diff --git a/roles/kustomize_deploy/tasks/execute_step.yml b/roles/kustomize_deploy/tasks/execute_step.yml
index 03b285e709..5772fa677f 100644
--- a/roles/kustomize_deploy/tasks/execute_step.yml
+++ b/roles/kustomize_deploy/tasks/execute_step.yml
@@ -192,17 +192,17 @@
              path_join | realpath
           }}
       block:
+        # We have to use plain `kubectl kustomize`: lookup would
+        # be executed locally, on the ansible-controller. In CI,
+        # that would be the zuul-executor, and we don't manage them,
+        # leading to a risk to either NOT have kubectl, or an old,
+        # deprecated version.
         - name: "Build kustomized content for {{ stage.path }}"
-          ansible.builtin.copy:
-            dest: "{{ _output }}"
-            mode: "0644"
-            content: >-
-              {{
-                lookup(
-                  'kubernetes.core.kustomize',
-                  dir=_chdir
-                )
-              }}
+          ansible.builtin.shell:
+            chdir: "{{ _chdir }}"
+            cmd: |-
+              set -o pipefail
+              kubectl kustomize > {{ _output }}
 
         - name: "Store kustomized content in artifacts for {{ stage.path }}"
           ansible.builtin.copy: