diff --git a/roles/kubernetes/node/defaults/main.yml b/roles/kubernetes/node/defaults/main.yml
index 99ed2bdae..a74e52b77 100644
--- a/roles/kubernetes/node/defaults/main.yml
+++ b/roles/kubernetes/node/defaults/main.yml
@@ -27,3 +27,5 @@ nginx_cpu_requests: 50m
 
 nginx_image_repo: nginx
 nginx_image_tag: 1.11.4-alpine
+
+etcd_config_dir: /etc/ssl/etcd
diff --git a/roles/kubernetes/node/templates/kubelet.rkt.service.j2 b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
index 89a9f01dc..12ce01c75 100644
--- a/roles/kubernetes/node/templates/kubelet.rkt.service.j2
+++ b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
@@ -20,22 +20,28 @@ ExecStartPre=-/bin/mkdir -p /var/lib/kubelet
 EnvironmentFile={{kube_config_dir}}/kubelet.env
 # stage1-fly mounts /proc /sys /dev so no need to duplicate the mounts
 ExecStart=/usr/bin/rkt run \
-        --volume var-log,kind=host,source=/var/log \
         --volume dns,kind=host,source=/etc/resolv.conf \
+        --volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
         --volume etc-kubernetes,kind=host,source={{ kube_config_dir }},readOnly=false \
         --volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
+        --volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
+        --volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
+        --volume run,kind=host,source=/run,readOnly=false \
         --volume usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
         --volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \
 	--volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
-        --volume run,kind=host,source=/run,readOnly=false \
-        --mount volume=var-log,target=/var/log \
+        --volume var-log,kind=host,source=/var/log \
         --mount volume=dns,target=/etc/resolv.conf \
+        --mount volume=etc-cni,target=/etc/cni \
         --mount volume=etc-kubernetes,target={{ kube_config_dir }} \
         --mount volume=etc-ssl-certs,target=/etc/ssl/certs \
+        --mount volume=etcd-ssl,target={{ etcd_config_dir }} \
+        --mount volume=opt-cni,target=/opt/cni \
+        --mount volume=run,target=/run \
         --mount volume=usr-share-certs,target=/usr/share/ca-certificates \
         --mount volume=var-lib-docker,target=/var/lib/docker \
         --mount volume=var-lib-kubelet,target=/var/lib/kubelet \
-        --mount volume=run,target=/run \
+        --mount volume=var-log,target=/var/log \
         --stage1-from-dir=stage1-fly.aci \
         {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} \
         --uuid-file-save=/var/run/kubelet.uuid \