diff --git a/roles/kubernetes/node/tasks/install.yml b/roles/kubernetes/node/tasks/install.yml
index b45a42194..cb7a10c65 100644
--- a/roles/kubernetes/node/tasks/install.yml
+++ b/roles/kubernetes/node/tasks/install.yml
@@ -1,26 +1,4 @@
 ---
-- name: Trust kubelet container
-  command: >-
-    /usr/bin/rkt trust
-    --skip-fingerprint-review
-    --root
-    {{ item }}
-  register: kubelet_rkt_trust_result
-  until: kubelet_rkt_trust_result.rc == 0
-  with_items:
-    - "https://quay.io/aci-signing-key"
-    - "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg"
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  changed_when: false
-  when: kubelet_deployment_type == "rkt"
-
-- name: create kubelet working directory
-  file:
-    state: directory
-    path: /var/lib/kubelet
-  when: kubelet_deployment_type == "rkt"
-
 - name: install | Set SSL CA directories
   set_fact:
     ssl_ca_dirs: "[
@@ -35,11 +13,12 @@
     ]"
   tags: facts
 
+- include: "install_{{ kubelet_deployment_type }}.yml"
+
 - name: install | Write kubelet systemd init file
-  template: "src=kubelet.{{ kubelet_deployment_type }}.service.j2 dest=/etc/systemd/system/kubelet.service backup=yes"
+  template: 
+    src: "kubelet.{{ kubelet_deployment_type }}.service.j2"
+    dest: "/etc/systemd/system/kubelet.service"
+    backup: "yes"
   notify: restart kubelet
 
-- name: install | Install kubelet launch script
-  template: src=kubelet-container.j2 dest="{{ bin_dir }}/kubelet" owner=kube mode=0755 backup=yes
-  notify: restart kubelet
-  when: kubelet_deployment_type == "docker"
diff --git a/roles/kubernetes/node/tasks/install_docker.yml b/roles/kubernetes/node/tasks/install_docker.yml
new file mode 100644
index 000000000..3a0dd87d9
--- /dev/null
+++ b/roles/kubernetes/node/tasks/install_docker.yml
@@ -0,0 +1,9 @@
+---
+- name: install | Install kubelet launch script
+  template: 
+    src: kubelet-container.j2 
+    dest: "{{ bin_dir }}/kubelet" 
+    owner: kube 
+    mode: 0755 
+    backup: yes
+  notify: restart kubelet
diff --git a/roles/kubernetes/node/tasks/install_rkt.yml b/roles/kubernetes/node/tasks/install_rkt.yml
new file mode 100644
index 000000000..68e90860c
--- /dev/null
+++ b/roles/kubernetes/node/tasks/install_rkt.yml
@@ -0,0 +1,33 @@
+---
+- name: Trust kubelet container
+  command: >-
+    /usr/bin/rkt trust
+    --skip-fingerprint-review
+    --root
+    {{ item }}
+  register: kubelet_rkt_trust_result
+  until: kubelet_rkt_trust_result.rc == 0
+  with_items:
+    - "https://quay.io/aci-signing-key"
+    - "https://coreos.com/dist/pubkeys/aci-pubkeys.gpg"
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  changed_when: false
+
+- name: create kubelet working directory
+  file:
+    state: directory
+    path: /var/lib/kubelet
+
+- name: Create kubelet service systemd directory
+  file: 
+    path: /etc/systemd/system/kubelet.service.d 
+    state: directory
+
+- name: Write kubelet proxy drop-in
+  template:
+    src: http-proxy.conf.j2
+    dest: /etc/systemd/system/kubelet.service.d/http-proxy.conf
+  when: http_proxy is defined or https_proxy is defined or no_proxy is defined
+  notify: restart kubelet
+
diff --git a/roles/kubernetes/node/templates/http-proxy.conf.j2 b/roles/kubernetes/node/templates/http-proxy.conf.j2
new file mode 100644
index 000000000..e79047771
--- /dev/null
+++ b/roles/kubernetes/node/templates/http-proxy.conf.j2
@@ -0,0 +1,2 @@
+[Service]
+Environment={% if http_proxy %}"HTTP_PROXY={{ http_proxy }}"{% endif %} {% if https_proxy %}"HTTPS_PROXY={{ https_proxy }}"{% endif %} {% if no_proxy %}"NO_PROXY={{ no_proxy }}"{% endif %}
diff --git a/roles/kubernetes/node/templates/kubelet.rkt.service.j2 b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
index a36ce1ef9..1ccccc43d 100644
--- a/roles/kubernetes/node/templates/kubelet.rkt.service.j2
+++ b/roles/kubernetes/node/templates/kubelet.rkt.service.j2
@@ -21,11 +21,9 @@ EnvironmentFile={{kube_config_dir}}/kubelet.env
 # stage1-fly mounts /proc /sys /dev so no need to duplicate the mounts
 ExecStart=/usr/bin/rkt run \
         --volume dns,kind=host,source=/etc/resolv.conf \
-        --volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
         --volume etc-kubernetes,kind=host,source={{ kube_config_dir }},readOnly=false \
         --volume etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
         --volume etcd-ssl,kind=host,source={{ etcd_config_dir }},readOnly=true \
-        --volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
         --volume run,kind=host,source=/run,readOnly=false \
         {% for dir in ssl_ca_dirs -%}
         --volume {{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},kind=host,source={{ dir }},readOnly=true \
@@ -33,12 +31,16 @@ ExecStart=/usr/bin/rkt run \
         --volume var-lib-docker,kind=host,source={{ docker_daemon_graph }},readOnly=false \
         --volume var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false \
         --volume var-log,kind=host,source=/var/log \
-        --mount volume=dns,target=/etc/resolv.conf \
+{% if kube_network_plugin in ["calico", "weave", "canal"] %}
+        --volume etc-cni,kind=host,source=/etc/cni,readOnly=true \
+        --volume opt-cni,kind=host,source=/opt/cni,readOnly=true \
         --mount volume=etc-cni,target=/etc/cni \
+        --mount volume=opt-cni,target=/opt/cni \
+{% endif %}
+        --mount volume=dns,target=/etc/resolv.conf \
         --mount volume=etc-kubernetes,target={{ kube_config_dir }} \
         --mount volume=etc-ssl-certs,target=/etc/ssl/certs \
         --mount volume=etcd-ssl,target={{ etcd_config_dir }} \
-        --mount volume=opt-cni,target=/opt/cni \
         --mount volume=run,target=/run \
         {% for dir in ssl_ca_dirs -%}
         --mount volume={{ dir | regex_replace('^/(.*)$', '\\1' ) | regex_replace('/', '-') }},target={{ dir }} \