diff --git a/roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml b/roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml
index 49ed96a47..8d3020875 100644
--- a/roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/cleanup_dns.yml
@@ -1,4 +1,13 @@
 ---
+- name: Kubernetes Apps | Register coredns deployment annotation `createdby`
+  shell: "{{ bin_dir }}/kubectl get deploy -n kube-system coredns -o jsonpath='{ .spec.template.metadata.annotations.createdby }'"
+  register: createdby_annotation
+  changed_when: false
+  ignore_errors: true
+  when:
+    - dns_mode in ['coredns', 'coredns_dual']
+    - inventory_hostname == groups['kube-master'][0]
+
 - name: Kubernetes Apps | Delete kubeadm CoreDNS
   kube:
     name: "coredns"
@@ -9,6 +18,7 @@
   when:
     - dns_mode in ['coredns', 'coredns_dual']
     - inventory_hostname == groups['kube-master'][0]
+    - createdby_annotation.stdout != 'kubespray'
 
 - name: Kubernetes Apps | Delete kubeadm Kube-DNS service
   kube:
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
index d14dde08b..cb9625649 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
@@ -23,6 +23,7 @@ spec:
         k8s-app: kube-dns{{ coredns_ordinal_suffix }}
       annotations:
         seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
+        createdby: 'kubespray'
     spec:
       priorityClassName: system-cluster-critical
       nodeSelector: