diff --git a/roles/kubernetes-apps/network_plugin/cni/tasks/main.yml b/roles/kubernetes-apps/network_plugin/cni/tasks/main.yml
deleted file mode 100644
index a061756ae..000000000
--- a/roles/kubernetes-apps/network_plugin/cni/tasks/main.yml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-- name: CNI | make sure /opt/cni/bin exists
-  file:
-    path: /opt/cni/bin
-    state: directory
-    mode: 0755
-    owner: root
-    group: root
-- name: CNI | Copy cni plugins
-  unarchive:
-    src: "{{ local_release_dir }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
-    dest: "/opt/cni/bin"
-    mode: 0755
-    remote_src: yes
diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml
index 7874024d2..c208839d3 100644
--- a/roles/kubernetes-apps/network_plugin/meta/main.yml
+++ b/roles/kubernetes-apps/network_plugin/meta/main.yml
@@ -25,11 +25,6 @@ dependencies:
     tags:
       - contiv
 
-  - role: kubernetes-apps/network_plugin/cni
-    when: kube_network_plugin == 'cni'
-    tags:
-      - cni
-
   - role: kubernetes-apps/network_plugin/kube-ovn
     when: kube_network_plugin == 'kube-ovn'
     tags:
diff --git a/roles/network_plugin/cilium/meta/main.yml b/roles/network_plugin/cilium/meta/main.yml
new file mode 100644
index 000000000..9b7065f18
--- /dev/null
+++ b/roles/network_plugin/cilium/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: network_plugin/cni
diff --git a/roles/network_plugin/cilium/tasks/main.yml b/roles/network_plugin/cilium/tasks/main.yml
index 8038bdf42..2960c6253 100755
--- a/roles/network_plugin/cilium/tasks/main.yml
+++ b/roles/network_plugin/cilium/tasks/main.yml
@@ -40,23 +40,6 @@
   when:
     - inventory_hostname in groups['kube-master']
 
-- name: Cilium | Set CNI directory permissions
-  file:
-    path: /opt/cni/bin
-    state: directory
-    owner: kube
-    recurse: true
-    mode: 0755
-  register: cni_bin_dir
-
-- name: Cilium | Copy CNI plugins
-  unarchive:
-    src: "{{ local_release_dir }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
-    dest: "/opt/cni/bin"
-    mode: 0755
-    remote_src: yes
-  when: cilium_enable_portmap
-
 - name: Cilium | Enable portmap addon
   template:
     src: 000-cilium-portmap.conflist.j2
diff --git a/roles/network_plugin/cloud/tasks/main.yml b/roles/network_plugin/cloud/tasks/main.yml
deleted file mode 100644
index 5a680bdb1..000000000
--- a/roles/network_plugin/cloud/tasks/main.yml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- name: Cloud | Set cni directory permissions
-  file:
-    path: /opt/cni/bin
-    state: directory
-    owner: kube
-    recurse: true
-    mode: "u=rwX,g-rwx,o-rwx"
-
-- name: Canal | Copy cni plugins
-  unarchive:
-    src: "{{ local_release_dir }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
-    dest: "/opt/cni/bin"
-    mode: 0755
-    remote_src: yes
diff --git a/roles/network_plugin/cni/tasks/main.yml b/roles/network_plugin/cni/tasks/main.yml
index a061756ae..d9f46939c 100644
--- a/roles/network_plugin/cni/tasks/main.yml
+++ b/roles/network_plugin/cni/tasks/main.yml
@@ -4,8 +4,9 @@
     path: /opt/cni/bin
     state: directory
     mode: 0755
-    owner: root
-    group: root
+    owner: kube
+    recurse: true
+
 - name: CNI | Copy cni plugins
   unarchive:
     src: "{{ local_release_dir }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
diff --git a/roles/network_plugin/contiv/meta/main.yml b/roles/network_plugin/contiv/meta/main.yml
new file mode 100644
index 000000000..9b7065f18
--- /dev/null
+++ b/roles/network_plugin/contiv/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: network_plugin/cni
diff --git a/roles/network_plugin/contiv/tasks/main.yml b/roles/network_plugin/contiv/tasks/main.yml
index fafe1b5bd..81ca64bdc 100644
--- a/roles/network_plugin/contiv/tasks/main.yml
+++ b/roles/network_plugin/contiv/tasks/main.yml
@@ -144,21 +144,6 @@
     - contiv_enable_api_proxy
     - contiv_generate_certificate
 
-- name: Contiv | Set cni directory permissions
-  file:
-    path: /opt/cni/bin
-    state: directory
-    owner: kube
-    recurse: true
-    mode: 0755
-
-- name: Contiv | Copy cni plugins
-  unarchive:
-    src: "{{ local_release_dir }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
-    dest: "/opt/cni/bin"
-    mode: 0755
-    remote_src: yes
-
 - name: Contiv | Copy netctl binary from docker container
   command: sh -c "{{ docker_bin_dir }}/docker rm -f netctl-binarycopy;
            {{ docker_bin_dir }}/docker create --name netctl-binarycopy {{ contiv_image_repo }}:{{ contiv_image_tag }} &&
diff --git a/roles/network_plugin/flannel/meta/main.yml b/roles/network_plugin/flannel/meta/main.yml
new file mode 100644
index 000000000..9b7065f18
--- /dev/null
+++ b/roles/network_plugin/flannel/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: network_plugin/cni
diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml
index d187a8e19..d5a725baf 100644
--- a/roles/network_plugin/flannel/tasks/main.yml
+++ b/roles/network_plugin/flannel/tasks/main.yml
@@ -9,19 +9,3 @@
   register: flannel_node_manifests
   when:
     - inventory_hostname in groups['kube-master']
-
-- name: Flannel | Set CNI directory permissions
-  file:
-    path: /opt/cni/bin
-    state: directory
-    owner: kube
-    recurse: true
-    mode: 0755
-  register: cni_bin_dir
-
-- name: Flannel | Copy CNI plugins
-  unarchive:
-    src: "{{ local_release_dir }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
-    dest: "/opt/cni/bin"
-    mode: 0755
-    remote_src: yes
diff --git a/roles/network_plugin/kube-router/meta/main.yml b/roles/network_plugin/kube-router/meta/main.yml
new file mode 100644
index 000000000..9b7065f18
--- /dev/null
+++ b/roles/network_plugin/kube-router/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: network_plugin/cni
diff --git a/roles/network_plugin/kube-router/tasks/main.yml b/roles/network_plugin/kube-router/tasks/main.yml
index 6c4a10508..48d8abe32 100644
--- a/roles/network_plugin/kube-router/tasks/main.yml
+++ b/roles/network_plugin/kube-router/tasks/main.yml
@@ -3,22 +3,6 @@
   include: annotate.yml
   tags: annotate
 
-- name: kube-router | Set cni directory permissions
-  file:
-    path: /opt/cni/bin
-    state: directory
-    owner: kube
-    recurse: true
-    mode: 0755
-
-- name: kube-router | Copy cni plugins
-  unarchive:
-    src: "{{ local_release_dir }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
-    dest: "/opt/cni/bin"
-    mode: 0755
-    owner: kube
-    remote_src: yes
-
 - name: kube-router | Create config directory
   file:
     path: /var/lib/kube-router
diff --git a/roles/network_plugin/macvlan/meta/main.yml b/roles/network_plugin/macvlan/meta/main.yml
new file mode 100644
index 000000000..9b7065f18
--- /dev/null
+++ b/roles/network_plugin/macvlan/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: network_plugin/cni
diff --git a/roles/network_plugin/macvlan/tasks/main.yml b/roles/network_plugin/macvlan/tasks/main.yml
index b0515089e..751c34716 100644
--- a/roles/network_plugin/macvlan/tasks/main.yml
+++ b/roles/network_plugin/macvlan/tasks/main.yml
@@ -1,20 +1,4 @@
 ---
-
-- name: Macvlan | Set cni directory permissions
-  file:
-    path: /opt/cni/bin
-    state: directory
-    owner: kube
-    recurse: true
-    mode: 0755
-
-- name: Macvlan | Copy cni plugins
-  unarchive:
-    src: "{{ local_release_dir }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
-    dest: "/opt/cni/bin"
-    mode: 0755
-    remote_src: yes
-
 - name: Macvlan | Retrieve Pod Cidr
   command: "{{ bin_dir }}/kubectl get nodes {{ kube_override_hostname | default(inventory_hostname) }} -o jsonpath='{.spec.podCIDR}'"
   register: node_pod_cidr_cmd
diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml
index ae26bc7c3..779bdfc5d 100644
--- a/roles/network_plugin/meta/main.yml
+++ b/roles/network_plugin/meta/main.yml
@@ -26,7 +26,7 @@ dependencies:
       - canal
 
   - role: network_plugin/cni
-    when: kube_network_plugin == 'cni'
+    when: kube_network_plugin in ['cni', 'cloud']
     tags:
       - cni
 
@@ -50,9 +50,6 @@ dependencies:
     tags:
       - kube-router
 
-  - role: network_plugin/cloud
-    when: kube_network_plugin == 'cloud'
-
   - role: network_plugin/multus
     when: kube_network_plugin_multus
     tags:
diff --git a/roles/network_plugin/weave/meta/main.yml b/roles/network_plugin/weave/meta/main.yml
new file mode 100644
index 000000000..9b7065f18
--- /dev/null
+++ b/roles/network_plugin/weave/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: network_plugin/cni
diff --git a/roles/network_plugin/weave/tasks/main.yml b/roles/network_plugin/weave/tasks/main.yml
index f2bd08c9b..f2509055a 100644
--- a/roles/network_plugin/weave/tasks/main.yml
+++ b/roles/network_plugin/weave/tasks/main.yml
@@ -1,20 +1,4 @@
 ---
-
-- name: Weave | Set cni directory permissions
-  file:
-    path: /opt/cni/bin
-    state: directory
-    owner: kube
-    recurse: true
-    mode: 0755
-
-- name: Weave | Copy cni plugins
-  unarchive:
-    src: "{{ local_release_dir }}/cni-plugins-linux-{{ image_arch }}-{{ cni_version }}.tgz"
-    dest: "/opt/cni/bin"
-    mode: 0755
-    remote_src: yes
-
 - name: Weave | Create manifest
   template:
     src: weave-net.yml.j2