diff --git a/pkg/controlplane/apiserver/options/options.go b/pkg/controlplane/apiserver/options/options.go
index cce8f3e77a7..a0357aee2e7 100644
--- a/pkg/controlplane/apiserver/options/options.go
+++ b/pkg/controlplane/apiserver/options/options.go
@@ -116,7 +116,7 @@ func NewOptions() *Options {
 		SecureServing:           kubeoptions.NewSecureServingOptions(),
 		Audit:                   genericoptions.NewAuditOptions(),
 		Features:                genericoptions.NewFeatureOptions(),
-		Admission:               kubeoptions.NewAdmissionOptions(),
+		Admission:               kubeoptions.NewAdmissionOptions().WithPlugins(kubeoptions.AdmissionPlugins),
 		Authentication:          kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
 		Authorization:           kubeoptions.NewBuiltInAuthorizationOptions(),
 		APIEnablement:           genericoptions.NewAPIEnablementOptions(),
diff --git a/pkg/kubeapiserver/options/admission.go b/pkg/kubeapiserver/options/admission.go
index de0c0b6d33c..f59894710d2 100644
--- a/pkg/kubeapiserver/options/admission.go
+++ b/pkg/kubeapiserver/options/admission.go
@@ -44,6 +44,17 @@ type AdmissionOptions struct {
 	PluginNames []string
 }
 
+var AdmissionPlugins map[string]func(*admission.Plugins)
+
+func (a *AdmissionOptions) WithPlugins(plugins map[string]func(*admission.Plugins)) *AdmissionOptions {
+	for pluginName, register := range plugins {
+		a.GenericAdmission.RecommendedPluginOrder = append(a.GenericAdmission.RecommendedPluginOrder, pluginName)
+		a.GenericAdmission.DefaultOffPlugins = a.GenericAdmission.DefaultOffPlugins.Insert(pluginName)
+		register(a.GenericAdmission.Plugins)
+	}
+	return a
+}
+
 // NewAdmissionOptions creates a new instance of AdmissionOptions
 // Note:
 //