diff --git a/cmd/kk/pkg/plugins/network/modules.go b/cmd/kk/pkg/plugins/network/modules.go
index 2314e83b..bc06f8be 100644
--- a/cmd/kk/pkg/plugins/network/modules.go
+++ b/cmd/kk/pkg/plugins/network/modules.go
@@ -171,14 +171,31 @@ func deployCalico(d *DeployNetworkPluginModule) []task.Interface {
 }
 
 func deployFlannel(d *DeployNetworkPluginModule) []task.Interface {
-	generateFlannel := &task.RemoteTask{
+	generateFlannelPSP := &task.RemoteTask{
 		Name:    "GenerateFlannel",
 		Desc:    "Generate flannel",
 		Hosts:   d.Runtime.GetHostsByRole(common.Master),
 		Prepare: new(common.OnlyFirstMaster),
 		Action: &action.Template{
-			Template: templates.Flannel,
-			Dst:      filepath.Join(common.KubeConfigDir, templates.Flannel.Name()),
+			Template: templates.FlannelPSP,
+			Dst:      filepath.Join(common.KubeConfigDir, templates.FlannelPSP.Name()),
+			Data: util.Data{
+				"KubePodsCIDR":       d.KubeConf.Cluster.Network.KubePodsCIDR,
+				"FlannelImage":       images.GetImage(d.Runtime, d.KubeConf, "flannel").ImageName(),
+				"FlannelPluginImage": images.GetImage(d.Runtime, d.KubeConf, "flannel-cni-plugin").ImageName(),
+				"BackendMode":        d.KubeConf.Cluster.Network.Flannel.BackendMode,
+			},
+		},
+		Parallel: true,
+	}
+	generateFlannelPS := &task.RemoteTask{
+		Name:    "GenerateFlannel",
+		Desc:    "Generate flannel",
+		Hosts:   d.Runtime.GetHostsByRole(common.Master),
+		Prepare: new(common.OnlyFirstMaster),
+		Action: &action.Template{
+			Template: templates.FlannelPS,
+			Dst:      filepath.Join(common.KubeConfigDir, templates.FlannelPS.Name()),
 			Data: util.Data{
 				"KubePodsCIDR":       d.KubeConf.Cluster.Network.KubePodsCIDR,
 				"FlannelImage":       images.GetImage(d.Runtime, d.KubeConf, "flannel").ImageName(),
@@ -199,9 +216,16 @@ func deployFlannel(d *DeployNetworkPluginModule) []task.Interface {
 		Retry:    5,
 	}
 
-	return []task.Interface{
-		generateFlannel,
-		deploy,
+	if K8sVersionAtLeast(d.KubeConf.Cluster.Kubernetes.Version, "v1.25.0") {
+		return []task.Interface{
+			generateFlannelPS,
+			deploy,
+		}
+	} else {
+		return []task.Interface{
+			generateFlannelPSP,
+			deploy,
+		}
 	}
 }
 
diff --git a/cmd/kk/pkg/plugins/network/templates/flannel.go b/cmd/kk/pkg/plugins/network/templates/flannel.go
index 4d3afa35..560b1682 100644
--- a/cmd/kk/pkg/plugins/network/templates/flannel.go
+++ b/cmd/kk/pkg/plugins/network/templates/flannel.go
@@ -21,7 +21,7 @@ import (
 	"text/template"
 )
 
-var Flannel = template.Must(template.New("network-plugin.yaml").Parse(
+var FlannelPSP = template.Must(template.New("network-plugin.yaml").Parse(
 	dedent.Dedent(`---
 apiVersion: policy/v1beta1
 kind: PodSecurityPolicy
@@ -283,3 +283,222 @@ spec:
             name: kube-flannel-cfg
 
     `)))
+
+var FlannelPS = template.Must(template.New("network-plugin.yaml").Parse(
+	dedent.Dedent(`---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kube-flannel
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    k8s-app: flannel
+  name: flannel
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/status
+    verbs:
+      - patch
+  - apiGroups:
+     - networking.k8s.io
+    resources:
+     - clustercidrs
+    verbs:
+     - list
+     - watch
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    k8s-app: flannel
+  name: flannel
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: flannel
+subjects:
+- kind: ServiceAccount
+  name: flannel
+  namespace: kube-flannel
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: flannel
+  namespace: kube-flannel
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kube-flannel-cfg
+  namespace: kube-flannel
+  labels:
+    tier: node
+    app: flannel
+    k8s-app: flannel
+data:
+  cni-conf.json: |
+    {
+      "name": "cbr0",
+      "cniVersion": "0.3.1",
+      "plugins": [
+        {
+          "type": "flannel",
+          "delegate": {
+            "hairpinMode": true,
+            "isDefaultGateway": true
+          }
+        },
+        {
+          "type": "portmap",
+          "capabilities": {
+            "portMappings": true
+          }
+        }
+      ]
+    }
+  net-conf.json: |
+    {
+      "Network": "{{ .KubePodsCIDR }}",
+      "Backend": {
+        "Type": "{{ .BackendMode }}"
+      }
+    }
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kube-flannel-ds
+  namespace: kube-flannel
+  labels:
+    tier: node
+    app: flannel
+    k8s-app: flannel
+spec:
+  selector:
+    matchLabels:
+      app: flannel
+      k8s-app: flannel
+  template:
+    metadata:
+      labels:
+        tier: node
+        app: flannel
+        k8s-app: flannel
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: kubernetes.io/os
+                    operator: In
+                    values:
+                      - linux
+      hostNetwork: true
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      priorityClassName: system-node-critical
+      serviceAccountName: flannel
+      initContainers:
+      - name: install-cni-plugin
+        args:
+        - -f
+        - /flannel
+        - /opt/cni/bin/flannel
+        command:
+        - cp
+        image: {{ .FlannelPluginImage }}
+        volumeMounts:
+        - mountPath: /opt/cni/bin
+          name: cni-plugin
+      - name: install-cni
+        image: {{ .FlannelImage }}
+        command:
+        - cp
+        args:
+        - -f
+        - /etc/kube-flannel/cni-conf.json
+        - /etc/cni/net.d/10-flannel.conflist
+        volumeMounts:
+        - name: cni
+          mountPath: /etc/cni/net.d
+        - name: flannel-cfg
+          mountPath: /etc/kube-flannel/
+      containers:
+      - name: kube-flannel
+        image: {{ .FlannelImage }}
+        command:
+        - /opt/bin/flanneld
+        args:
+        - --ip-masq
+        - --kube-subnet-mgr
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "50Mi"
+          limits:
+            cpu: "100m"
+            memory: "50Mi"
+        securityContext:
+          privileged: false
+          capabilities:
+            add: ["NET_ADMIN", "NET_RAW"]
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        volumeMounts:
+        - name: run
+          mountPath: /run/flannel
+        - name: flannel-cfg
+          mountPath: /etc/kube-flannel/
+        - mountPath: /run/xtables.lock
+          name: xtables-lock
+      volumes:
+        - name: run
+          hostPath:
+            path: /run/flannel
+        - name: cni-plugin
+          hostPath:
+            path: /opt/cni/bin
+        - name: cni
+          hostPath:
+            path: /etc/cni/net.d
+        - name: xtables-lock
+          hostPath:
+           path: /run/xtables.lock
+           type: FileOrCreate
+        - name: flannel-cfg
+          configMap:
+            name: kube-flannel-cfg
+
+    `)))