diff --git a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
index 37163c486848f2a6d5f0433163108554bd554336..7eb0dc44dfac1ffb0fb20170e268748a1a9100f9 100644
--- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
@@ -31,6 +31,7 @@ spec:
     - --bind-address={{ ip | default(ansible_default_ipv4.address) }}
     - --cluster-cidr={{ kube_pods_subnet }}
     - --proxy-mode={{ kube_proxy_mode }}
+    - --oom-score-adj=-998
 {% if kube_proxy_masquerade_all and kube_proxy_mode == "iptables" %}
     - --masquerade-all
 {% elif kube_proxy_mode == 'ipvs' %}
@@ -59,6 +60,9 @@ spec:
     - mountPath: /lib/modules
       name: lib-modules
       readOnly: true
+    - mountPath: /run/xtables.lock
+      name: xtables-lock
+      readOnly: false
   volumes:
   - name: ssl-certs-host
     hostPath:
@@ -79,3 +83,7 @@ spec:
   - hostPath:
       path: /lib/modules
     name: lib-modules
+  - hostPath:
+      path: /run/xtables.lock
+      type: FileOrCreate
+    name: xtables-lock