diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
index c8f0f66405..7811ac52ce 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
@@ -432,7 +432,7 @@ if [ -f /etc/sysconfig/docker ] ; then
 fi
 
 KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
-KUBELET_ARGS="${KUBELET_ARGS} --register-with-taints=CriticalAddonsOnly=True:NoSchedule,dedicated=master:NoSchedule"
+KUBELET_ARGS="${KUBELET_ARGS} --register-with-taints=node-role.kubernetes.io/master=:NoSchedule"
 KUBELET_ARGS="${KUBELET_ARGS} --node-labels=magnum.openstack.org/role=${NODEGROUP_ROLE}"
 KUBELET_ARGS="${KUBELET_ARGS} --node-labels=magnum.openstack.org/nodegroup=${NODEGROUP_NAME}"
 
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/enable-helm-tiller.sh b/magnum/drivers/common/templates/kubernetes/fragments/enable-helm-tiller.sh
index d958d84153..fbd09b9eb8 100755
--- a/magnum/drivers/common/templates/kubernetes/fragments/enable-helm-tiller.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/enable-helm-tiller.sh
@@ -139,13 +139,14 @@ spec:
           readOnly: true
       serviceAccountName: tiller
       tolerations:
-      # make runnable on master nodes
-      - key: dedicated
-        value: master
-        effect: NoSchedule
+      # Make sure the pod can be scheduled on master kubelet.
+      - effect: NoSchedule
+        operator: Exists
+      # Mark the pod as a critical add-on for rescheduling.
       - key: CriticalAddonsOnly
-        value: "True"
-        effect: NoSchedule
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
       # run only on master nodes
       nodeSelector:
         node-role.kubernetes.io/master: ""
diff --git a/magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh b/magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh
index e647f293b1..5687c27935 100644
--- a/magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh
+++ b/magnum/drivers/common/templates/kubernetes/fragments/kube-apiserver-to-kubelet-role.sh
@@ -378,14 +378,14 @@ spec:
       - key: node.cloudprovider.kubernetes.io/uninitialized
         value: "true"
         effect: NoSchedule
-      # this is to have the daemonset runnable on master nodes
-      # the taint may vary depending on your cluster setup
-      - key: dedicated
-        value: master
-        effect: NoSchedule
+      # Make sure the pod can be scheduled on master kubelet.
+      - effect: NoSchedule
+        operator: Exists
+      # Mark the pod as a critical add-on for rescheduling.
       - key: CriticalAddonsOnly
-        value: "True"
-        effect: NoSchedule
+        operator: Exists
+      - effect: NoExecute
+        operator: Exists
       # this is to restrict CCM to only run on master nodes
       # the node selector may vary depending on your cluster setup
       nodeSelector:
diff --git a/releasenotes/notes/improve-k8s-master-kubelet-taint-0c56ffede270116d.yaml b/releasenotes/notes/improve-k8s-master-kubelet-taint-0c56ffede270116d.yaml
new file mode 100644
index 0000000000..e33a944191
--- /dev/null
+++ b/releasenotes/notes/improve-k8s-master-kubelet-taint-0c56ffede270116d.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    The taint of master node kubelet has been improved to get the
+    conformance test (sonobuoy) passed.