diff --git a/cmd/virtual-kubelet/internal/commands/root/root.go b/cmd/virtual-kubelet/internal/commands/root/root.go
index ade4daa61..88dd709b1 100644
--- a/cmd/virtual-kubelet/internal/commands/root/root.go
+++ b/cmd/virtual-kubelet/internal/commands/root/root.go
@@ -32,7 +32,6 @@ import (
 	"github.com/virtual-kubelet/virtual-kubelet/node/nodeutil"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apiserver/pkg/server/dynamiccertificates"
-	"k8s.io/client-go/kubernetes"
 )
 
 // NewCommand creates a new top-level command.
@@ -74,11 +73,6 @@ func runRootCommand(ctx context.Context, s *provider.Store, c Opts) error {
 		}
 	}
 
-	client, err := nodeutil.ClientsetFromEnv(c.KubeConfigPath)
-	if err != nil {
-		return err
-	}
-
 	mux := http.NewServeMux()
 	newProvider := func(cfg nodeutil.ProviderConfig) (nodeutil.Provider, node.NodeProvider, error) {
 		rm, err := manager.NewResourceManager(cfg.Pods, cfg.Secrets, cfg.ConfigMaps, cfg.Services)
@@ -113,7 +107,8 @@ func runRootCommand(ctx context.Context, s *provider.Store, c Opts) error {
 		return err
 	}
 
-	cm, err := nodeutil.NewNodeFromClient(c.NodeName, newProvider, func(cfg *nodeutil.NodeConfig) error {
+	cm, err := nodeutil.NewNode(c.NodeName, newProvider, func(cfg *nodeutil.NodeConfig) error {
+		cfg.KubeconfigPath = c.KubeConfigPath
 		cfg.Handler = mux
 		cfg.InformerResyncPeriod = c.InformerResyncPeriod
 
@@ -132,8 +127,7 @@ func runRootCommand(ctx context.Context, s *provider.Store, c Opts) error {
 
 		return nil
 	},
-		nodeutil.WithClient(client),
-		setAuth(client, c.NodeName, apiConfig),
+		setAuth(c.NodeName, apiConfig),
 		nodeutil.WithTLSConfig(
 			nodeutil.WithKeyPairFromPath(apiConfig.CertPath, apiConfig.KeyPath),
 			maybeCA(apiConfig.CACertPath),
@@ -178,7 +172,7 @@ func runRootCommand(ctx context.Context, s *provider.Store, c Opts) error {
 	return nil
 }
 
-func setAuth(client kubernetes.Interface, node string, apiCfg *apiServerConfig) nodeutil.NodeOpt {
+func setAuth(node string, apiCfg *apiServerConfig) nodeutil.NodeOpt {
 	if apiCfg.CACertPath == "" {
 		return func(cfg *nodeutil.NodeConfig) error {
 			cfg.Handler = api.InstrumentHandler(nodeutil.WithAuth(nodeutil.NoAuth(), cfg.Handler))
@@ -187,7 +181,7 @@ func setAuth(client kubernetes.Interface, node string, apiCfg *apiServerConfig)
 	}
 
 	return func(cfg *nodeutil.NodeConfig) error {
-		auth, err := nodeutil.WebhookAuth(client, node, func(cfg *nodeutil.WebhookAuthConfig) error {
+		auth, err := nodeutil.WebhookAuth(cfg.Client, node, func(cfg *nodeutil.WebhookAuthConfig) error {
 			var err error
 			cfg.AuthnConfig.ClientCertificateCAContentProvider, err = dynamiccertificates.NewDynamicCAContentFromFile("ca-cert-bundle", apiCfg.CACertPath)
 			return err
diff --git a/node/nodeutil/controller.go b/node/nodeutil/controller.go
index 1edae926b..edb8c3c72 100644
--- a/node/nodeutil/controller.go
+++ b/node/nodeutil/controller.go
@@ -268,7 +268,7 @@ func WithClient(c kubernetes.Interface) NodeOpt {
 	}
 }
 
-// NewNodeFromClient creates a new node using the provided client and name.
+// NewNode creates a new node using the provided client and name.
 // This is intended for high-level/low boiler-plate usage.
 // Use the constructors in the `node` package for lower level configuration.
 //
@@ -277,7 +277,7 @@ func WithClient(c kubernetes.Interface) NodeOpt {
 // If client is nil, this will construct a client using ClientsetFromEnv
 //
 // It is up to the caller to configure auth on the HTTP handler.
-func NewNodeFromClient(name string, newProvider NewProviderFunc, opts ...NodeOpt) (*Node, error) {
+func NewNode(name string, newProvider NewProviderFunc, opts ...NodeOpt) (*Node, error) {
 	cfg := NodeConfig{
 		NumWorkers:           runtime.NumCPU(),
 		InformerResyncPeriod: time.Minute,
@@ -315,23 +315,22 @@ func NewNodeFromClient(name string, newProvider NewProviderFunc, opts ...NodeOpt
 		return nil, errors.Wrap(err, "error parsing http listen address")
 	}
 
-	client := cfg.Client
-	if client == nil {
+	if cfg.Client == nil {
 		var err error
-		client, err = ClientsetFromEnv(cfg.KubeconfigPath)
+		cfg.Client, err = ClientsetFromEnv(cfg.KubeconfigPath)
 		if err != nil {
 			return nil, errors.Wrap(err, "error creating clientset from env")
 		}
 	}
 
 	podInformerFactory := informers.NewSharedInformerFactoryWithOptions(
-		client,
+		cfg.Client,
 		cfg.InformerResyncPeriod,
 		PodInformerFilter(name),
 	)
 
 	scmInformerFactory := informers.NewSharedInformerFactoryWithOptions(
-		client,
+		cfg.Client,
 		cfg.InformerResyncPeriod,
 	)
 
@@ -370,8 +369,8 @@ func NewNodeFromClient(name string, newProvider NewProviderFunc, opts ...NodeOpt
 	nc, err := node.NewNodeController(
 		np,
 		&cfg.NodeSpec,
-		client.CoreV1().Nodes(),
-		node.WithNodeEnableLeaseV1(NodeLeaseV1Client(client), node.DefaultLeaseDuration),
+		cfg.Client.CoreV1().Nodes(),
+		node.WithNodeEnableLeaseV1(NodeLeaseV1Client(cfg.Client), node.DefaultLeaseDuration),
 	)
 	if err != nil {
 		return nil, errors.Wrap(err, "error creating node controller")
@@ -384,7 +383,7 @@ func NewNodeFromClient(name string, newProvider NewProviderFunc, opts ...NodeOpt
 	}
 
 	pc, err := node.NewPodController(node.PodControllerConfig{
-		PodClient:         client.CoreV1(),
+		PodClient:         cfg.Client.CoreV1(),
 		EventRecorder:     cfg.EventRecorder,
 		Provider:          p,
 		PodInformer:       podInformer,
@@ -405,7 +404,7 @@ func NewNodeFromClient(name string, newProvider NewProviderFunc, opts ...NodeOpt
 		eb:                 eb,
 		podInformerFactory: podInformerFactory,
 		scmInformerFactory: scmInformerFactory,
-		client:             client,
+		client:             cfg.Client,
 		tlsConfig:          cfg.TLSConfig,
 		h:                  cfg.Handler,
 		listenAddr:         cfg.HTTPListenAddr,