diff --git a/bootstrap/kubeadm/internal/controllers/token.go b/bootstrap/kubeadm/internal/controllers/token.go
index 9c61c7f9199e..7fc2be7586a3 100644
--- a/bootstrap/kubeadm/internal/controllers/token.go
+++ b/bootstrap/kubeadm/internal/controllers/token.go
@@ -22,6 +22,7 @@ import (
 
 	"github.com/pkg/errors"
 	corev1 "k8s.io/api/core/v1"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	bootstrapapi "k8s.io/cluster-bootstrap/token/api"
 	bootstraputil "k8s.io/cluster-bootstrap/token/util"
@@ -101,6 +102,12 @@ func refreshToken(ctx context.Context, c client.Client, token string, ttl time.D
 func shouldRotate(ctx context.Context, c client.Client, token string, ttl time.Duration) (bool, error) {
 	secret, err := getToken(ctx, c, token)
 	if err != nil {
+		// If the secret is deleted before due to unknown reasons, machine pools cannot be scaled up.
+		// Since that, secret should be rotated if missing.
+		// Normally, it is not expected to reach this line.
+		if apierrors.IsNotFound(err) {
+			return true, nil
+		}
 		return false, err
 	}