diff --git a/CHANGELOG.md b/CHANGELOG.md
index d89a264959..4c5085fdb7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,8 @@
 - [PR #350](https://github.com/konpyutaika/nifikop/pull/350) - **[Operator]** Remove optimistic lock on `Patch`.
 - [PR #352](https://github.com/konpyutaika/nifikop/pull/352) - **[Operator]** Changed default LogLevel of NiFi from `DEBUG` to `INFO`.
 - [PR #354](https://github.com/konpyutaika/nifikop/pull/354) - **[Operator/NifiCluster]** Updated `login_identity_providers.xml` template for 2.0.0-M1.
+- [PR #356](https://github.com/konpyutaika/nifikop/pull/356) - **[Operator/NifiCluster]** Updated `zookeeper.properties` template for 2.0.0-M1.
+- [PR #356](https://github.com/konpyutaika/nifikop/pull/356) - **[Operator/NifiCluster]** Updated `zookeeper.properties` template logic to only use it if needed.
 
 ### Fixed Bugs
 
diff --git a/pkg/resources/nifi/secretconfig.go b/pkg/resources/nifi/secretconfig.go
index 53fcb4fdc0..5ecdcead64 100644
--- a/pkg/resources/nifi/secretconfig.go
+++ b/pkg/resources/nifi/secretconfig.go
@@ -40,7 +40,6 @@ func (r *Reconciler) secretConfig(id int32, nodeConfig *v1.NodeConfig, serverPas
 		),
 		Data: map[string][]byte{
 			"nifi.properties":                     []byte(r.generateNifiPropertiesNodeConfig(id, nodeConfig, serverPass, clientPass, superUsers, log)),
-			"zookeeper.properties":                []byte(r.generateZookeeperPropertiesNodeConfig(id, nodeConfig, log)),
 			"state-management.xml":                []byte(r.getStateManagementConfigString(nodeConfig, id, log)),
 			"login-identity-providers.xml":        []byte(r.getLoginIdentityProvidersConfigString(nodeConfig, id, log)),
 			"logback.xml":                         []byte(r.getLogbackConfigString(nodeConfig, id, log)),
@@ -52,6 +51,10 @@ func (r *Reconciler) secretConfig(id int32, nodeConfig *v1.NodeConfig, serverPas
 	if configcommon.UseSSL(r.NifiCluster) {
 		secret.Data["authorizers.xml"] = []byte(r.getAuthorizersConfigString(nodeConfig, id, log))
 	}
+	if zookeeperPropertiesNodeConfig := r.generateZookeeperPropertiesNodeConfig(id, nodeConfig, log); zookeeperPropertiesNodeConfig != nil {
+		secret.Data["zookeeper.properties"] = []byte(*zookeeperPropertiesNodeConfig)
+	}
+
 	return secret
 }
 
@@ -185,7 +188,7 @@ func generateSuperUsers(users []string) (suStrings []string) {
 //  Zookeeper properties configuration //
 /////////////////////////////////////////
 
-func (r Reconciler) generateZookeeperPropertiesNodeConfig(id int32, nodeConfig *v1.NodeConfig, log zap.Logger) string {
+func (r Reconciler) generateZookeeperPropertiesNodeConfig(id int32, nodeConfig *v1.NodeConfig, log zap.Logger) *string {
 	var readOnlyClusterConfig map[string]string
 
 	if &r.NifiCluster.Spec.ReadOnlyConfig != (&v1.ReadOnlyConfig{}) && &r.NifiCluster.Spec.ReadOnlyConfig.ZookeeperProperties != (&v1.ZookeeperProperties{}) {
@@ -226,6 +229,10 @@ func (r Reconciler) generateZookeeperPropertiesNodeConfig(id int32, nodeConfig *
 			zap.Error(err))
 	}
 
+	if len(completeConfigMap) == 0 {
+		return nil
+	}
+
 	if err := mergo.Merge(&completeConfigMap, util.ParsePropertiesFormat(r.getZookeeperPropertiesConfigString(nodeConfig, id, log))); err != nil {
 		log.Error("error occurred during merging operator generated configs",
 			zap.String("clusterName", r.NifiCluster.Name),
@@ -242,7 +249,8 @@ func (r Reconciler) generateZookeeperPropertiesNodeConfig(id int32, nodeConfig *
 	// We need to sort the config every time to avoid diffs occurred because of ranging through map
 	sort.Strings(completeConfig)
 
-	return strings.Join(completeConfig, "\n")
+	output := strings.Join(completeConfig, "\n")
+	return &output
 }
 
 func (r *Reconciler) getZookeeperPropertiesConfigString(nConfig *v1.NodeConfig, id int32, log zap.Logger) string {
diff --git a/pkg/resources/templates/config/zookeeper_properties.go b/pkg/resources/templates/config/zookeeper_properties.go
index 9049fad2f3..1fdd1f6e8b 100644
--- a/pkg/resources/templates/config/zookeeper_properties.go
+++ b/pkg/resources/templates/config/zookeeper_properties.go
@@ -29,10 +29,37 @@ tickTime=2000
 dataDir=./state/zookeeper
 autopurge.snapRetainCount=30
 
+# Embedded/distributed ZK TLS connection support can be activated by setting these properties at minimum:
+#
+# secureClientPort=2281
+# serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
+
+# Most TLS configurations will set these values as well:
+#
+# ssl.keyStore.location=/example/path/to/key-store.jks
+# ssl.keyStore.password=change this value to the actual value in your installation
+# ssl.trustStore.location=/example/path/to/trust-store.jks
+# ssl.trustStore.password=change this value to the actual value in your installation
+# ssl.hostnameVerification=false
+#
+# Note that many ZK parameters can set as Java system properties, refer to the ZK admin guide for details:
+#
+# https://zookeeper.apache.org/doc/current/zookeeperAdmin.html#sc_configuration
+
+# Other common settings:
+#
+# client.portUnification=true
+# admin.enableServer=false
+
+# The server string has changed as of 3.5.5 and the client port is now specified at the end of the server string:
+# https://zookeeper.apache.org/doc/r3.5.5/zookeeperReconfig.html#sc_reconfig_clientport
 #
 # Specifies the servers that are part of this zookeeper ensemble. For
 # every NiFi instance running an embedded zookeeper, there needs to be
-# a server entry below. For instance:
+# a server entry below. Client port is now specified at the end of the string
+# after a semi-colon.
+#
+# For instance:
 #
 # server.1=nifi-node1-hostname:2888:3888;2181
 # server.2=nifi-node2-hostname:2888:3888;2181
@@ -43,5 +70,5 @@ autopurge.snapRetainCount=30
 # administration guide for more details.
 #
 
-server.1=
+server.1=nifi
 `