diff --git a/cleanup.sh b/cleanup.sh
index 4715cd54..c000e96c 100755
--- a/cleanup.sh
+++ b/cleanup.sh
@@ -2,17 +2,21 @@
 
 set -x
 
+export KUBECONFIG=/etc/kubernetes/admin/kubeconfig.yaml
+kubectl drain --force $(hostname)
+
 systemctl stop kubelet
 docker rm -fv $(docker ps -aq)
 
 systemctl stop docker
 
-apt-get remove -qq -y dnsmasq
+apt-get remove -qq -y dnsmasq ceph-common
 
 systemctl daemon-reload
 
 rm -rf \
     /etc/dnsmasq.d/kubernetes-masters \
+    /etc/dnsmasq.d/upstream-dns \
     /etc/docker \
     /etc/kubernetes \
     /etc/systemd/system/docker.service.d \
diff --git a/genesis.sh b/genesis.sh
index 147cd303..90aeb214 100755
--- a/genesis.sh
+++ b/genesis.sh
@@ -62,6 +62,7 @@ if [ -f "${PROMENADE_LOAD_IMAGE}" ]; then
   docker load -i "${PROMENADE_LOAD_IMAGE}"
 fi
 
+docker pull quay.io/attcomdev/promenade:experimental
 docker run -t --rm \
     --net host \
     -v /:/target \
diff --git a/join.sh b/join.sh
index 43b9705c..8e306267 100755
--- a/join.sh
+++ b/join.sh
@@ -62,6 +62,7 @@ if [ -f "${PROMENADE_LOAD_IMAGE}" ]; then
   docker load -i "${PROMENADE_LOAD_IMAGE}"
 fi
 
+docker pull quay.io/attcomdev/promenade:experimental
 docker run -t --rm \
     -v /:/target \
     quay.io/attcomdev/promenade:experimental \
diff --git a/promenade/templates/common/etc/dnsmasq.d/upstream-dns b/promenade/templates/common/etc/dnsmasq.d/upstream-dns
index 6e0a6404..a46d1219 100644
--- a/promenade/templates/common/etc/dnsmasq.d/upstream-dns
+++ b/promenade/templates/common/etc/dnsmasq.d/upstream-dns
@@ -1,9 +1 @@
-no-hosts
-no-resolv
-
-strict-order
-
-server={{ config['Network']['cluster_dns'] }}
-{%- for dns_server in config['Network']['dns_servers'] %}
-server={{ dns_server }}
-{%- endfor %}
+server=/{{ config['Network']['cluster_domain'] }}/{{ config['Network']['cluster_dns'] }}
diff --git a/promenade/templates/common/usr/local/bin/bootstrap b/promenade/templates/common/usr/local/bin/bootstrap
index 72a6edf0..25dc5fb6 100755
--- a/promenade/templates/common/usr/local/bin/bootstrap
+++ b/promenade/templates/common/usr/local/bin/bootstrap
@@ -4,7 +4,10 @@ set -ex
 
 export DEBIAN_FRONTEND=noninteractive
 
-apt-get install -y -qq --no-install-recommends dnsmasq socat
+apt-get install -y --no-install-recommends \
+    ceph-common \
+    dnsmasq \
+    socat
 
 systemctl daemon-reload
 systemctl enable kubelet
diff --git a/promenade/templates/genesis/etc/kubernetes/asset-loader/assets/kube-dns.yaml b/promenade/templates/genesis/etc/kubernetes/asset-loader/assets/kube-dns.yaml
index 5c6d0359..fb252df2 100644
--- a/promenade/templates/genesis/etc/kubernetes/asset-loader/assets/kube-dns.yaml
+++ b/promenade/templates/genesis/etc/kubernetes/asset-loader/assets/kube-dns.yaml
@@ -7,7 +7,8 @@ metadata:
   labels:
     addonmanager.kubernetes.io/mode: EnsureExists
 data:
-  upstreamNameservers: {{ config['Network']['dns_servers'] | tojson }}
+  upstreamNameservers: |-
+    {{ config['Network']['dns_servers'] | tojson }}
 
 ---
 apiVersion: v1
diff --git a/promenade/templates/genesis/etc/kubernetes/kubelet/manifests/armada-loader.yaml b/promenade/templates/genesis/etc/kubernetes/kubelet/manifests/armada-loader.yaml
index d4970f23..d520bc94 100644
--- a/promenade/templates/genesis/etc/kubernetes/kubelet/manifests/armada-loader.yaml
+++ b/promenade/templates/genesis/etc/kubernetes/kubelet/manifests/armada-loader.yaml
@@ -8,6 +8,7 @@ metadata:
     app: promenade
     component: armada-loader
 spec:
+  hostNetwork: true
   containers:
     - name: loader
       image: quay.io/attcomdev/armada:master
diff --git a/promenade/templates/master/etc/kubernetes/kubelet/manifests/kube-controller-manager.yaml b/promenade/templates/master/etc/kubernetes/kubelet/manifests/kube-controller-manager.yaml
index 5d678bf1..4b6d09a2 100644
--- a/promenade/templates/master/etc/kubernetes/kubelet/manifests/kube-controller-manager.yaml
+++ b/promenade/templates/master/etc/kubernetes/kubelet/manifests/kube-controller-manager.yaml
@@ -11,13 +11,11 @@ metadata:
     scheduler.alpha.kubernetes.io/critical-pod: ''
 spec:
   hostNetwork: true
-  dnsPolicy: Default # Don't use cluster DNS.
   containers:
     - name: kube-controller-manager
-      image: gcr.io/google_containers/hyperkube-amd64:v1.6.4
+      image: quay.io/attcomdev/kube-controller-manager:v1.6.4
       command:
-      - ./hyperkube
-      - controller-manager
+      - kube-controller-manager
       - --allocate-node-cidrs=true
       - --cluster-cidr={{ config['Network']['pod_ip_cidr'] }}
       - --cluster-signing-cert-file=/etc/kubernetes/controller-manager/pki/cluster-ca.pem