diff --git a/.circleci/config.yml b/.circleci/config.yml
index 065d9bf..449018d 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -13,7 +13,7 @@ linuxkit_pkg_build: &linuxkit_pkg_build
         at: /workspace
     - checkout
     - setup_remote_docker:
-        version: 17.06.1-ce
+        version: 18.06.0-ce
     - run:
         name: Docker version
         command: |
@@ -47,7 +47,7 @@ image_build: &image_build
         at: /workspace
     - checkout
     - setup_remote_docker:
-        version: 17.06.1-ce
+        version: 18.06.0-ce
     - run:
         name: Importing packages from workspace
         command: |
@@ -102,13 +102,13 @@ jobs:
       - run:
           name: Fetch binaries
           command: |
-            curl -fsSL -o /tmp/docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-18.03.0-ce.tgz
+            curl -fsSL -o /tmp/docker.tgz https://download.docker.com/linux/static/stable/x86_64/docker-18.06.0-ce.tgz
             tar xfO /tmp/docker.tgz docker/docker > /workspace/bin/docker
             # To update find the most recent successful build at https://circleci.com/gh/linuxkit/linuxkit/tree/master
             # and find the link + SHA256 in the `Artifacts` tab
-            curl -fsSL -o /workspace/bin/linuxkit https://github.com/linuxkit/linuxkit/releases/download/v0.4/linuxkit-linux-amd64
-            curl -fsSL -o /workspace/bin/manifest-tool https://github.com/estesp/manifest-tool/releases/download/v0.7.0/manifest-tool-linux-amd64
-            curl -fsSL -o /workspace/bin/notary https://github.com/theupdateframework/notary/releases/download/v0.6.0/notary-Linux-amd64
+            curl -fsSL -o /workspace/bin/linuxkit https://github.com/linuxkit/linuxkit/releases/download/v0.7/linuxkit-linux-amd64
+            curl -fsSL -o /workspace/bin/manifest-tool https://github.com/estesp/manifest-tool/releases/download/v0.9.0/manifest-tool-linux-amd64
+            curl -fsSL -o /workspace/bin/notary https://github.com/theupdateframework/notary/releases/download/v0.6.1/notary-Linux-amd64
 
             echo "Downloaded:"
             sha256sum /workspace/bin/*
@@ -116,10 +116,10 @@ jobs:
 
             echo "Checking checksums"
             sha256sum -c <<EOF
-            f5ea546a4ccd64fbb71825f964171256388f1181b000f3c56747075e383c81c6  /workspace/bin/docker
-            57074fda28aefdefaec96866b178d1d0b8d3e251725c506d4e22851032733649  /workspace/bin/linuxkit
-            e4ca2ef0015a4be8597d31d9e3e70d88da33924ae72b0999e9f3b79304d4710d  /workspace/bin/manifest-tool
-            f4e421b3bb3c32c39372f7f02fbe80c67580cccd381f9722b1c702b3ab63a1c7  /workspace/bin/notary
+            7ceb584cedba158b335fa2df11556cd70c6c528c7c93ceb3bf9aa13903e824cd  /workspace/bin/docker
+            c747033343315774b6e51f618eb143d5714e398a32b59b9b6acab23b599dd970  /workspace/bin/linuxkit
+            80906341c3306e3838437eeb08fff5da2c38bd89149019aa301c7745e07ea8f9  /workspace/bin/manifest-tool
+            73353b2b4b85604c738a6800465133cb3a828dff0aa26f3c0926dd9a73e19879  /workspace/bin/notary
             EOF
       - run:
           name: Versions
@@ -146,7 +146,7 @@ jobs:
       - attach_workspace:
           at: /workspace
       - setup_remote_docker:
-          version: 17.06.1-ce
+          version: 18.06.0-ce
       - run:
           name: Docker version
           command: |
@@ -194,6 +194,8 @@ jobs:
                 exit 1
             fi
 
+  pkg-eudev:
+    <<: *linuxkit_pkg_build
   pkg-kubelet:
     <<: *linuxkit_pkg_build
   pkg-cri-containerd:
@@ -247,7 +249,7 @@ jobs:
           at: /workspace
       - checkout
       - setup_remote_docker:
-          version: 17.06.1-ce
+          version: 18.06.0-ce
       - run:
           name: Docker version
           command: |
@@ -274,6 +276,7 @@ jobs:
             mkdir -p ~/.docker/trust/private
             cp .circleci/content-trust.key ~/.docker/trust/private/b056f84873aa0be205dfe826afa6e7458120c9569dd19a2a84154498fb1165d5.key
 
+            linuxkit pkg push --nobuild pkg/eudev
             linuxkit pkg push --nobuild pkg/kubelet
             linuxkit pkg push --nobuild pkg/cri-containerd
             linuxkit pkg push --nobuild pkg/kube-e2e-test
@@ -289,6 +292,9 @@ workflows:
           requires:
             - dependencies
 
+      - pkg-eudev:
+          requires:
+            - dependencies
       - pkg-kubelet:
           requires:
             - dependencies
@@ -334,6 +340,7 @@ workflows:
           # but be more explicit.
           requires:
             - lint
+            - pkg-eudev
             - pkg-kubelet
             - pkg-cri-containerd
             - pkg-kube-e2e-test
diff --git a/.gitignore b/.gitignore
index d8f30c0..471a48b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,8 @@
 *.iso
+*.tar
 kube-*-kernel
 kube-*-cmdline
 kube-*-initrd.img
 kube-*-state
 kube-weave.yaml
+kube-calico.yaml
diff --git a/Makefile b/Makefile
index 3ece7f8..393bfe6 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,8 @@
 KUBE_RUNTIME ?= docker
 KUBE_NETWORK ?= weave
-
-KUBE_NETWORK_WEAVE ?= v2.2.1
+KUBE_VERSION ?= 1.15
+KUBE_NETWORK_WEAVE ?= v2.5.2
+KUBE_NETWORK_CALICO ?= v3.8
 
 ifeq ($(shell uname -s),Darwin)
 KUBE_FORMATS ?= iso-efi
@@ -25,7 +26,12 @@ node: yml/kube.yml yml/$(KUBE_RUNTIME).yml yml/$(KUBE_NETWORK).yml $(KUBE_EXTRA_
 yml/weave.yml: kube-weave.yaml
 
 kube-weave.yaml:
-	curl -L -o $@ https://cloud.weave.works/k8s/v1.8/net?v=$(KUBE_NETWORK_WEAVE)
+	curl -L -o $@ https://cloud.weave.works/k8s/v$(KUBE_VERSION)/net?v=$(KUBE_NETWORK_WEAVE)
+
+yml/calico.yml: kube-calico.yaml
+
+kube-calico.yaml:
+	curl -L -o $@ https://docs.projectcalico.org/${KUBE_NETWORK_CALICO}/manifests/calico.yaml
 
 .PHONY: update-hashes
 update-hashes:
@@ -41,7 +47,7 @@ update-hashes:
 clean:
 	rm -f -r \
 	  kube-*-kernel kube-*-cmdline kube-*-state kube-*-initrd.img *.iso \
-	  kube-weave.yaml
+	  kube-weave.yaml kube-calico.yaml
 
 .PHONY: refresh-image-caches
 refresh-image-caches:
diff --git a/pkg/cri-containerd/Dockerfile b/pkg/cri-containerd/Dockerfile
index fe1093d..83fe529 100644
--- a/pkg/cri-containerd/Dockerfile
+++ b/pkg/cri-containerd/Dockerfile
@@ -1,4 +1,4 @@
-FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
+FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build
 
 RUN \
   apk add \
diff --git a/pkg/eudev/Dockerfile b/pkg/eudev/Dockerfile
new file mode 100644
index 0000000..be55e51
--- /dev/null
+++ b/pkg/eudev/Dockerfile
@@ -0,0 +1,22 @@
+FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS mirror
+
+RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
+
+RUN apk add --no-cache --initdb -p /out \
+    alpine-baselayout \
+    busybox \
+    ca-certificates \
+    tini \
+    eudev \
+    && true
+
+# Remove apk residuals. We have a read-only rootfs, so apk is of no use.
+RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
+
+FROM scratch
+WORKDIR /
+ENTRYPOINT []
+COPY --from=mirror /out /
+COPY etc/ /etc/
+COPY usr/ /usr/
+CMD ["/sbin/tini", "/usr/bin/udevd.sh"]
diff --git a/pkg/eudev/build.yml b/pkg/eudev/build.yml
new file mode 100644
index 0000000..77e9083
--- /dev/null
+++ b/pkg/eudev/build.yml
@@ -0,0 +1,22 @@
+org: linuxkit
+image: eudev
+network: true
+arches:
+  - amd64
+config:
+  binds:
+  - /dev:/dev
+  - /run:/run:rshared,rbind
+  - /var:/var:rshared,rbind
+  capabilities:
+  - all
+  rootfsPropagation: shared
+  pid: host
+  runtime:
+    mkdir:
+    - /run/udev
+    mounts:
+    - type: bind
+      source: /run/udev
+      destination: /run/udev
+      options: ["rw","bind"]
diff --git a/pkg/eudev/etc/udev/udev.conf b/pkg/eudev/etc/udev/udev.conf
new file mode 100644
index 0000000..ffbaf2c
--- /dev/null
+++ b/pkg/eudev/etc/udev/udev.conf
@@ -0,0 +1,3 @@
+# see udev.conf(5) for details
+
+udev_log="info"
diff --git a/pkg/eudev/usr/bin/udevd.sh b/pkg/eudev/usr/bin/udevd.sh
new file mode 100755
index 0000000..bbe03bb
--- /dev/null
+++ b/pkg/eudev/usr/bin/udevd.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+udevadm hwdb --update
+exec /sbin/udevd
diff --git a/pkg/kube-e2e-test/Dockerfile b/pkg/kube-e2e-test/Dockerfile
index c27d029..c5bbf05 100644
--- a/pkg/kube-e2e-test/Dockerfile
+++ b/pkg/kube-e2e-test/Dockerfile
@@ -1,4 +1,4 @@
-FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
+FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build
 
 # When changing kubernetes_version remember to also update:
 # - scripts/mk-image-cache-lst and run `make refresh-image-caches` from top-level
diff --git a/pkg/kubelet/Dockerfile b/pkg/kubelet/Dockerfile
index 6d131c4..39c7c03 100644
--- a/pkg/kubelet/Dockerfile
+++ b/pkg/kubelet/Dockerfile
@@ -1,11 +1,11 @@
-FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
+FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build
 
 # When changing kubernetes_version remember to also update:
 # - scripts/mk-image-cache-lst and run `make refresh-image-caches` from top-level
 # - pkg/e2e-test/Dockerfile
-ENV kubernetes_version v1.10.3
-ENV cni_version        v0.7.1
-ENV critools_version   v1.0.0-alpha.0
+ENV kubernetes_version v1.15.1
+ENV cni_version        v0.8.1
+ENV critools_version   v1.15.0
 
 RUN apk add -U --no-cache \
   bash \
@@ -19,6 +19,7 @@ RUN apk add -U --no-cache \
   linux-headers \
   make \
   rsync \
+  py-prettytable \
   && true
 
 ENV GOPATH=/go PATH=$PATH:/go/bin
@@ -54,7 +55,7 @@ RUN set -e;  \
         git fetch origin "CNI_BRANCH"; \
     fi; \
     git checkout -q $CNI_COMMIT
-RUN ./build.sh
+RUN ./build_linux.sh
 
 ### critools
 
@@ -94,6 +95,12 @@ RUN apk add --no-cache --initdb -p /out \
     socat \
     util-linux \
     nfs-utils \
+    ceph-common \
+    rbd-nbd \
+    py-prettytable \
+    e2fsprogs \
+    xfsprogs \
+    btrfs-progs \
     && true
 
 RUN cp $GOPATH/src/github.com/kubernetes/kubernetes/_output/bin/kubelet /out/usr/bin/kubelet
@@ -116,4 +123,5 @@ FROM scratch
 WORKDIR /
 ENTRYPOINT ["/usr/bin/kubelet.sh"]
 COPY --from=build /out /
+COPY --from=docker:18.06.3-ce /usr/local/bin/docker /usr/local/bin/docker
 ENV KUBECONFIG "/etc/kubernetes/admin.conf"
diff --git a/pkg/kubelet/build.yml b/pkg/kubelet/build.yml
index 1cd77b5..57b602c 100644
--- a/pkg/kubelet/build.yml
+++ b/pkg/kubelet/build.yml
@@ -36,6 +36,7 @@ config:
     - /var/lib/cni/bin
     - /var/lib/kubelet-plugins
     - /var/lib/nfs/statd/sm
+    - /run/udev
     mounts:
     - type: bind
       source: /var/lib/cni/bin
@@ -45,3 +46,7 @@ config:
       source: /var/lib/cni/conf
       destination: /etc/cni/net.d
       options: ["rw","bind"]
+    - type: bind
+      source: /run/udev
+      destination: /run/udev
+      options: ["rw","bind"]
diff --git a/pkg/kubelet/kubelet.sh b/pkg/kubelet/kubelet.sh
index d002e48..37a419d 100755
--- a/pkg/kubelet/kubelet.sh
+++ b/pkg/kubelet/kubelet.sh
@@ -2,6 +2,10 @@
 # Kubelet outputs only to stderr, so arrange for everything we do to go there too
 exec 1>&2
 
+# Need to remount the CNI plugins mount, because it's noexec when no disk
+# is present in the host (tmpfs)
+mount -o remount,exec /opt/cni/bin
+
 if [ -e /etc/kubelet.sh.conf ] ; then
     . /etc/kubelet.sh.conf
 fi
@@ -79,7 +83,18 @@ else
         "enforceNodeAllocatable": [],
         "kubeReservedCgroup": "podruntime",
         "systemReservedCgroup": "systemreserved",
-        "cgroupRoot": "kubepods"
+        "cgroupRoot": "kubepods",
+        "authentication": {
+            "x509": {
+                "clientCAFile": "/etc/kubernetes/pki/ca.crt"
+            },
+            "anonymous": {
+                "enabled": true
+            }
+        },
+        "authorization": {
+            "mode": "AlwaysAllow"
+        }
     }
 EOF
 fi
@@ -98,9 +113,7 @@ exec kubelet \
           --config=/run/config/kubelet-config.json \
           --kubeconfig=/etc/kubernetes/kubelet.conf \
           --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \
-          --allow-privileged=true \
           --network-plugin=cni \
           --cni-conf-dir=/etc/cni/net.d \
           --cni-bin-dir=/opt/cni/bin \
-          --cadvisor-port=0 \
           $KUBELET_ARGS $@
diff --git a/pkg/kubernetes-docker-image-cache-common/Dockerfile b/pkg/kubernetes-docker-image-cache-common/Dockerfile
index 0ceb5c4..7105ba5 100644
--- a/pkg/kubernetes-docker-image-cache-common/Dockerfile
+++ b/pkg/kubernetes-docker-image-cache-common/Dockerfile
@@ -1,4 +1,4 @@
-FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
+FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build
 
 RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
 RUN apk add --no-cache --initdb -p /out \
@@ -11,7 +11,7 @@ RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
 FROM scratch
 WORKDIR /
 COPY --from=build /out /
-COPY --from=docker:17.06.0-ce /usr/local/bin/docker /usr/local/bin/docker
+COPY --from=docker:18.06.3-ce /usr/local/bin/docker /usr/local/bin/docker
 COPY dl/*.tar /images/
 ENTRYPOINT [ "/bin/sh", "-c" ]
-CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
+CMD [ "sleep 10; for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
diff --git a/pkg/kubernetes-docker-image-cache-common/images.lst b/pkg/kubernetes-docker-image-cache-common/images.lst
index a1ad79e..4bf14d6 100644
--- a/pkg/kubernetes-docker-image-cache-common/images.lst
+++ b/pkg/kubernetes-docker-image-cache-common/images.lst
@@ -1,7 +1,5 @@
 # autogenerated by:
 #    ./scripts/mk-image-cache-lst common
-gcr.io/google_containers/kube-proxy-amd64:v1.10.3@sha256:568df575bb2e630abfd4a4754a23a8af7b13c3f4a526796af01021eda3ff7a30
-gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.8@sha256:23df717980b4aa08d2da6c4cfa327f1b730d92ec9cf740959d2d5911830d82fb
-gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.8@sha256:6d8e0da4fb46e9ea2034a3f4cab0e095618a2ead78720c12e791342738e5f85d
-gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.8@sha256:93c827f018cf3322f1ff2aa80324a0306048b0a69bc274e423071fb0d2d29d8b
-gcr.io/google_containers/pause-amd64:3.1@sha256:59eec8837a4d942cc19a52b8c09ea75121acc38114a2c68b98983ce9356b8610
+gcr.io/google_containers/kube-proxy:v1.15.1@sha256:08186f4897488e96cb098dd8d1d931af9a6ea718bb8737bf44bb76e42075f0ce
+gcr.io/google_containers/coredns:1.3.1@sha256:02382353821b12c21b062c59184e227e001079bb13ebd01f9d3270ba0fcbf1e4
+gcr.io/google_containers/pause:3.1@sha256:59eec8837a4d942cc19a52b8c09ea75121acc38114a2c68b98983ce9356b8610
diff --git a/pkg/kubernetes-docker-image-cache-control-plane/Dockerfile b/pkg/kubernetes-docker-image-cache-control-plane/Dockerfile
index 0ceb5c4..7105ba5 100644
--- a/pkg/kubernetes-docker-image-cache-control-plane/Dockerfile
+++ b/pkg/kubernetes-docker-image-cache-control-plane/Dockerfile
@@ -1,4 +1,4 @@
-FROM linuxkit/alpine:1b05307ae8152e3d38f79e297b0632697a30c65c AS build
+FROM linuxkit/alpine:08c8d8aa3638d035e18499a74faf50eedb8d6cf6-amd64 AS build
 
 RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
 RUN apk add --no-cache --initdb -p /out \
@@ -11,7 +11,7 @@ RUN rm -rf /out/etc/apk /out/lib/apk /out/var/cache
 FROM scratch
 WORKDIR /
 COPY --from=build /out /
-COPY --from=docker:17.06.0-ce /usr/local/bin/docker /usr/local/bin/docker
+COPY --from=docker:18.06.3-ce /usr/local/bin/docker /usr/local/bin/docker
 COPY dl/*.tar /images/
 ENTRYPOINT [ "/bin/sh", "-c" ]
-CMD [ "for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
+CMD [ "sleep 10; for image in /images/*.tar ; do docker image load -i $image && rm -f $image ; done" ]
diff --git a/pkg/kubernetes-docker-image-cache-control-plane/images.lst b/pkg/kubernetes-docker-image-cache-control-plane/images.lst
index 111192e..d97bcd4 100644
--- a/pkg/kubernetes-docker-image-cache-control-plane/images.lst
+++ b/pkg/kubernetes-docker-image-cache-control-plane/images.lst
@@ -1,6 +1,6 @@
 # autogenerated by:
 #    ./scripts/mk-image-cache-lst control-plane
-gcr.io/google_containers/kube-apiserver-amd64:v1.10.3@sha256:a6c4b6b2429d0a15d30a546226e01b1164118e022ad40f3ece2f95126f1580f5
-gcr.io/google_containers/kube-controller-manager-amd64:v1.10.3@sha256:98a3a7dc4c6c60dbeb0273302d697edaa89bd10fceed87ad5144c0b0acc5cced
-gcr.io/google_containers/kube-scheduler-amd64:v1.10.3@sha256:4770e1f1eef2229138e45a2b813c927e971da9c40256a7e2321ccf825af56916
-gcr.io/google_containers/etcd-amd64:3.1.12@sha256:68235934469f3bc58917bcf7018bf0d3b72129e6303b0bef28186d96b2259317
+gcr.io/google_containers/kube-apiserver:v1.15.1@sha256:304a1c38707834062ee87df62ef329d52a8b9a3e70459565d0a396479073f54c
+gcr.io/google_containers/kube-controller-manager:v1.15.1@sha256:9abae95e428e228fe8f6d1630d55e79e018037460f3731312805c0f37471e4bf
+gcr.io/google_containers/kube-scheduler:v1.15.1@sha256:d0ee18a9593013fbc44b1920e4930f29b664b59a3958749763cb33b57e0e8956
+gcr.io/google_containers/etcd:3.3.10@sha256:17da501f5d2a675be46040422a27b7cc21b8a43895ac998b171db1c346f361f7
diff --git a/scripts/mk-image-cache-lst b/scripts/mk-image-cache-lst
index f1c1539..b0514b0 100755
--- a/scripts/mk-image-cache-lst
+++ b/scripts/mk-image-cache-lst
@@ -3,23 +3,21 @@ repo=gcr.io/google_containers
 # When changing kubernetes_version remember to also update:
 # - pkg/kubelet/Dockerfile
 # - pkg/e2e-test/Dockerfile
-kubernetes_version=v1.10.3
-kube_dns_version=1.14.8
+kubernetes_version=v1.15.1
+coredns_version=1.3.1
 pause_version=3.1
-etcd_version=3.1.12
+etcd_version=3.3.10
 
 common="
-	kube-proxy-amd64:$kubernetes_version
-	k8s-dns-sidecar-amd64:$kube_dns_version
-	k8s-dns-kube-dns-amd64:$kube_dns_version
-	k8s-dns-dnsmasq-nanny-amd64:$kube_dns_version
-	pause-amd64:$pause_version"
+	kube-proxy:$kubernetes_version
+	coredns:$coredns_version
+	pause:$pause_version"
 
 control="
-	kube-apiserver-amd64:$kubernetes_version
-	kube-controller-manager-amd64:$kubernetes_version
-	kube-scheduler-amd64:$kubernetes_version
-	etcd-amd64:$etcd_version"
+	kube-apiserver:$kubernetes_version
+	kube-controller-manager:$kubernetes_version
+	kube-scheduler:$kubernetes_version
+	etcd:$etcd_version"
 
 oi() {
 	local i="$1"
diff --git a/yml/calico.yml b/yml/calico.yml
new file mode 100644
index 0000000..24cd5a5
--- /dev/null
+++ b/yml/calico.yml
@@ -0,0 +1,3 @@
+files:
+  - path: /etc/kubeadm/kube-system.init/50-calico.yaml
+    source: kube-calico.yaml
diff --git a/yml/cri-containerd.yml b/yml/cri-containerd.yml
index 6be0fd9..822f406 100644
--- a/yml/cri-containerd.yml
+++ b/yml/cri-containerd.yml
@@ -1,6 +1,6 @@
 services:
   - name: cri-containerd
-    image: linuxkit/cri-containerd:74cb328b786d5cada9ddfca0097675b51c7e7d93
+    image: linuxkit/cri-containerd:f216f883c63b26b48f08af83696d211e7413cca5
     cgroupsPath: podruntime/cri-containerd
 files:
   - path: /etc/kubelet.sh.conf
diff --git a/yml/docker-master.yml b/yml/docker-master.yml
index cb56471..acafe68 100644
--- a/yml/docker-master.yml
+++ b/yml/docker-master.yml
@@ -1,4 +1,4 @@
 services:
   - name: kubernetes-docker-image-cache-control-plane
-    image: linuxkit/kubernetes-docker-image-cache-control-plane:698faae3de953d7fc0f009360bcfce98497afe76
+    image: linuxkit/kubernetes-docker-image-cache-control-plane:0697f819e2e7ddb6238004bc965e1b0832c4d5bd
     cgroupsPath: podruntime/control-cache
diff --git a/yml/docker.yml b/yml/docker.yml
index 34851e2..817357c 100644
--- a/yml/docker.yml
+++ b/yml/docker.yml
@@ -1,6 +1,6 @@
 services:
   - name: docker
-    image: docker:18.03.0-ce-dind
+    image: docker:18.06.3-ce-dind
     capabilities:
      - all
     pid: host
@@ -26,7 +26,7 @@ services:
       mkdir: ["/var/lib/kubeadm", "/var/lib/cni/conf", "/var/lib/cni/bin", "/var/lib/kubelet-plugins"]
     cgroupsPath: podruntime/docker
   - name: kubernetes-docker-image-cache-common
-    image: linuxkit/kubernetes-docker-image-cache-common:2da947148638cbbef869215cdb0e572c0402833c
+    image: linuxkit/kubernetes-docker-image-cache-common:4bf2b793229d248700d46ebfbffcfd57d9c70fce
     cgroupsPath: podruntime/common-cache
 files:
   - path: /etc/kubelet.sh.conf
diff --git a/yml/kube.yml b/yml/kube.yml
index 1289062..6781ca2 100644
--- a/yml/kube.yml
+++ b/yml/kube.yml
@@ -1,47 +1,53 @@
 kernel:
-  image: linuxkit/kernel:4.14.40
+  image: linuxkit/kernel:4.19.56
   cmdline: "console=tty0 console=ttyS0"
 init:
-  - linuxkit/init:c79d7587fcd0a195b8a3ecafe428a30e735cf2b4
-  - linuxkit/runc:d659de11767a419319b175700a7c6f64b8704f8c
-  - linuxkit/containerd:018fc633223d8a49f650da365603a5abccc6a423
-  - linuxkit/ca-certificates:f882e9be933fac737bf1f4d303a4bb49a12f302f
+  - linuxkit/init:v0.7
+  - linuxkit/runc:v0.7
+  - linuxkit/containerd:v0.7
+  - linuxkit/ca-certificates:v0.7
 onboot:
+  - name: modprobe
+    image: linuxkit/modprobe:v0.7
+    command: ["modprobe", "rbd"]
   - name: sysctl
-    image: linuxkit/sysctl:2a98cb7a116d4d8a71498cea0e0ad8116a9b5a3b
+    image: linuxkit/sysctl:v0.7
     binds:
      - /etc/sysctl.d/01-kubernetes.conf:/etc/sysctl.d/01-kubernetes.conf
     readonly: false
   - name: sysfs
-    image: linuxkit/sysfs:dc7b876f395fa44c2b93bad6b987e418497c5b34
+    image: linuxkit/sysfs:v0.7
   - name: dhcpcd
-    image: linuxkit/dhcpcd:193a81bd4a93779c8a048d66e0cb1d201d0ae102
+    image: linuxkit/dhcpcd:v0.7
     command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
   - name: metadata
-    image: linuxkit/metadata:6962be42ec291db67ac9bb4267d8fd06fd464f48
+    image: linuxkit/metadata:v0.7
   - name: format
-    image: linuxkit/format:9a537dd3eaefd02dbc01c598b843fba33da8c1a5
+    image: linuxkit/format:v0.7
   - name: mounts
-    image: linuxkit/mount:a718496fa5ea2a7a9f7552eac64c7f3699fb6a86
+    image: linuxkit/mount:v0.7
     command: ["/usr/bin/mountie", "/var/lib/"]
 services:
-  - name: getty
-    image: linuxkit/getty:3fa8e2240c1392ba4af508d3e6be8548443b12cc
-    env:
-     - INSECURE=true
-    cgroupsPath: systemreserved/getty
   - name: rngd
-    image: linuxkit/rngd:aaa9a63cbc9c04421b160b85aef4df5fa5d0f5f0
+    image: linuxkit/rngd:v0.7
     cgroupsPath: systemreserved/rngd
+  - name: eudev
+    image: linuxkit/eudev:1ca7f912b8d037a5a0bccb2c54c77eaa7fd36f8a
+    cgroupsPath: systemreserved/eudev
   - name: ntpd
-    image: linuxkit/openntpd:413ee972bc71a66030c50bc8daf7385e5c8ea269
+    image: linuxkit/openntpd:v0.7
     cgroupsPath: systemreserved/ntpd
   - name: sshd
-    image: linuxkit/sshd:5544de2376475f6685e12bdc10bfe49f4695873a
+    image: linuxkit/sshd:v0.7
     cgroupsPath: systemreserved/sshd
   - name: kubelet
-    image: linuxkit/kubelet:9aed4553dba72f8424da7b3b3029e3974a5bea7b
+    image: linuxkit/kubelet:cb9348e381e51447843f3c86b1b99cff9e6dbf5e
     cgroupsPath: podruntime/kubelet
+  - name: getty
+    image: linuxkit/getty:v0.7
+    env:
+     - INSECURE=true
+    cgroupsPath: systemreserved/getty
 files:
   - path: etc/linuxkit.yml
     metadata: yaml
@@ -55,7 +61,9 @@ files:
   - path: /etc/kubeadm/
     directory: true
   - path: /etc/sysctl.d/01-kubernetes.conf
-    contents: 'net.ipv4.ip_forward = 1'
+    contents: |+
+      net.ipv4.ip_forward = 1
+      net.bridge.bridge-nf-call-iptables = 1
   - path: /etc/cni/net.d
     directory: true
   - path: /opt/cni/bin