diff --git a/build/yamls/antrea-aks.yml b/build/yamls/antrea-aks.yml
index 8bdc85fc084..f08b2494cc8 100644
--- a/build/yamls/antrea-aks.yml
+++ b/build/yamls/antrea-aks.yml
@@ -1185,6 +1185,12 @@ rules:
   verbs:
   - get
   - update
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
 - apiGroups:
   - apiregistration.k8s.io
   resourceNames:
@@ -1312,22 +1318,6 @@ subjects:
   namespace: kube-system
 ---
 apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: antrea
-  name: antrea-ca
-  namespace: kube-system
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: antrea
-  name: antrea-cluster-identity
-  namespace: kube-system
----
-apiVersion: v1
 data:
   antrea-agent.conf: |
     # FeatureGates is a map of feature names to bools that enable or disable experimental features.
diff --git a/build/yamls/antrea-eks.yml b/build/yamls/antrea-eks.yml
index ebec4bd6e2b..d38d722abc1 100644
--- a/build/yamls/antrea-eks.yml
+++ b/build/yamls/antrea-eks.yml
@@ -1185,6 +1185,12 @@ rules:
   verbs:
   - get
   - update
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
 - apiGroups:
   - apiregistration.k8s.io
   resourceNames:
@@ -1312,22 +1318,6 @@ subjects:
   namespace: kube-system
 ---
 apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: antrea
-  name: antrea-ca
-  namespace: kube-system
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: antrea
-  name: antrea-cluster-identity
-  namespace: kube-system
----
-apiVersion: v1
 data:
   antrea-agent.conf: |
     # FeatureGates is a map of feature names to bools that enable or disable experimental features.
diff --git a/build/yamls/antrea-gke.yml b/build/yamls/antrea-gke.yml
index f6c3e274516..0420a4fd1f9 100644
--- a/build/yamls/antrea-gke.yml
+++ b/build/yamls/antrea-gke.yml
@@ -1185,6 +1185,12 @@ rules:
   verbs:
   - get
   - update
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
 - apiGroups:
   - apiregistration.k8s.io
   resourceNames:
@@ -1312,22 +1318,6 @@ subjects:
   namespace: kube-system
 ---
 apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: antrea
-  name: antrea-ca
-  namespace: kube-system
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: antrea
-  name: antrea-cluster-identity
-  namespace: kube-system
----
-apiVersion: v1
 data:
   antrea-agent.conf: |
     # FeatureGates is a map of feature names to bools that enable or disable experimental features.
diff --git a/build/yamls/antrea-ipsec.yml b/build/yamls/antrea-ipsec.yml
index 1e3f7e9103c..bcb3702f993 100644
--- a/build/yamls/antrea-ipsec.yml
+++ b/build/yamls/antrea-ipsec.yml
@@ -1185,6 +1185,12 @@ rules:
   verbs:
   - get
   - update
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
 - apiGroups:
   - apiregistration.k8s.io
   resourceNames:
@@ -1312,22 +1318,6 @@ subjects:
   namespace: kube-system
 ---
 apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: antrea
-  name: antrea-ca
-  namespace: kube-system
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: antrea
-  name: antrea-cluster-identity
-  namespace: kube-system
----
-apiVersion: v1
 data:
   antrea-agent.conf: |
     # FeatureGates is a map of feature names to bools that enable or disable experimental features.
diff --git a/build/yamls/antrea.yml b/build/yamls/antrea.yml
index 0a9723918ba..a52c5623e9e 100644
--- a/build/yamls/antrea.yml
+++ b/build/yamls/antrea.yml
@@ -1185,6 +1185,12 @@ rules:
   verbs:
   - get
   - update
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
 - apiGroups:
   - apiregistration.k8s.io
   resourceNames:
@@ -1312,22 +1318,6 @@ subjects:
   namespace: kube-system
 ---
 apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: antrea
-  name: antrea-ca
-  namespace: kube-system
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  labels:
-    app: antrea
-  name: antrea-cluster-identity
-  namespace: kube-system
----
-apiVersion: v1
 data:
   antrea-agent.conf: |
     # FeatureGates is a map of feature names to bools that enable or disable experimental features.
diff --git a/build/yamls/base/controller-rbac.yml b/build/yamls/base/controller-rbac.yml
index 778edb522b5..7ed421b98cd 100644
--- a/build/yamls/base/controller-rbac.yml
+++ b/build/yamls/base/controller-rbac.yml
@@ -83,6 +83,12 @@ rules:
     verbs:
       - get
       - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - create
   - apiGroups:
       - apiregistration.k8s.io
     resources:
diff --git a/build/yamls/base/controller.yml b/build/yamls/base/controller.yml
index ae988e41a76..c22290b840c 100644
--- a/build/yamls/base/controller.yml
+++ b/build/yamls/base/controller.yml
@@ -11,16 +11,6 @@ spec:
   selector:
     component: antrea-controller
 ---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: antrea-ca
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: antrea-cluster-identity
----
 apiVersion: apiregistration.k8s.io/v1
 kind: APIService
 metadata:
diff --git a/pkg/apiserver/certificate/cacert_controller.go b/pkg/apiserver/certificate/cacert_controller.go
index c5559090e31..37b1e975dc3 100644
--- a/pkg/apiserver/certificate/cacert_controller.go
+++ b/pkg/apiserver/certificate/cacert_controller.go
@@ -22,6 +22,7 @@ import (
 	"time"
 
 	v1 "k8s.io/api/admissionregistration/v1"
+	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -246,7 +247,13 @@ func (c *CACertController) syncConfigMap(caCert []byte) error {
 	caConfigMapNamespace := GetCAConfigMapNamespace()
 	caConfigMap, err := c.client.CoreV1().ConfigMaps(caConfigMapNamespace).Get(context.TODO(), CAConfigMapName, metav1.GetOptions{})
 	if err != nil {
-		return fmt.Errorf("error getting ConfigMap %s: %v", CAConfigMapName, err)
+		if !errors.IsNotFound(err) {
+			return fmt.Errorf("error getting ConfigMap %s: %v", CAConfigMapName, err)
+		}
+		caConfigMap, err = c.client.CoreV1().ConfigMaps(caConfigMapNamespace).Create(context.TODO(), c.createConfigMap(caConfigMapNamespace), metav1.CreateOptions{})
+		if err != nil {
+			return fmt.Errorf("error creating ConfigMap %s: %v", CAConfigMapName, err)
+		}
 	}
 	if caConfigMap.Data != nil && caConfigMap.Data[CAConfigMapKey] == string(caCert) {
 		return nil
@@ -316,3 +323,15 @@ func (c *CACertController) processNextWorkItem() bool {
 
 	return true
 }
+
+func (c *CACertController) createConfigMap(caConfigMapNamespace string) *corev1.ConfigMap {
+	caConfigMap := &corev1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      CAConfigMapName,
+			Namespace: caConfigMapNamespace,
+		},
+		Data:       map[string]string{},
+		BinaryData: map[string][]byte{},
+	}
+	return caConfigMap
+}
diff --git a/pkg/clusteridentity/clusteridentity.go b/pkg/clusteridentity/clusteridentity.go
index ffb1455cac5..ecab5d51823 100644
--- a/pkg/clusteridentity/clusteridentity.go
+++ b/pkg/clusteridentity/clusteridentity.go
@@ -20,6 +20,8 @@ import (
 	"time"
 
 	"github.com/google/uuid"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/wait"
 	clientset "k8s.io/client-go/kubernetes"
@@ -55,7 +57,13 @@ func NewClusterIdentityAllocator(
 func (a *ClusterIdentityAllocator) updateConfigMapIfNeeded() error {
 	configMap, err := a.k8sClient.CoreV1().ConfigMaps(a.clusterIdentityConfigMapNamespace).Get(context.TODO(), a.clusterIdentityConfigMapName, metav1.GetOptions{})
 	if err != nil {
-		return fmt.Errorf("error when getting '%s/%s' ConfigMap: %v", a.clusterIdentityConfigMapNamespace, a.clusterIdentityConfigMapName, err)
+		if !errors.IsNotFound(err) {
+			return fmt.Errorf("error when getting '%s/%s' ConfigMap: %v", a.clusterIdentityConfigMapNamespace, a.clusterIdentityConfigMapName, err)
+		}
+		configMap, err = a.k8sClient.CoreV1().ConfigMaps(a.clusterIdentityConfigMapNamespace).Create(context.TODO(), a.createConfigMap(), metav1.CreateOptions{})
+		if err != nil {
+			return fmt.Errorf("error when creating '%s/%s' ConfigMap: %v", a.clusterIdentityConfigMapNamespace, a.clusterIdentityConfigMapName, err)
+		}
 	}
 
 	// returns a triplet consisting of the cluster UUID, a boolean indicating if the UUID needs
@@ -189,3 +197,15 @@ func (p *clusterIdentityProvider) Get() (ClusterIdentity, time.Time, error) {
 
 	return identity, creationTime, nil
 }
+
+func (a *ClusterIdentityAllocator) createConfigMap() *corev1.ConfigMap {
+	configMap := &corev1.ConfigMap{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      a.clusterIdentityConfigMapName,
+			Namespace: a.clusterIdentityConfigMapNamespace,
+		},
+		Data:       map[string]string{},
+		BinaryData: map[string][]byte{},
+	}
+	return configMap
+}