diff --git a/docs/operations/nodes.md b/docs/operations/nodes.md
index 1c21d6c46..5e6941f5f 100644
--- a/docs/operations/nodes.md
+++ b/docs/operations/nodes.md
@@ -31,6 +31,8 @@ That's it.
 
 Append the new host to the inventory and run `cluster.yml`. You can NOT use `scale.yml` for that.
 
+**Note:** When adding new control plane nodes, always append them to the end of the `kube_control_plane` group in your inventory. Adding control plane nodes in the first position is not supported and will cause the playbook to fail.
+
 ### 2) Restart kube-system/nginx-proxy
 
 In all hosts, restart nginx-proxy pod. This pod is a local proxy for the apiserver. Kubespray will update its static config, but it needs to be restarted in order to reload.
diff --git a/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml b/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml
deleted file mode 100644
index 5faa18485..000000000
--- a/roles/kubernetes/control-plane/tasks/define-first-kube-control.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-
-- name: Check which kube-control nodes are already members of the cluster
-  command: "{{ bin_dir }}/kubectl get nodes --selector=node-role.kubernetes.io/control-plane -o json"
-  register: kube_control_planes_raw
-  ignore_errors: true
-  changed_when: false
-
-- name: Set fact joined_control_planes
-  set_fact:
-    joined_control_planes: "{{ ((kube_control_planes_raw.stdout | from_json)['items']) | default([]) | map(attribute='metadata') | map(attribute='name') | list }}"
-  delegate_to: "{{ item }}"
-  loop: "{{ groups['kube_control_plane'] }}"
-  when: kube_control_planes_raw is succeeded
-  run_once: true
-
-- name: Set fact first_kube_control_plane
-  set_fact:
-    first_kube_control_plane: "{{ joined_control_planes | default([]) | first | default(groups['kube_control_plane'] | first) }}"
diff --git a/roles/kubernetes/control-plane/tasks/main.yml b/roles/kubernetes/control-plane/tasks/main.yml
index a10ad9b8e..a2af046c2 100644
--- a/roles/kubernetes/control-plane/tasks/main.yml
+++ b/roles/kubernetes/control-plane/tasks/main.yml
@@ -92,9 +92,6 @@
     - upgrade
   ignore_errors: true  # noqa ignore-errors
 
-- name: Define nodes already joined to existing cluster and first_kube_control_plane
-  import_tasks: define-first-kube-control.yml
-
 - name: Include kubeadm setup
   import_tasks: kubeadm-setup.yml
 
diff --git a/roles/kubespray_defaults/defaults/main/main.yml b/roles/kubespray_defaults/defaults/main/main.yml
index cd318180c..17289f0db 100644
--- a/roles/kubespray_defaults/defaults/main/main.yml
+++ b/roles/kubespray_defaults/defaults/main/main.yml
@@ -632,6 +632,8 @@ ssl_ca_dirs: |-
   {% endif -%}
   ]
 
+# used for delegating tasks on a working control plane node
+first_kube_control_plane: "{{ groups['kube_control_plane'] | first }}"
 # Vars for pointing to kubernetes api endpoints
 kube_apiserver_count: "{{ groups['kube_control_plane'] | length }}"
 kube_apiserver_address: "{{ hostvars[inventory_hostname]['main_ip'] }}"