diff --git a/cmd/kubeadm/app/constants/constants.go b/cmd/kubeadm/app/constants/constants.go
index dcccaadd1ec..e31aab9e3be 100644
--- a/cmd/kubeadm/app/constants/constants.go
+++ b/cmd/kubeadm/app/constants/constants.go
@@ -371,6 +371,10 @@ const (
 	// to avoid kubeadm dependency on the internal module
 	// TODO: share Mode* constants in component config
 
+	// ModeAlwaysAllow is the mode to set all requests as authorized
+	ModeAlwaysAllow string = "AlwaysAllow"
+	// ModeAlwaysDeny is the mode to set no requests as authorized
+	ModeAlwaysDeny string = "AlwaysDeny"
 	// ModeABAC is the mode to use Attribute Based Access Control to authorize
 	ModeABAC string = "ABAC"
 	// ModeWebhook is the mode to make an external webhook call to authorize
diff --git a/cmd/kubeadm/app/phases/controlplane/BUILD b/cmd/kubeadm/app/phases/controlplane/BUILD
index e77fd83c184..9763d90f066 100644
--- a/cmd/kubeadm/app/phases/controlplane/BUILD
+++ b/cmd/kubeadm/app/phases/controlplane/BUILD
@@ -18,7 +18,6 @@ go_test(
         "//cmd/kubeadm/app/constants:go_default_library",
         "//cmd/kubeadm/app/phases/certs:go_default_library",
         "//cmd/kubeadm/test:go_default_library",
-        "//pkg/kubeapiserver/authorizer/modes:go_default_library",
         "//staging/src/k8s.io/api/core/v1:go_default_library",
         "//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
     ],
diff --git a/cmd/kubeadm/app/phases/controlplane/manifests_test.go b/cmd/kubeadm/app/phases/controlplane/manifests_test.go
index c11d2d993e4..da689d9fa9d 100644
--- a/cmd/kubeadm/app/phases/controlplane/manifests_test.go
+++ b/cmd/kubeadm/app/phases/controlplane/manifests_test.go
@@ -29,7 +29,6 @@ import (
 	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
 	kubeadmconstants "k8s.io/kubernetes/cmd/kubeadm/app/constants"
 	"k8s.io/kubernetes/cmd/kubeadm/app/phases/certs"
-	authzmodes "k8s.io/kubernetes/pkg/kubeapiserver/authorizer/modes"
 
 	testutil "k8s.io/kubernetes/cmd/kubeadm/test"
 )
@@ -360,7 +359,7 @@ func TestGetAPIServerCommand(t *testing.T) {
 				APIServer: kubeadmapi.APIServer{
 					ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{
 						ExtraArgs: map[string]string{
-							"authorization-mode": authzmodes.ModeABAC,
+							"authorization-mode": kubeadmconstants.ModeABAC,
 						},
 					},
 				},
@@ -448,7 +447,7 @@ func TestGetAPIServerCommand(t *testing.T) {
 				APIServer: kubeadmapi.APIServer{
 					ControlPlaneComponent: kubeadmapi.ControlPlaneComponent{
 						ExtraArgs: map[string]string{
-							"authorization-mode": authzmodes.ModeWebhook,
+							"authorization-mode": kubeadmconstants.ModeWebhook,
 						},
 					},
 				},
@@ -899,37 +898,37 @@ func TestGetAuthzModes(t *testing.T) {
 		},
 		{
 			name:     "add missing Node",
-			authMode: []string{authzmodes.ModeRBAC},
+			authMode: []string{kubeadmconstants.ModeRBAC},
 			expected: "Node,RBAC",
 		},
 		{
 			name:     "add missing RBAC",
-			authMode: []string{authzmodes.ModeNode},
+			authMode: []string{kubeadmconstants.ModeNode},
 			expected: "Node,RBAC",
 		},
 		{
 			name:     "add defaults to ABAC",
-			authMode: []string{authzmodes.ModeABAC},
+			authMode: []string{kubeadmconstants.ModeABAC},
 			expected: "Node,RBAC,ABAC",
 		},
 		{
 			name:     "add defaults to RBAC+Webhook",
-			authMode: []string{authzmodes.ModeRBAC, authzmodes.ModeWebhook},
+			authMode: []string{kubeadmconstants.ModeRBAC, kubeadmconstants.ModeWebhook},
 			expected: "Node,RBAC,Webhook",
 		},
 		{
 			name:     "add default to Webhook",
-			authMode: []string{authzmodes.ModeWebhook},
+			authMode: []string{kubeadmconstants.ModeWebhook},
 			expected: "Node,RBAC,Webhook",
 		},
 		{
 			name:     "AlwaysAllow ignored",
-			authMode: []string{authzmodes.ModeAlwaysAllow},
+			authMode: []string{kubeadmconstants.ModeAlwaysAllow},
 			expected: "Node,RBAC",
 		},
 		{
 			name:     "AlwaysDeny ignored",
-			authMode: []string{authzmodes.ModeAlwaysDeny},
+			authMode: []string{kubeadmconstants.ModeAlwaysDeny},
 			expected: "Node,RBAC",
 		},
 		{
@@ -939,12 +938,12 @@ func TestGetAuthzModes(t *testing.T) {
 		},
 		{
 			name:     "Multiple ignored",
-			authMode: []string{authzmodes.ModeAlwaysAllow, authzmodes.ModeAlwaysDeny, "foo"},
+			authMode: []string{kubeadmconstants.ModeAlwaysAllow, kubeadmconstants.ModeAlwaysDeny, "foo"},
 			expected: "Node,RBAC",
 		},
 		{
 			name:     "all",
-			authMode: []string{authzmodes.ModeNode, authzmodes.ModeRBAC, authzmodes.ModeWebhook, authzmodes.ModeABAC},
+			authMode: []string{kubeadmconstants.ModeNode, kubeadmconstants.ModeRBAC, kubeadmconstants.ModeWebhook, kubeadmconstants.ModeABAC},
 			expected: "Node,RBAC,ABAC,Webhook",
 		},
 	}