diff --git a/cmd/kops-controller/pkg/server/node_config.go b/cmd/kops-controller/pkg/server/node_config.go
index fccc98b321..2194fd9b16 100644
--- a/cmd/kops-controller/pkg/server/node_config.go
+++ b/cmd/kops-controller/pkg/server/node_config.go
@@ -21,7 +21,6 @@ import (
 	"fmt"
 
 	"k8s.io/klog/v2"
-	"k8s.io/kops/pkg/apis/kops/registry"
 	"k8s.io/kops/pkg/apis/nodeup"
 	"k8s.io/kops/pkg/bootstrap"
 )
@@ -39,18 +38,6 @@ func (s *Server) getNodeConfig(ctx context.Context, req *nodeup.BootstrapRequest
 	// Note: For now, we're assuming there is only a single cluster, and it is ours.
 	// We therefore use the configured base path
 
-	// Today we load the full cluster config from the state store (e.g. S3) every time
-	// TODO: we should generate it on the fly (to allow for cluster reconfiguration)
-	{
-		p := s.configBase.Join(registry.PathClusterCompleted)
-
-		b, err := p.ReadFile(ctx)
-		if err != nil {
-			return nil, fmt.Errorf("error loading cluster config %q: %w", p, err)
-		}
-		nodeConfig.ClusterFullConfig = string(b)
-	}
-
 	{
 		p := s.configBase.Join("igconfig", "node", instanceGroupName, "nodeupconfig.yaml")
 
diff --git a/pkg/apis/nodeup/bootstrap.go b/pkg/apis/nodeup/bootstrap.go
index 695ed4c670..300eb1c6a7 100644
--- a/pkg/apis/nodeup/bootstrap.go
+++ b/pkg/apis/nodeup/bootstrap.go
@@ -54,9 +54,6 @@ type BootstrapResponse struct {
 
 // NodeConfig holds configuration needed to boot a node (without the kops state store)
 type NodeConfig struct {
-	// ClusterFullConfig holds the completed configuration for the cluster.
-	ClusterFullConfig string `json:"clusterFullConfig,omitempty"`
-
 	// NodeupConfig holds the nodeup.Config for the node's instance group.
 	NodeupConfig string `json:"nodeupConfig,omitempty"`
 
diff --git a/pkg/apis/nodeup/config.go b/pkg/apis/nodeup/config.go
index f569699435..f32f5e1ddf 100644
--- a/pkg/apis/nodeup/config.go
+++ b/pkg/apis/nodeup/config.go
@@ -44,6 +44,9 @@ type Config struct {
 	// Packages specifies additional packages to be installed.
 	Packages []string `json:"packages,omitempty"`
 
+	// ConfigStore configures the stores that nodes use to get their configuration when they don't use kops-controller.
+	ConfigStore *kops.ConfigStoreSpec `json:"configStore,omitempty"`
+
 	// EtcdClusterNames are the names of the etcd clusters.
 	EtcdClusterNames []string `json:",omitempty"`
 	// EtcdManifests are the manifests for running etcd.
@@ -365,6 +368,13 @@ func NewConfig(cluster *kops.Cluster, instanceGroup *kops.InstanceGroup) (*Confi
 		}
 	}
 
+	if instanceGroup.HasAPIServer() || !model.UseKopsControllerForNodeConfig(cluster) {
+		config.ConfigStore = &kops.ConfigStoreSpec{
+			Keypairs: cluster.Spec.ConfigStore.Keypairs,
+			Secrets:  cluster.Spec.ConfigStore.Secrets,
+		}
+	}
+
 	if instanceGroup.HasAPIServer() || cluster.UsesLegacyGossip() {
 		config.Networking.EgressProxy = cluster.Spec.Networking.EgressProxy
 	}
diff --git a/upup/pkg/fi/nodeup/command.go b/upup/pkg/fi/nodeup/command.go
index b5693e0843..cd5f656b1a 100644
--- a/upup/pkg/fi/nodeup/command.go
+++ b/upup/pkg/fi/nodeup/command.go
@@ -43,12 +43,10 @@ import (
 	"k8s.io/kops/nodeup/pkg/model/networking"
 	api "k8s.io/kops/pkg/apis/kops"
 	kopsmodel "k8s.io/kops/pkg/apis/kops/model"
-	"k8s.io/kops/pkg/apis/kops/registry"
 	"k8s.io/kops/pkg/apis/nodeup"
 	"k8s.io/kops/pkg/assets"
 	"k8s.io/kops/pkg/bootstrap"
 	"k8s.io/kops/pkg/configserver"
-	"k8s.io/kops/pkg/kopscodecs"
 	"k8s.io/kops/pkg/kopscontrollerclient"
 	"k8s.io/kops/pkg/resolver"
 	"k8s.io/kops/pkg/wellknownports"
@@ -78,8 +76,6 @@ type NodeUpCommand struct {
 	CacheDir       string
 	ConfigLocation string
 	Target         string
-	// Deprecated: Fields should be accessed from NodeupConfig or BootConfig.
-	cluster *api.Cluster
 }
 
 // Run is responsible for perform the nodeup process
@@ -134,35 +130,6 @@ func (c *NodeUpCommand) Run(out io.Writer) error {
 		return fmt.Errorf("ConfigBase or ConfigServer is required")
 	}
 
-	{
-		var b []byte
-		var clusterDescription string
-		if nodeConfig != nil {
-			b = []byte(nodeConfig.ClusterFullConfig)
-			clusterDescription = "config response"
-		} else {
-			p := configBase.Join(registry.PathClusterCompleted)
-			var err error
-
-			b, err = p.ReadFile(ctx)
-			if err != nil {
-				return fmt.Errorf("error loading Cluster %q: %v", p, err)
-			}
-			clusterDescription = fmt.Sprintf("%q", p)
-		}
-
-		o, _, err := kopscodecs.Decode(b, nil)
-		if err != nil {
-			return fmt.Errorf("error parsing Cluster %s: %v", clusterDescription, err)
-		}
-		var ok bool
-		if c.cluster, ok = o.(*api.Cluster); !ok {
-			return fmt.Errorf("unexpected object type for Cluster %s: %T", clusterDescription, o)
-		}
-	}
-	// Hack to force usage of NodeupConfig
-	c.cluster.Name = "use NodeupConfig.ClusterName instead"
-
 	var nodeupConfig nodeup.Config
 	var nodeupConfigHash [32]byte
 	if nodeConfig != nil {
@@ -239,9 +206,9 @@ func (c *NodeUpCommand) Run(out io.Writer) error {
 	var keyStore fi.KeystoreReader
 	if nodeConfig != nil {
 		modelContext.SecretStore = configserver.NewSecretStore(nodeConfig.NodeSecrets)
-	} else if c.cluster.Spec.ConfigStore.Secrets != "" {
-		klog.Infof("Building SecretStore at %q", c.cluster.Spec.ConfigStore.Secrets)
-		p, err := vfs.Context.BuildVfsPath(c.cluster.Spec.ConfigStore.Secrets)
+	} else if nodeupConfig.ConfigStore.Secrets != "" {
+		klog.Infof("Building SecretStore at %q", nodeupConfig.ConfigStore.Secrets)
+		p, err := vfs.Context.BuildVfsPath(nodeupConfig.ConfigStore.Secrets)
 		if err != nil {
 			return fmt.Errorf("error building secret store path: %v", err)
 		}
@@ -254,9 +221,9 @@ func (c *NodeUpCommand) Run(out io.Writer) error {
 
 	if nodeConfig != nil {
 		modelContext.KeyStore = configserver.NewKeyStore()
-	} else if c.cluster.Spec.ConfigStore.Keypairs != "" {
-		klog.Infof("Building KeyStore at %q", c.cluster.Spec.ConfigStore.Keypairs)
-		p, err := vfs.Context.BuildVfsPath(c.cluster.Spec.ConfigStore.Keypairs)
+	} else if nodeupConfig.ConfigStore.Keypairs != "" {
+		klog.Infof("Building KeyStore at %q", nodeupConfig.ConfigStore.Keypairs)
+		p, err := vfs.Context.BuildVfsPath(nodeupConfig.ConfigStore.Keypairs)
 		if err != nil {
 			return fmt.Errorf("error building key store path: %v", err)
 		}
@@ -375,7 +342,7 @@ func (c *NodeUpCommand) Run(out io.Writer) error {
 			Cloud:    cloud,
 		}
 	case "dryrun":
-		assetBuilder := assets.NewAssetBuilder(vfs.Context, c.cluster.Spec.Assets, c.cluster.Spec.KubernetesVersion, false)
+		assetBuilder := assets.NewAssetBuilder(vfs.Context, nil, nodeupConfig.KubernetesVersion, false)
 		target = fi.NewNodeupDryRunTarget(assetBuilder, out)
 	default:
 		return fmt.Errorf("unsupported target type %q", c.Target)