diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 19beba03c5d5b84cc02163789ce7952b0aabeaf8..41b78266b34284443398551c71b4684cb82ba675 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -194,7 +194,7 @@ coredns_version: "1.2.6"
 coredns_image_repo: "coredns/coredns"
 coredns_image_tag: "{{ coredns_version }}"
 
-nodelocaldns_version: "1.15.0"
+nodelocaldns_version: "1.15.1"
 nodelocaldns_image_repo: "k8s.gcr.io/k8s-dns-node-cache"
 nodelocaldns_image_tag: "{{ nodelocaldns_version }}"
 
diff --git a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
index 0f56daa2532bcab1240a633263312479cd035607..ef0d61a7f3bf57912dce294877b68672f6c4d7c4 100644
--- a/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/nodelocaldns.yml
@@ -6,7 +6,7 @@
   with_items:
     - { name: nodelocaldns, file: nodelocaldns-config.yml, type: configmap }
     - { name: nodelocaldns, file: nodelocaldns-sa.yml, type: sa }
-    - { name: nodelocaldns, file: nodelocaldns-deamonset.yml, type: daemonset }
+    - { name: nodelocaldns, file: nodelocaldns-daemonset.yml, type: daemonset }
   register: nodelocaldns_manifests
   vars:
     clusterIP: "{{ skydns_server }}"
diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-deamonset.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
similarity index 74%
rename from roles/kubernetes-apps/ansible/templates/nodelocaldns-deamonset.yml.j2
rename to roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
index c5a4c09aa1992d70019b8f617eee32931b35e652..c7b28d276d775527be1c46d5c6e00dac5ee3b59e 100644
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-deamonset.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-daemonset.yml.j2
@@ -13,8 +13,11 @@ spec:
       k8s-app: nodelocaldns
   template:
     metadata:
-       labels:
-          k8s-app: nodelocaldns
+      labels:
+        k8s-app: nodelocaldns
+      annotations:
+        prometheus.io/scrape: 'true'
+        prometheus.io/port: '9253'
     spec:
 {% if kube_version is version('v1.11.1', '>=') %}
       priorityClassName: system-cluster-critical
@@ -62,6 +65,8 @@ spec:
         volumeMounts:
         - name: config-volume
           mountPath: /etc/coredns
+        - name: xtables-lock
+          mountPath: /run/xtables.lock
       volumes:
         - name: config-volume
           configMap:
@@ -69,4 +74,14 @@ spec:
             items:
             - key: Corefile
               path: Corefile
-      terminationGracePeriodSeconds: 30
+        - name: xtables-lock
+          hostPath:
+            path: /run/xtables.lock
+            type: FileOrCreate
+      # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
+      # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
+      terminationGracePeriodSeconds: 0
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: {{ serial | default('20%') }}
+    type: RollingUpdate