diff --git a/charts/apiserver-webhook/templates/deployment.yaml b/charts/apiserver-webhook/templates/deployment.yaml
index d2011a22..0fc611d2 100644
--- a/charts/apiserver-webhook/templates/deployment.yaml
+++ b/charts/apiserver-webhook/templates/deployment.yaml
@@ -160,7 +160,6 @@ spec:
             - --endpoint-reconciler-type=none
             - --bind-address=$(POD_IP)
             - --secure-port={{ tuple "webhook_apiserver" "podport" "api" $envAll | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-            - --insecure-port=0
             - --tls-cert-file={{ tuple "apiserver_webhook_pod" "server" $envAll.Values.conf.paths.pki "cert" $envAll | include "local.cert_bundle_path" }}
             - --tls-private-key-file={{ tuple "apiserver_webhook_pod" "server" $envAll.Values.conf.paths.pki "key" $envAll | include "local.cert_bundle_path" }}
             - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
diff --git a/charts/apiserver-webhook/values.yaml b/charts/apiserver-webhook/values.yaml
index fa8bbf46..c883e3e5 100644
--- a/charts/apiserver-webhook/values.yaml
+++ b/charts/apiserver-webhook/values.yaml
@@ -40,7 +40,7 @@ labels:
 
 command_prefix:
   - kube-apiserver
-  - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
+  - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
 
 apiserver_webhook:
   logging:
diff --git a/charts/apiserver/values.yaml b/charts/apiserver/values.yaml
index 571cdc9d..08540048 100644
--- a/charts/apiserver/values.yaml
+++ b/charts/apiserver/values.yaml
@@ -29,7 +29,6 @@ const:
     - --etcd-certfile=/etc/kubernetes/apiserver/pki/etcd-client.pem
     - --etcd-keyfile=/etc/kubernetes/apiserver/pki/etcd-client-key.pem
     - --etcd-servers=$(ETCD_ENDPOINTS)
-    - --insecure-port=0
     - --kubelet-certificate-authority=/etc/kubernetes/apiserver/pki/cluster-ca.pem
     - --kubelet-client-certificate=/etc/kubernetes/apiserver/pki/kubelet-client.pem
     - --kubelet-client-key=/etc/kubernetes/apiserver/pki/kubelet-client-key.pem
diff --git a/examples/containerd/Genesis.yaml b/examples/containerd/Genesis.yaml
index 43b5f039..9ba1226a 100644
--- a/examples/containerd/Genesis.yaml
+++ b/examples/containerd/Genesis.yaml
@@ -21,7 +21,7 @@ data:
   apiserver:
     arguments:
       - --authorization-mode=Node,RBAC
-      - --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,EventRateLimit,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota
+      - --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,EventRateLimit,DefaultStorageClass,ResourceQuota
       - --service-cluster-ip-range=10.96.0.0/16
       - --endpoint-reconciler-type=lease
       - --admission-control-config-file=/etc/kubernetes/apiserver/acconfig.yaml
diff --git a/examples/gate/Genesis.yaml b/examples/gate/Genesis.yaml
index 43b5f039..9ba1226a 100644
--- a/examples/gate/Genesis.yaml
+++ b/examples/gate/Genesis.yaml
@@ -21,7 +21,7 @@ data:
   apiserver:
     arguments:
       - --authorization-mode=Node,RBAC
-      - --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,EventRateLimit,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota
+      - --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds,EventRateLimit,DefaultStorageClass,ResourceQuota
       - --service-cluster-ip-range=10.96.0.0/16
       - --endpoint-reconciler-type=lease
       - --admission-control-config-file=/etc/kubernetes/apiserver/acconfig.yaml
diff --git a/promenade/templates/roles/genesis/etc/kubernetes/manifests/bootstrap-armada.yaml b/promenade/templates/roles/genesis/etc/kubernetes/manifests/bootstrap-armada.yaml
index 17de8ab3..c95a3121 100644
--- a/promenade/templates/roles/genesis/etc/kubernetes/manifests/bootstrap-armada.yaml
+++ b/promenade/templates/roles/genesis/etc/kubernetes/manifests/bootstrap-armada.yaml
@@ -156,7 +156,6 @@ spec:
         {%- endfor %}
 {% include "genesis-apiserver.yaml" with context %}
         - --etcd-servers=https://localhost:12379
-        - --insecure-port=0
         - --secure-port=6444
         - --endpoint-reconciler-type=none
       env:
diff --git a/promenade/templates/roles/genesis/etc/kubernetes/manifests/kubernetes-apiserver.yaml b/promenade/templates/roles/genesis/etc/kubernetes/manifests/kubernetes-apiserver.yaml
index 4113327b..18544268 100644
--- a/promenade/templates/roles/genesis/etc/kubernetes/manifests/kubernetes-apiserver.yaml
+++ b/promenade/templates/roles/genesis/etc/kubernetes/manifests/kubernetes-apiserver.yaml
@@ -21,7 +21,6 @@ spec:
         {%- endfor %}
 {% include "genesis-apiserver.yaml" with context %}
         - --etcd-servers=https://localhost:2379
-        - --insecure-port=0
         - --secure-port=6443
       volumeMounts:
         - name: config
diff --git a/tests/unit/api/test_validatedesign.py b/tests/unit/api/test_validatedesign.py
index 45137777..69c25644 100644
--- a/tests/unit/api/test_validatedesign.py
+++ b/tests/unit/api/test_validatedesign.py
@@ -82,7 +82,7 @@ VALID_DOCS = [
             'apiserver': {
                 'command_prefix': [
                     '/apiserver', '--authorization-mode=Node,RBAC',
-                    '--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds',
+                    '--admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds',
                     '--service-cluster-ip-range=10.96.0.0/16',
                     '--endpoint-reconciler-type=lease'
                 ]
diff --git a/tests/unit/builder_data/simple/Genesis.yaml b/tests/unit/builder_data/simple/Genesis.yaml
index 5acf8d47..731238eb 100644
--- a/tests/unit/builder_data/simple/Genesis.yaml
+++ b/tests/unit/builder_data/simple/Genesis.yaml
@@ -14,7 +14,7 @@ data:
     command_prefix:
       - /apiserver
       - --authorization-mode=Node,RBAC
-      - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
+      - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
       - --service-cluster-ip-range=10.96.0.0/16
       - --endpoint-reconciler-type=lease
   armada:
diff --git a/tests/unit/builder_data/simple/armada-resources.yaml b/tests/unit/builder_data/simple/armada-resources.yaml
index 8225eb47..d4d5518f 100644
--- a/tests/unit/builder_data/simple/armada-resources.yaml
+++ b/tests/unit/builder_data/simple/armada-resources.yaml
@@ -628,7 +628,7 @@ data:
     command_prefix:
       - /apiserver
       - --authorization-mode=Node,RBAC
-      - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
+      - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
       - --service-cluster-ip-range=10.96.0.0/16
       - --endpoint-reconciler-type=lease
     apiserver: