diff --git a/image-builder/assets/playbooks/roles/livecdcontent/tasks/livecd.yaml b/image-builder/assets/playbooks/roles/livecdcontent/tasks/livecd.yaml
index 6227db5..8cf4f57 100644
--- a/image-builder/assets/playbooks/roles/livecdcontent/tasks/livecd.yaml
+++ b/image-builder/assets/playbooks/roles/livecdcontent/tasks/livecd.yaml
@@ -1,25 +1,30 @@
-- name: ansible copy file locally.
+- name: ansible copy file locally - vmlinuz.
   copy:
     src: "{{ item }}"
     dest: "{{ root_image }}/vmlinuz"
     remote_src: yes
   with_fileglob: "{{ root_chroot }}/boot/vmlinuz-*"
 
-- name: ansible copy file locally.
+- name: ansible copy file locally - initrd.
   copy:
     src: "{{ item }}"
     dest: "{{ root_image }}/initrd"
     remote_src: yes
   with_fileglob: "{{ root_chroot }}/boot/initrd.img-*"
 
+- name: ansible copy file locally - config.
+  copy:
+    src: "{{ item }}"
+    dest: "{{ root_image }}/config"
+    remote_src: yes
+  with_fileglob: "{{ root_chroot }}/boot/config-*"
+
 - name: "Stamp out a marker file for grub to use when identifying the desired boot volume"
   copy:
     #TODO: populate this with meaningful content
     content: "{{ ansible_date_time.date }}"
     dest: "{{ root_image }}/AIRSHIP_EPHEMERAL"
 
-
-
 - name: "create directory for boot image assembly"
   tempfile:
     state: directory
diff --git a/image-builder/assets/playbooks/roles/multistrap/defaults/main.yaml b/image-builder/assets/playbooks/roles/multistrap/defaults/main.yaml
index b3849ff..abb70f6 100644
--- a/image-builder/assets/playbooks/roles/multistrap/defaults/main.yaml
+++ b/image-builder/assets/playbooks/roles/multistrap/defaults/main.yaml
@@ -22,7 +22,7 @@ repos:
         - ethtool
         - file
         - gettext-base
-        #- kdump-tools # cannot install until after kernel is available
+        - gnupg2
         #- grub2 # cannot install until after boot partition is available
         - ifenslave
         - isc-dhcp-client
@@ -92,3 +92,14 @@ repos:
       suite: focal
       omitdebsrc: "true"
       components: stable
+    - register_repo_with_rootfs: true
+      name: Kubernetes
+      packages:
+        - kubelet=1.18.6-00
+        - kubeadm=1.18.6-00
+        - kubectl=1.18.6-00
+      source: https://apt.kubernetes.io
+      keyring_url: https://packages.cloud.google.com/apt/doc/apt-key.gpg
+      suite: kubernetes-xenial
+      omitdebsrc: "true"
+      components: main
diff --git a/image-builder/assets/playbooks/roles/osconfig/defaults/main.yaml b/image-builder/assets/playbooks/roles/osconfig/defaults/main.yaml
index 8777f4e..b7761d3 100644
--- a/image-builder/assets/playbooks/roles/osconfig/defaults/main.yaml
+++ b/image-builder/assets/playbooks/roles/osconfig/defaults/main.yaml
@@ -49,7 +49,9 @@ limits:
       value: 0
 
 sysctl:
-    - name: net.ipv4.ip_forward
+    - name: net.bridge.bridge-nf-call-ip6tables
+      value: '1'
+    - name: net.bridge.bridge-nf-call-iptables
       value: '1'
 
 # Any directories to create on disk can be defined here
diff --git a/image-builder/assets/playbooks/roles/osconfig/tasks/kubernetes.yaml b/image-builder/assets/playbooks/roles/osconfig/tasks/kubernetes.yaml
index a093cd6..372c658 100644
--- a/image-builder/assets/playbooks/roles/osconfig/tasks/kubernetes.yaml
+++ b/image-builder/assets/playbooks/roles/osconfig/tasks/kubernetes.yaml
@@ -1,24 +1,9 @@
-- name: "Kubernetes | Download and install binaries for {{ k8s_version }}"
-  delegate_to: localhost
-  get_url:
-    url: "https://storage.googleapis.com/kubernetes-release/release/{{ k8s_version }}/bin/linux/amd64/{{ item }}"
-    dest: "{{ rootfs_root }}/usr/bin/{{ item }}"
-    mode: '0755'
-  with_items:
-    - kubeadm
-    - kubelet
-    - kubectl
-- name: "Kubernetes | write out kubelet unit file"
-  template:
-    src: kubelet.service.j2
-    dest: "/etc/systemd/system/kubelet.service"
-    mode: 0644
-
 - name: "Kubernetes | Ensuring systemd preset directory exists"
   file:
     path: "/etc/systemd/system-preset"
     state: directory
     mode: '0755'
+# Started instead by cloud-init run commands
 - name: "Kubernetes | Dont enable kubelet unit by default"
   copy:
     content: 'disable kubelet.service'
diff --git a/image-builder/examples/osconfig-control-plane-vars.yaml b/image-builder/examples/osconfig-control-plane-vars.yaml
index dd6652d..6a9b4aa 100644
--- a/image-builder/examples/osconfig-control-plane-vars.yaml
+++ b/image-builder/examples/osconfig-control-plane-vars.yaml
@@ -130,6 +130,10 @@ sysctl:
       value: '1'
     - name: kernel.sysrq
       value: '1'
+    - name: net.bridge.bridge-nf-call-ip6tables
+      value: '1'
+    - name: net.bridge.bridge-nf-call-iptables
+      value: '1'
 
 post_install_package_list:
     - kdump-tools
diff --git a/image-builder/examples/user_data b/image-builder/examples/user_data
index f0c2edc..edded4c 100644
--- a/image-builder/examples/user_data
+++ b/image-builder/examples/user_data
@@ -24,3 +24,5 @@ runcmd:
 - set -x
 - export PATH=$PATH:/usr/sbin:/sbin
 - mkdir -p /opt/metal3-dev-env/ironic/html/images /var/lib/ironic-persisted-data-volume
+- /bin/bash -c 'kernel_libsubdir="$(ls /lib/modules | head -1)"; config_dir="/lib/modules/${kernel_libsubdir}/build"; mkdir -p "${config_dir}"; if [ -f /run/live/medium/config ] && [ ! -f "${config_dir}/.config" ]; then ln -s /run/live/medium/config "${config_dir}/.config"; fi;'
+- kubeadm init