systemd/system/containerd.service.d/http-proxy.conf
diff --git a/helm/cluster/templates/clusterapi/controlplane/_helpers_files.tpl b/helm/cluster/templates/clusterapi/controlplane/_helpers_files.tpl
index 63ae367d..296a87cb 100644
--- a/helm/cluster/templates/clusterapi/controlplane/_helpers_files.tpl
+++ b/helm/cluster/templates/clusterapi/controlplane/_helpers_files.tpl
@@ -1,5 +1,6 @@
 {{- define "cluster.internal.controlPlane.kubeadm.files" }}
-{{- include "cluster.internal.kubeadm.files" . -}}
+{{- include "cluster.internal.kubeadm.files" $ -}}
+{{- include "cluster.internal.kubeadm.files.kubernetes" . }}
 {{- if $.Values.global.controlPlane.oidc.caPem }}
 - path: /etc/ssl/certs/oidc.pem
   permissions: "0600"
@@ -7,3 +8,16 @@
   content: {{ tpl ($.Files.Get "files/etc/ssl/certs/oidc.pem") . | b64enc }}
 {{- end }}
 {{- end }}
+
+{{- define "cluster.internal.kubeadm.files.kubernetes" }}
+- path: /etc/kubernetes/policies/audit-policy.yaml
+  permissions: "0600"
+  encoding: base64
+  content: {{ $.Files.Get "files/etc/kubernetes/policies/audit-policy.yaml" | b64enc }}
+- path: /etc/kubernetes/encryption/config.yaml
+  permissions: "0600"
+  contentFrom:
+    secret:
+      name: {{ include "cluster.resource.name" $ }}-encryption-provider-config
+      key: encryption
+{{- end }}
diff --git a/helm/cluster/templates/clusterapi/controlplane/kubeadmcontrolplane.yaml b/helm/cluster/templates/clusterapi/controlplane/kubeadmcontrolplane.yaml
index 943817e1..67e1fd91 100644
--- a/helm/cluster/templates/clusterapi/controlplane/kubeadmcontrolplane.yaml
+++ b/helm/cluster/templates/clusterapi/controlplane/kubeadmcontrolplane.yaml
@@ -43,7 +43,7 @@ spec:
     joinConfiguration:
       {{- include "cluster.internal.controlPlane.kubeadm.joinConfiguration" $ | indent 6 }}
     files:
-    {{- include "cluster.internal.controlPlane.kubeadm.files" . | indent 4 }}
+    {{- include "cluster.internal.controlPlane.kubeadm.files" $ | indent 4 }}
     preKubeadmCommands:
     {{- include "cluster.internal.controlPlane.kubeadm.preKubeadmCommands" $ | indent 4 }}
     postKubeadmCommands:
diff --git a/helm/cluster/templates/clusterapi/workers/_helpers_files.tpl b/helm/cluster/templates/clusterapi/workers/_helpers_files.tpl
new file mode 100644
index 00000000..908e13e7
--- /dev/null
+++ b/helm/cluster/templates/clusterapi/workers/_helpers_files.tpl
@@ -0,0 +1,3 @@
+{{- define "cluster.internal.workers.kubeadm.files" }}
+{{- include "cluster.internal.kubeadm.files" $ -}}
+{{- end }}
diff --git a/helm/cluster/templates/clusterapi/workers/kubeadmconfig.yaml b/helm/cluster/templates/clusterapi/workers/kubeadmconfig.yaml
index a1e8c180..b077c555 100644
--- a/helm/cluster/templates/clusterapi/workers/kubeadmconfig.yaml
+++ b/helm/cluster/templates/clusterapi/workers/kubeadmconfig.yaml
@@ -32,6 +32,10 @@ spec:
   {{- include "cluster.internal.workers.kubeadm.preKubeadmCommands" $ | indent 2 }}
   postKubeadmCommands:
   {{- include "cluster.internal.workers.kubeadm.postKubeadmCommands" $ | indent 2 }}
+  users:
+  {{- include "cluster.internal.kubeadm.users" $ | indent 2 }}
+  files:
+  {{- include "cluster.internal.workers.kubeadm.files" $ | indent 2 }}
 ---
 {{- end }}
 {{- end }}