diff --git a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml
index 3b4e8888a3..8dde8962e7 100644
--- a/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml
+++ b/tools/packaging/kata-deploy/kata-deploy/base/kata-deploy.yaml
@@ -39,6 +39,8 @@ spec:
               value: "false"
             - name: CREATE_DEFAULT_RUNTIMECLASS
               value: "false"
+            - name: ALLOWED_HYPERVISOR_ANNOTATIONS
+              value: ""
           securityContext:
             privileged: true
           volumeMounts:
diff --git a/tools/packaging/kata-deploy/scripts/kata-deploy.sh b/tools/packaging/kata-deploy/scripts/kata-deploy.sh
index 9d60a7ad04..da4c7adc89 100755
--- a/tools/packaging/kata-deploy/scripts/kata-deploy.sh
+++ b/tools/packaging/kata-deploy/scripts/kata-deploy.sh
@@ -15,9 +15,15 @@ containerd_conf_file="/etc/containerd/config.toml"
 containerd_conf_file_backup="${containerd_conf_file}.bak"
 
 IFS=' ' read -a shims <<< "$SHIMS"
-
 default_shim="$DEFAULT_SHIM"
 
+IFS=' ' read -a non_formatted_allowed_hypervisor_annotations <<< "$ALLOWED_HYPERVISOR_ANNOTATIONS"
+allowed_hypervisor_annotations=""
+for allowed_hypervisor_annotation in "${non_formatted_allowed_hypervisor_annotations[@]}"; do
+	allowed_hypervisor_annotations+="\"$allowed_hypervisor_annotation\", "
+done
+allowed_hypervisor_annotations=$(echo $allowed_hypervisor_annotations | sed 's/,$//')
+
 # If we fail for any reason a message will be displayed
 die() {
         msg="$*"
@@ -105,15 +111,20 @@ function install_artifacts() {
 	[ -d /opt/kata/runtime-rs/bin ] && \
 		chmod +x /opt/kata/runtime-rs/bin/*
 
-	# Allow enabling debug for Kata Containers
-	if [[ "${DEBUG}" == "true" ]]; then
-		config_path="/opt/kata/share/defaults/kata-containers/"
-		for shim in "${shims[@]}"; do
-			sed -i -e 's/^#\(enable_debug\).*=.*$/\1 = true/g' "${config_path}/configuration-${shim}.toml"
-			sed -i -e 's/^#\(debug_console_enabled\).*=.*$/\1 = true/g' "${config_path}/configuration-${shim}.toml"
-			sed -i -e 's/^kernel_params = "\(.*\)"/kernel_params = "\1 agent.log=debug initcall_debug"/g' "${config_path}/configuration-${shim}.toml"
-		done
-	fi
+	config_path="/opt/kata/share/defaults/kata-containers/"
+	for shim in "${shims[@]}"; do
+		local kata_config_file="${config_path}/configuration-${shim}.toml"
+		# Allow enabling debug for Kata Containers
+		if [[ "${DEBUG}" == "true" ]]; then
+			sed -i -e 's/^#\(enable_debug\).*=.*$/\1 = true/g' "${kata_config_file}"
+			sed -i -e 's/^#\(debug_console_enabled\).*=.*$/\1 = true/g' "${kata_config_file}"
+			sed -i -e 's/^kernel_params = "\(.*\)"/kernel_params = "\1 agent.log=debug initcall_debug"/g' "${kata_config_file}"
+		fi
+
+		if [ -n "${allowed_hypervisor_annotations}" ]; then
+			sed -i -e "s/^enable_annotations = \[\(.*\)\]/enable_annotations = [\1, $allowed_hypervisor_annotations]/" "${kata_config_file}"
+		fi
+	done
 
 	# Allow Mariner to use custom configuration.
 	if [ "${HOST_OS:-}" == "cbl-mariner" ]; then
@@ -124,6 +135,7 @@ function install_artifacts() {
 		sed -i -E "s|(path) = \".+/cloud-hypervisor\"|\1 = \"${clh_path}\"|" "${config_path}"
 	fi
 
+
 	if [[ "${CREATE_RUNTIMECLASSES}" == "true" ]]; then
 		create_runtimeclasses
 	fi
@@ -415,6 +427,7 @@ function main() {
 	echo "* DEFAULT_SHIM: ${DEFAULT_SHIM}"
 	echo "* CREATE_RUNTIMECLASSES: ${CREATE_RUNTIMECLASSES}"
 	echo "* CREATE_DEFAULT_RUNTIMECLASS: ${CREATE_DEFAULT_RUNTIMECLASS}"
+	echo "* ALLOWED_HYPERVISOR_ANNOTATIONS: ${ALLOWED_HYPERVISOR_ANNOTATIONS}"
 
 	# script requires that user is root
 	euid=$(id -u)