diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1265b0e99..2afc91a5c 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -259,18 +259,18 @@ before_script:
       tests/testcases/040_check-network-adv.yml $LOG_LEVEL;
       fi
 
-  after_script:
-    - >
-      ansible-playbook -i inventory/inventory.ini tests/cloud_playbooks/delete-gce.yml -c local  $LOG_LEVEL
-      -e mode=${CLUSTER_MODE}
-      -e test_id=${TEST_ID}
-      -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
-      -e gce_project_id=${GCE_PROJECT_ID}
-      -e gce_service_account_email=${GCE_ACCOUNT}
-      -e gce_credentials_file=${HOME}/.ssh/gce.json
-      -e cloud_image=${CLOUD_IMAGE}
-      -e inventory_path=${PWD}/inventory/inventory.ini
-      -e cloud_region=${CLOUD_REGION}
+#  after_script:
+#    - >
+#      ansible-playbook -i inventory/inventory.ini tests/cloud_playbooks/delete-gce.yml -c local  $LOG_LEVEL
+#      -e mode=${CLUSTER_MODE}
+#      -e test_id=${TEST_ID}
+#      -e kube_network_plugin=${KUBE_NETWORK_PLUGIN}
+#      -e gce_project_id=${GCE_PROJECT_ID}
+#      -e gce_service_account_email=${GCE_ACCOUNT}
+#      -e gce_credentials_file=${HOME}/.ssh/gce.json
+#      -e cloud_image=${CLOUD_IMAGE}
+#      -e inventory_path=${PWD}/inventory/inventory.ini
+#      -e cloud_region=${CLOUD_REGION}
 
 # Test matrix. Leave the comments for markup scripts.
 .coreos_calico_aio_variables: &coreos_calico_aio_variables
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index af30908c1..677dea5c3 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -20,7 +20,7 @@ download_always_pull: False
 # Versions
 kube_version: v1.7.5
 # Change to kube_version after v1.8.0 release
-kubeadm_version: "v1.8.0-beta.1"
+kubeadm_version: "v1.8.0-rc.1"
 etcd_version: v3.2.4
 # TODO(mattymo): Move calico versions to roles/network_plugins/calico/defaults
 # after migration to container download
@@ -39,7 +39,7 @@ kubeadm_download_url: "https://storage.googleapis.com/kubernetes-release/release
 
 # Checksums
 etcd_checksum: "274c46a7f8d26f7ae99d6880610f54933cbcf7f3beafa19236c52eb5df8c7a0b"
-kubeadm_checksum: "ddd5949699d6bdbc0b90b379e7e534f137b1058db1acc8f26cc54843f017ffbf"
+kubeadm_checksum: "8f6ceb26b8503bfc36a99574cf6f853be1c55405aa31669561608ad8099bf5bf"
 
 # Containers
 # Possible values: host, docker
diff --git a/roles/kubernetes-apps/ansible/tasks/main.yml b/roles/kubernetes-apps/ansible/tasks/main.yml
index 1dae49922..9e9a30382 100644
--- a/roles/kubernetes-apps/ansible/tasks/main.yml
+++ b/roles/kubernetes-apps/ansible/tasks/main.yml
@@ -18,17 +18,6 @@
   with_items: ['deploy', 'svc']
   tags: upgrade
 
-- name: Kubernetes Apps | Ensure kubeadm kube-proxy
-  kube:
-    name: "kube-proxy"
-    namespace: "{{ system_namespace }}"
-    kubectl: "{{bin_dir}}/kubectl"
-    resource: "daemonset"
-    state: latest
-  when:
-    - kubeadm_enabled|default(false)
-    - inventory_hostname == groups['kube-master'][0]
-
 - name: Kubernetes Apps | Delete kubeadm kubedns
   kube:
     name: "kubedns"
diff --git a/roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2 b/roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2
deleted file mode 100644
index ba6dc20d4..000000000
--- a/roles/kubernetes-apps/ansible/templates/kube-proxy-ds.yml.j2
+++ /dev/null
@@ -1,56 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: DaemonSet
-metadata:
-  labels:
-    k8s-app: kube-proxy
-  name: kube-proxy
-  namespace: {{ system_namespace }}
-spec:
-  selector:
-    matchLabels:
-      k8s-app: kube-proxy
-  template:
-    metadata:
-      labels:
-        k8s-app: kube-proxy
-    spec:
-      containers:
-      - command:
-        - /usr/local/bin/kube-proxy
-        - --kubeconfig=/var/lib/kube-proxy/kubeconfig.conf
-        - --cluster-cidr=10.233.64.0/18
-        image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
-        imagePullPolicy: {{ k8s_image_pull_policy }}
-        name: kube-proxy
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - mountPath: /var/lib/kube-proxy
-          name: kube-proxy
-        - mountPath: /run/xtables.lock
-          name: xtables-lock
-      dnsPolicy: ClusterFirst
-      hostNetwork: true
-      restartPolicy: Always
-      serviceAccount: kube-proxy
-      serviceAccountName: kube-proxy
-      terminationGracePeriodSeconds: 30
-      tolerations:
-      - effect: NoSchedule
-        key: node-role.kubernetes.io/master
-      - effect: NoSchedule
-        key: node.cloudprovider.kubernetes.io/uninitialized
-        value: "true"
-      volumes:
-      - configMap:
-          defaultMode: 420
-          name: kube-proxy
-        name: kube-proxy
-      - hostPath:
-          path: /run/xtables.lock
-        name: xtables-lock
-  updateStrategy:
-    rollingUpdate:
-      maxUnavailable: 1
-    type: RollingUpdate
-
diff --git a/roles/kubernetes/master/tasks/kubeadm-setup.yml b/roles/kubernetes/master/tasks/kubeadm-setup.yml
index 67e84a509..3533cb1bc 100644
--- a/roles/kubernetes/master/tasks/kubeadm-setup.yml
+++ b/roles/kubernetes/master/tasks/kubeadm-setup.yml
@@ -78,6 +78,12 @@
   failed_when: kubeadm_upgrade.rc != 0 and "field is immutable" not in kubeadm_upgrade.stderr
   notify: Master | restart kubelet
 
+# FIXME(mattymo): remove when https://github.com/kubernetes/kubeadm/issues/433 is fixed
+- name: kubeadm | Enable kube-proxy
+  command: "{{ bin_dir }}/kubeadm alpha phase addon kube-proxy --config={{ kube_config_dir }}/kubeadm-config.yaml"
+  when: inventory_hostname == groups['kube-master']|first
+  changed_when: false
+
 - name: slurp kubeadm certs
   slurp:
     src: "{{ item }}"
diff --git a/roles/reset/tasks/main.yml b/roles/reset/tasks/main.yml
index 59251b02b..2d72f0b25 100644
--- a/roles/reset/tasks/main.yml
+++ b/roles/reset/tasks/main.yml
@@ -75,6 +75,7 @@
   with_items:
     - "{{kube_config_dir}}"
     - /var/lib/kubelet
+    - /root/.kube
     - "{{ etcd_data_dir }}"
     - /etc/ssl/etcd
     - /var/log/calico