diff --git a/roles/kubernetes/common/defaults/main.yml b/roles/kubernetes/common/defaults/main.yml
index 367a2c34fa0906fc048910f2b8507808457088b2..fe8cdeb5bf4eee9dff11c0d02c094fa93411d171 100644
--- a/roles/kubernetes/common/defaults/main.yml
+++ b/roles/kubernetes/common/defaults/main.yml
@@ -31,10 +31,14 @@ kube_cert_group: kube-cert
 dns_domain: "{{ cluster_name }}"
 
 kube_proxy_mode: iptables
-kube_master_port: 443
+
 # IP address of the DNS server.
 # Kubernetes will create a pod with several containers, serving as the DNS
 # server and expose it under this IP address. The IP address must be from
 # the range specified as kube_service_addresses. This magic will actually
 # pick the 10th ip address in the kube_service_addresses range and use that.
 # dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(253)|ipaddr('address') }}"
+
+# kube_api_runtime_config:
+#   - extensions/v1beta1/daemonsets=true
+#   - extensions/v1beta1/deployments=true
diff --git a/roles/kubernetes/master/handlers/main.yml b/roles/kubernetes/master/handlers/main.yml
index 90cd7d5e88a038c2b04b331e348aa4b87996d8da..4e7644b3297b9d52c38e88a73dc67691fffa6eeb 100644
--- a/roles/kubernetes/master/handlers/main.yml
+++ b/roles/kubernetes/master/handlers/main.yml
@@ -3,30 +3,54 @@
   command: /bin/true
   notify:
     - reload systemd
-    - restart apiserver
-    - restart controller-manager
-    - restart scheduler
-    - restart proxy
+    - restart reloaded-scheduler
+    - restart reloaded-controller-manager
+    - restart reloaded-apiserver
+    - restart reloaded-proxy
 
 - name: reload systemd
   command: systemctl daemon-reload
 
 - name: restart apiserver
+  command: /bin/true
+  notify:
+    - reload systemd
+    - restart reloaded-apiserver
+
+- name: restart reloaded-apiserver
   service:
     name: kube-apiserver
     state: restarted
 
 - name: restart controller-manager
+  command: /bin/true
+  notify:
+    - reload systemd
+    - restart reloaded-controller-manager
+
+- name: restart reloaded-controller-manager
   service:
     name: kube-controller-manager
     state: restarted
 
 - name: restart scheduler
+  command: /bin/true
+  notify:
+    - reload systemd
+    - restart reloaded-scheduler
+
+- name: restart reloaded-scheduler
   service:
     name: kube-scheduler
     state: restarted
 
 - name: restart proxy
+  command: /bin/true
+  notify:
+    - reload systemd
+    - restart reloaded-proxy
+
+- name: restart reloaded-proxy
   service:
     name: kube-proxy
     state: restarted
diff --git a/roles/kubernetes/master/tasks/config.yml b/roles/kubernetes/master/tasks/config.yml
index 8ba0366d84b5543156aa5764911d8ea807516fe8..5c4daeaa25e44ce192c3fdc14d8041d4c2e274c9 100644
--- a/roles/kubernetes/master/tasks/config.yml
+++ b/roles/kubernetes/master/tasks/config.yml
@@ -20,7 +20,7 @@
 - name: write the config files for api server
   template: src=apiserver.j2 dest={{ kube_config_dir }}/apiserver backup=yes
   notify:
-    - restart daemons
+    - restart apiserver
 
 - name: write config file for controller-manager
   template: src=controller-manager.j2 dest={{ kube_config_dir }}/controller-manager backup=yes
@@ -48,7 +48,7 @@
 - name: write the config files for proxy
   template: src=proxy.j2 dest={{ kube_config_dir }}/proxy backup=yes
   notify:
-    - restart daemons
+    - restart proxy
 
 - name: write the kubecfg (auth) file for proxy
   template: src=proxy.kubeconfig.j2 dest={{ kube_config_dir }}/proxy.kubeconfig backup=yes
diff --git a/roles/kubernetes/master/tasks/install.yml b/roles/kubernetes/master/tasks/install.yml
index c4ec6baeed7d963122c622d8a5224fcc84e8c5a1..92d1945154c6ddc3447d834154abd7066fc60353 100644
--- a/roles/kubernetes/master/tasks/install.yml
+++ b/roles/kubernetes/master/tasks/install.yml
@@ -1,19 +1,19 @@
 ---
 - name: Write kube-apiserver systemd init file
   template: src=systemd-init/kube-apiserver.service.j2 dest=/etc/systemd/system/kube-apiserver.service backup=yes
-  notify: restart daemons
+  notify: restart apiserver
 
 - name: Write kube-controller-manager systemd init file
   template: src=systemd-init/kube-controller-manager.service.j2 dest=/etc/systemd/system/kube-controller-manager.service backup=yes
-  notify: restart daemons
+  notify: restart controller-manager
 
 - name: Write kube-scheduler systemd init file
   template: src=systemd-init/kube-scheduler.service.j2 dest=/etc/systemd/system/kube-scheduler.service backup=yes
-  notify: restart daemons
+  notify: restart scheduler
 
 - name: Write kube-proxy systemd init file
   template: src=systemd-init/kube-proxy.service.j2 dest=/etc/systemd/system/kube-proxy.service backup=yes
-  notify: restart daemons
+  notify: restart proxy
 
 - name: Install kubernetes binaries
   copy:
diff --git a/roles/kubernetes/master/templates/apiserver.j2 b/roles/kubernetes/master/templates/apiserver.j2
index 4a69b1cc9e64246295b3a8ae625d369f2c4bb2ed..0a38d5c87cafb40f376cffa95243e9e509ddfc4d 100644
--- a/roles/kubernetes/master/templates/apiserver.j2
+++ b/roles/kubernetes/master/templates/apiserver.j2
@@ -21,5 +21,8 @@ KUBE_ETCD_SERVERS="--etcd_servers={% for node in groups['etcd'] %}http://{{ node
 # default admission control policies
 KUBE_ADMISSION_CONTROL="--admission_control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota"
 
+# RUNTIME API CONFIGURATION (e.g. enable extensions)
+KUBE_RUNTIME_CONFIG="{% if kube_api_runtime_config is defined %}{% for conf in kube_api_runtime_config %}--runtime-config={{ conf }} {% endfor %}{% endif %}"
+
 # Add you own!
 KUBE_API_ARGS="--tls_cert_file={{ kube_cert_dir }}/server.crt --tls_private_key_file={{ kube_cert_dir }}/server.key --client_ca_file={{ kube_cert_dir }}/ca.crt --token_auth_file={{ kube_token_dir }}/known_tokens.csv --basic-auth-file={{ kube_users_dir }}/known_users.csv --service_account_key_file={{ kube_cert_dir }}/server.crt"
diff --git a/roles/kubernetes/master/templates/systemd-init/kube-apiserver.service.j2 b/roles/kubernetes/master/templates/systemd-init/kube-apiserver.service.j2
index 1c478c41fe591c1905060fcb7d4ea66b5c32b125..c2dd67484a49d614c465f6bbb1dc393612d45a10 100644
--- a/roles/kubernetes/master/templates/systemd-init/kube-apiserver.service.j2
+++ b/roles/kubernetes/master/templates/systemd-init/kube-apiserver.service.j2
@@ -19,6 +19,7 @@ ExecStart={{ bin_dir }}/kube-apiserver \
 	    $KUBE_ALLOW_PRIV \
 	    $KUBE_SERVICE_ADDRESSES \
 	    $KUBE_ADMISSION_CONTROL \
+	    $KUBE_RUNTIME_CONFIG \
 	    $KUBE_API_ARGS
 Restart=on-failure
 Type=notify
diff --git a/roles/kubernetes/node/handlers/main.yml b/roles/kubernetes/node/handlers/main.yml
index b2327a3460ce7faf1f4b5c27b5f712ef480ae355..9abb8ff25a8f7ce470767c3974728064646cb896 100644
--- a/roles/kubernetes/node/handlers/main.yml
+++ b/roles/kubernetes/node/handlers/main.yml
@@ -2,18 +2,31 @@
 - name: restart daemons
   command: /bin/true
   notify:
-    - restart kubelet
-    - restart proxy
+    - reload systemd
+    - restart reloaded-kubelet
+    - restart reloaded-proxy
+
+- name: reload systemd
+  command: systemctl daemon-reload
 
 - name: restart kubelet
+  command: /bin/true
+  notify:
+    - reload systemd
+    - restart reloaded-kubelet
+
+- name: restart reloaded-kubelet
   service:
     name: kubelet
     state: restarted
 
 - name: restart proxy
+  command: /bin/true
+  notify:
+    - reload systemd
+    - restart reloaded-proxy
+
+- name: restart reloaded-proxy
   service:
     name: kube-proxy
     state: restarted
-
-- name: reload systemd
-  command: systemctl daemon-reload