diff --git a/pkg/client/unversioned/helper.go b/pkg/client/unversioned/helper.go
index dbd7d85ce6a..2aa90b203df 100644
--- a/pkg/client/unversioned/helper.go
+++ b/pkg/client/unversioned/helper.go
@@ -100,6 +100,9 @@ type KubeletConfig struct {
 	// TLSClientConfig contains settings to enable transport layer security
 	TLSClientConfig
 
+	// Server requires Bearer authentication
+	BearerToken string
+
 	// HTTPTimeout is used by the client to timeout http requests to Kubelet.
 	HTTPTimeout time.Duration
 
diff --git a/pkg/client/unversioned/kubelet.go b/pkg/client/unversioned/kubelet.go
index 975e13a67da..4f54f31d7c0 100644
--- a/pkg/client/unversioned/kubelet.go
+++ b/pkg/client/unversioned/kubelet.go
@@ -50,14 +50,20 @@ func MakeTransport(config *KubeletConfig) (http.RoundTripper, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	transport := http.DefaultTransport
 	if config.Dial != nil || tlsConfig != nil {
-		return util.SetTransportDefaults(&http.Transport{
+		transport = util.SetTransportDefaults(&http.Transport{
 			Dial:            config.Dial,
 			TLSClientConfig: tlsConfig,
-		}), nil
-	} else {
-		return http.DefaultTransport, nil
+		})
 	}
+
+	if len(config.BearerToken) > 0 {
+		transport = NewBearerAuthRoundTripper(config.BearerToken, transport)
+	}
+
+	return transport, nil
 }
 
 // TODO: this structure is questionable, it should be using client.Config and overriding defaults.