diff --git a/cmd/kubeadm/app/phases/addons/addons.go b/cmd/kubeadm/app/phases/addons/addons.go
index 4963f2f65f4..d954aae1f75 100644
--- a/cmd/kubeadm/app/phases/addons/addons.go
+++ b/cmd/kubeadm/app/phases/addons/addons.go
@@ -110,7 +110,6 @@ func CreateKubeProxyAddon(configMapBytes, daemonSetbytes []byte, client *clients
 	if err := kuberuntime.DecodeInto(api.Codecs.UniversalDecoder(), daemonSetbytes, kubeproxyDaemonSet); err != nil {
 		return fmt.Errorf("unable to decode kube-proxy daemonset %v", err)
 	}
-	kubeproxyDaemonSet.Spec.Template.Spec.Tolerations = []v1.Toleration{kubeadmconstants.MasterToleration}
 
 	if _, err := client.ExtensionsV1beta1().DaemonSets(metav1.NamespaceSystem).Create(kubeproxyDaemonSet); err != nil {
 		if !apierrors.IsAlreadyExists(err) {
@@ -129,13 +128,6 @@ func CreateKubeDNSAddon(deploymentBytes, serviceBytes []byte, client *clientset.
 	if err := kuberuntime.DecodeInto(api.Codecs.UniversalDecoder(), deploymentBytes, kubednsDeployment); err != nil {
 		return fmt.Errorf("unable to decode kube-dns deployment %v", err)
 	}
-	kubednsDeployment.Spec.Template.Spec.Tolerations = []v1.Toleration{
-		kubeadmconstants.MasterToleration,
-		{
-			Key:      "CriticalAddonsOnly",
-			Operator: "Exists",
-		},
-	}
 
 	if _, err := client.ExtensionsV1beta1().Deployments(metav1.NamespaceSystem).Create(kubednsDeployment); err != nil {
 		if !apierrors.IsAlreadyExists(err) {
diff --git a/cmd/kubeadm/app/phases/addons/manifests.go b/cmd/kubeadm/app/phases/addons/manifests.go
index 27be7137892..a9425ed6f2b 100644
--- a/cmd/kubeadm/app/phases/addons/manifests.go
+++ b/cmd/kubeadm/app/phases/addons/manifests.go
@@ -85,10 +85,9 @@ spec:
           readOnly: false
       hostNetwork: true
       serviceAccountName: kube-proxy
-      # TODO: Why doesn't the Decoder recognize this new field and decode it properly? Right now it's ignored
-      # tolerations:
-      # - key: {{ .MasterTaintKey }}
-      #   effect: NoSchedule
+      tolerations:
+      - key: {{ .MasterTaintKey }}
+        effect: NoSchedule
       volumes:
       - name: kube-proxy
         configMap:
@@ -101,7 +100,6 @@ spec:
 	KubeDNSVersion = "1.14.4"
 
 	KubeDNSDeployment = `
-
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
@@ -125,8 +123,6 @@ spec:
     metadata:
       labels:
         k8s-app: kube-dns
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
       volumes:
       - name: kube-dns-config
@@ -252,12 +248,11 @@ spec:
             cpu: 10m
       dnsPolicy: Default  # Don't use cluster DNS.
       serviceAccountName: kube-dns
-      # TODO: Why doesn't the Decoder recognize this new field and decode it properly? Right now it's ignored
-      # tolerations:
-      # - key: CriticalAddonsOnly
-      #   operator: Exists
-      # - key: {{ .MasterTaintKey }}
-      #   effect: NoSchedule
+      tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - key: {{ .MasterTaintKey }}
+        effect: NoSchedule
       # TODO: Remove this affinity field as soon as we are using manifest lists
       affinity:
         nodeAffinity: