diff --git a/brightbox/compute.tf b/brightbox/compute.tf
index 86238d7..eb88ae9 100644
--- a/brightbox/compute.tf
+++ b/brightbox/compute.tf
@@ -28,6 +28,7 @@ data "ct_config" "config-control-plane" {
   strict = true
   content = templatefile("${path.module}/server-configs/control-plane.yaml.tmpl", {
     kubernetes_version = var.kubernetes_version
+    kubernetes_minor   = join(".", [split(".", var.kubernetes_version)[0], split(".", var.kubernetes_version)[1]])
   })
   snippets = [
     data.template_file.core_user.rendered
@@ -38,6 +39,7 @@ data "ct_config" "config-worker" {
   strict = true
   content = templatefile("${path.module}/server-configs/worker.yaml.tmpl", {
     kubernetes_version = var.kubernetes_version
+    kubernetes_minor   = join(".", [split(".", var.kubernetes_version)[0], split(".", var.kubernetes_version)[1]])
     control_plane_ip   = brightbox_cloudip.control-plane.public_ipv4
   })
 }
diff --git a/brightbox/server-configs/control-plane.yaml.tmpl b/brightbox/server-configs/control-plane.yaml.tmpl
index 69cf900..496f6f6 100644
--- a/brightbox/server-configs/control-plane.yaml.tmpl
+++ b/brightbox/server-configs/control-plane.yaml.tmpl
@@ -7,9 +7,9 @@ storage:
       path: /etc/extensions/kubernetes.raw
       hard: false
   files:
-    - path: /etc/sysupdate.kubernetes.d/kubernetes.conf
+    - path: /etc/sysupdate.kubernetes.d/kubernetes-${kubernetes_minor}.conf
       contents:
-        source: https://github.com/flatcar/sysext-bakery/releases/download/latest/kubernetes.conf
+        source: https://github.com/flatcar/sysext-bakery/releases/download/latest/kubernetes-${kubernetes_minor}.conf
     - path: /etc/sysupdate.d/noop.conf
       contents:
         source: https://github.com/flatcar/sysext-bakery/releases/download/latest/noop.conf
@@ -28,7 +28,10 @@ systemd:
             ExecStartPre=/usr/bin/sh -c "readlink --canonicalize /etc/extensions/kubernetes.raw > /tmp/kubernetes"
             ExecStartPre=/usr/lib/systemd/systemd-sysupdate -C kubernetes update
             ExecStartPost=/usr/bin/sh -c "readlink --canonicalize /etc/extensions/kubernetes.raw > /tmp/kubernetes-new"
-            ExecStartPost=/usr/bin/sh -c "[[ $(cat /tmp/kubernetes) != $(cat /tmp/kubernetes-new) ]] && touch /run/reboot-required"
+            ExecStartPost=/usr/bin/sh -c "if ! cmp --silent /tmp/kubernetes /tmp/kubernetes-new; then touch /run/reboot-required; fi"
+    - name: locksmithd.service
+      # NOTE: To coordinate the node reboot in this context, we recommend to use Kured.
+      mask: true
     - name: kubeadm.service
       enabled: true
       contents: |
diff --git a/brightbox/server-configs/worker.yaml.tmpl b/brightbox/server-configs/worker.yaml.tmpl
index dea71e7..9f864ad 100644
--- a/brightbox/server-configs/worker.yaml.tmpl
+++ b/brightbox/server-configs/worker.yaml.tmpl
@@ -7,9 +7,9 @@ storage:
       path: /etc/extensions/kubernetes.raw
       hard: false
   files:
-    - path: /etc/sysupdate.kubernetes.d/kubernetes.conf
+    - path: /etc/sysupdate.kubernetes.d/kubernetes-${kubernetes_minor}.conf
       contents:
-        source: https://github.com/flatcar/sysext-bakery/releases/download/latest/kubernetes.conf
+        source: https://github.com/flatcar/sysext-bakery/releases/download/latest/kubernetes-${kubernetes_minor}.conf
     - path: /etc/sysupdate.d/noop.conf
       contents:
         source: https://github.com/flatcar/sysext-bakery/releases/download/latest/noop.conf
@@ -28,7 +28,10 @@ systemd:
             ExecStartPre=/usr/bin/sh -c "readlink --canonicalize /etc/extensions/kubernetes.raw > /tmp/kubernetes"
             ExecStartPre=/usr/lib/systemd/systemd-sysupdate -C kubernetes update
             ExecStartPost=/usr/bin/sh -c "readlink --canonicalize /etc/extensions/kubernetes.raw > /tmp/kubernetes-new"
-            ExecStartPost=/usr/bin/sh -c "[[ $(cat /tmp/kubernetes) != $(cat /tmp/kubernetes-new) ]] && touch /run/reboot-required"
+            ExecStartPost=/usr/bin/sh -c "if ! cmp --silent /tmp/kubernetes /tmp/kubernetes-new; then touch /run/reboot-required; fi"
+    - name: locksmithd.service
+      # NOTE: To coordinate the node reboot in this context, we recommend to use Kured.
+      mask: true
     - name: kubeadm.service
       enabled: true
       contents: |
diff --git a/brightbox/variables.tf b/brightbox/variables.tf
index ae565a0..4af3b7a 100644
--- a/brightbox/variables.tf
+++ b/brightbox/variables.tf
@@ -11,7 +11,7 @@ variable "release_channel" {
 
   validation {
     condition     = contains(["lts", "stable", "beta", "alpha"], var.release_channel)
-    error_message = "release_channel must be lts, stable, beta, or alpha."
+    error_message = "The variable 'release_channel' must be lts, stable, beta, or alpha."
   }
 }