diff --git a/docker/base/opendaylight.repo b/docker/base/opendaylight.repo
index 8c0c299fd4..44c1eb26d5 100644
--- a/docker/base/opendaylight.repo
+++ b/docker/base/opendaylight.repo
@@ -1,5 +1,6 @@
 [opendaylight]
 name=CentOS CBS OpenDaylight Release Repository
-baseurl=http://cbs.centos.org/repos/nfv7-opendaylight-6-release/x86_64/os/
+# opendaylight package is not signed, so download from HTTPS source at least
+baseurl=https://cbs.centos.org/repos/nfv7-opendaylight-6-release/x86_64/os/
 enabled=1
 gpgcheck=0
diff --git a/docker/helm-repository/Dockerfile.j2 b/docker/helm-repository/Dockerfile.j2
index 45772bcbcf..1b1acbb891 100644
--- a/docker/helm-repository/Dockerfile.j2
+++ b/docker/helm-repository/Dockerfile.j2
@@ -55,7 +55,8 @@ ENV helm_arch={{ base_arch }}
 {% endif %}
 
 {% block helm_repository_install_kubernetes_helm %}
-RUN curl -Lo /tmp/helm-v${helm_version}-linux-${helm_arch}.tar.gz  http://storage.googleapis.com/kubernetes-helm/helm-v${helm_version}-linux-${helm_arch}.tar.gz \
+# TODO(mandre) check for file integrity instead of downloading from an HTTPS source
+RUN curl -Lo /tmp/helm-v${helm_version}-linux-${helm_arch}.tar.gz  https://storage.googleapis.com/kubernetes-helm/helm-v${helm_version}-linux-${helm_arch}.tar.gz \
     && sudo tar --strip-components 1 -C /usr/bin linux-${helm_arch}/helm -zxvf /tmp/helm-v${helm_version}-linux-${helm_arch}.tar.gz \
     && sudo chmod 755 /usr/bin/helm \
     && rm /tmp/helm-v${helm_version}-linux-${helm_arch}.tar.gz
diff --git a/docker/macros.j2 b/docker/macros.j2
index d01709271a..aa9c097cbc 100644
--- a/docker/macros.j2
+++ b/docker/macros.j2
@@ -84,7 +84,8 @@ RUN apt-get update \
             && /bin/false
     {% endif %}
 
-    RUN curl -o /usr/bin/kubectl http://storage.googleapis.com/kubernetes-release/release/v1.5.4/bin/linux/${KUBE_ARCH}/kubectl \
+    # TODO(mandre) check for file integrity instead of downloading from an HTTPS source
+    RUN curl -o /usr/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.5.4/bin/linux/${KUBE_ARCH}/kubectl \
         && chmod 755 /usr/bin/kubectl
 {% endmacro %}
 
diff --git a/docker/prometheus/prometheus-cadvisor/Dockerfile.j2 b/docker/prometheus/prometheus-cadvisor/Dockerfile.j2
index c4b1886619..427961f469 100644
--- a/docker/prometheus/prometheus-cadvisor/Dockerfile.j2
+++ b/docker/prometheus/prometheus-cadvisor/Dockerfile.j2
@@ -22,7 +22,7 @@ RUN curl -ssL -o /opt/cadvisor https://github.com/google/cadvisor/releases/downl
         {% set cadvisor_packages = [
              'libjs-bootstrap',
              'libjs-jquery',
-             'http://snapshot.debian.org/archive/debian/20180503T060640Z/pool/main/c/cadvisor/cadvisor_0.27.1+dfsg2-1_arm64.deb'
+             'https://snapshot.debian.org/archive/debian/20180503T060640Z/pool/main/c/cadvisor/cadvisor_0.27.1+dfsg2-1_arm64.deb'
         ] %}
 
 {{ macros.install_packages(cadvisor_packages | customizable("packages")) }}
diff --git a/docker/rabbitmq/Dockerfile.j2 b/docker/rabbitmq/Dockerfile.j2
index 6c9f3a816e..b737941b63 100644
--- a/docker/rabbitmq/Dockerfile.j2
+++ b/docker/rabbitmq/Dockerfile.j2
@@ -27,7 +27,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
          ] %}
     {% else %}
          {% set rabbitmq_packages = rabbitmq_packages + [
-             'http://www.rabbitmq.com/releases/rabbitmq-server/v3.6.5/rabbitmq-server_3.6.5-1_all.deb',
+             'https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.5/rabbitmq-server_3.6.5-1_all.deb',
          ] %}
     {% endif %}
 
@@ -52,7 +52,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
 
 RUN rm -rf /var/lib/rabbitmq/* \
     && ln -s /usr/lib/rabbitmq/lib/rabbitmq_server-3.6.* /usr/lib/rabbitmq/lib/rabbitmq_server-3.6 \
-    && curl -o /usr/lib/rabbitmq/lib/rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x-667f92b0.ez http://www.rabbitmq.com/community-plugins/v3.6.x/rabbitmq_clusterer-3.6.x-667f92b0.ez \
+    && curl -o /usr/lib/rabbitmq/lib/rabbitmq_server-3.6/plugins/rabbitmq_clusterer-3.6.x-667f92b0.ez https://www.rabbitmq.com/community-plugins/v3.6.x/rabbitmq_clusterer-3.6.x-667f92b0.ez \
     && /usr/lib/rabbitmq/bin/rabbitmq-plugins enable --offline \
        rabbitmq_management \
        rabbitmq_clusterer
diff --git a/kolla/common/config.py b/kolla/common/config.py
index a6bdbc08b1..18cfe9e3d4 100755
--- a/kolla/common/config.py
+++ b/kolla/common/config.py
@@ -43,7 +43,9 @@ DELOREAN_DEPS = "https://trunk.rdoproject.org/centos7/delorean-deps.repo"
 
 INSTALL_TYPE_CHOICES = ['binary', 'source', 'rdo', 'rhos']
 
-TARBALLS_BASE = "http://tarballs.openstack.org"
+# TODO(mandre) check for file integrity instead of downloading from an HTTPS
+# source
+TARBALLS_BASE = "https://tarballs.openstack.org"
 
 _PROFILE_OPTS = [
     cfg.ListOpt('infra',