diff --git a/roles/etcd/handlers/backup.yml b/roles/etcd/handlers/backup.yml
index bfcac72fc..9a611296b 100644
--- a/roles/etcd/handlers/backup.yml
+++ b/roles/etcd/handlers/backup.yml
@@ -30,14 +30,20 @@
     mode: 0600
 
 - name: Backup etcd v2 data
-  command: "{{ bin_dir }}/etcdctl backup --data-dir {{ etcd_data_dir }} --backup-dir {{ etcd_backup_directory }}"
+  command: >-
+    {{ bin_dir }}/etcdctl backup
+      --data-dir {{ etcd_data_dir }}
+      --backup-dir {{ etcd_backup_directory }}
   environment:
     ETCDCTL_API: 2
   retries: 3
   delay: "{{ retry_stagger | random + 3 }}"
 
 - name: Backup etcd v3 data
-  command: "{{ bin_dir }}/etcdctl --endpoints={{ etcd_access_addresses }} snapshot save {{ etcd_backup_directory }}/snapshot.db"
+  command: >-
+    {{ bin_dir }}/etcdctl
+      --endpoints={{ etcd_access_addresses }}
+      snapshot save {{ etcd_backup_directory }}/snapshot.db
   environment:
     ETCDCTL_API: 3
   retries: 3
diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml
index 633b1d602..db67f706c 100644
--- a/roles/etcd/tasks/configure.yml
+++ b/roles/etcd/tasks/configure.yml
@@ -12,6 +12,15 @@
   when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0
   shell: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} member add {{ etcd_member_name }} {{ etcd_peer_url }}"
 
+- name: Install etcd launch script
+  template:
+    src: etcd.j2
+    dest: "{{ bin_dir }}/etcd"
+    owner: 'root'
+    mode: 0755
+    backup: yes
+  notify: restart etcd
+
 - name: Configure | Copy etcd.service systemd file
   template:
     src: "etcd-{{ etcd_deployment_type }}.service.j2"
diff --git a/roles/etcd/tasks/refresh_config.yml b/roles/etcd/tasks/refresh_config.yml
index 80a03a7d6..e6f8186d3 100644
--- a/roles/etcd/tasks/refresh_config.yml
+++ b/roles/etcd/tasks/refresh_config.yml
@@ -1,7 +1,7 @@
 ---
 - name: Refresh config | Create etcd config file
   template:
-    src: etcd.j2
+    src: etcd.env.yml
     dest: /etc/etcd.env
   notify: restart etcd
   when: is_etcd_master
diff --git a/roles/etcd/templates/etcd-docker.service.j2 b/roles/etcd/templates/etcd-docker.service.j2
index 24f768dd7..c5cae99cf 100644
--- a/roles/etcd/templates/etcd-docker.service.j2
+++ b/roles/etcd/templates/etcd-docker.service.j2
@@ -6,25 +6,8 @@ After=docker.service
 [Service]
 User=root
 PermissionsStartOnly=true
-ExecStart={{ docker_bin_dir }}/docker run --restart=on-failure:5 \
---env-file=/etc/etcd.env \
-{# TODO(mattymo): Allow docker IP binding and disable in envfile
-   -p 2380:2380 -p 2379:2379 #}
---net=host \
--v /etc/ssl/certs:/etc/ssl/certs:ro \
--v {{ etcd_cert_dir }}:{{ etcd_cert_dir }}:ro \
--v {{ etcd_data_dir }}:/var/lib/etcd:rw \
-{% if etcd_memory_limit is defined %}
---memory={{ etcd_memory_limit|regex_replace('Mi', 'M') }} \
-{% endif %}
-{% if etcd_cpu_limit is defined %}
---cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
-{% endif %}
---name={{ etcd_member_name | default("etcd") }} \
-{{ etcd_image_repo }}:{{ etcd_image_tag }} \
-{% if etcd_after_v3 %}
-{{ etcd_container_bin_dir }}etcd
-{% endif %}
+EnvironmentFile=/etc/etcd.env
+ExecStart={{ bin_dir }}/etcd
 ExecStartPre=-{{ docker_bin_dir }}/docker rm -f {{ etcd_member_name | default("etcd") }}
 ExecReload={{ docker_bin_dir }}/docker restart {{ etcd_member_name | default("etcd") }}
 ExecStop={{ docker_bin_dir }}/docker stop {{ etcd_member_name | default("etcd") }}
diff --git a/roles/etcd/templates/etcd.env.yml b/roles/etcd/templates/etcd.env.yml
new file mode 100644
index 000000000..07e200e03
--- /dev/null
+++ b/roles/etcd/templates/etcd.env.yml
@@ -0,0 +1,22 @@
+ETCD_DATA_DIR={{ etcd_data_dir }}
+ETCD_ADVERTISE_CLIENT_URLS={{ etcd_client_url }}
+ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }}
+ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %}
+
+ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2379,https://127.0.0.1:2379
+ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }}
+ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }}
+ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
+ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2380
+ETCD_NAME={{ etcd_member_name }}
+ETCD_PROXY=off
+ETCD_INITIAL_CLUSTER={{ etcd_peer_addresses }}
+
+# TLS settings
+ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
+ETCD_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
+ETCD_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
+ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
+ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
+ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
+ETCD_PEER_CLIENT_CERT_AUTH=true
diff --git a/roles/etcd/templates/etcd.j2 b/roles/etcd/templates/etcd.j2
index 07e200e03..479d85af8 100644
--- a/roles/etcd/templates/etcd.j2
+++ b/roles/etcd/templates/etcd.j2
@@ -1,22 +1,20 @@
-ETCD_DATA_DIR={{ etcd_data_dir }}
-ETCD_ADVERTISE_CLIENT_URLS={{ etcd_client_url }}
-ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }}
-ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %}
-
-ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2379,https://127.0.0.1:2379
-ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }}
-ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }}
-ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
-ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2380
-ETCD_NAME={{ etcd_member_name }}
-ETCD_PROXY=off
-ETCD_INITIAL_CLUSTER={{ etcd_peer_addresses }}
-
-# TLS settings
-ETCD_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
-ETCD_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
-ETCD_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
-ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
-ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
-ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
-ETCD_PEER_CLIENT_CERT_AUTH=true
+#!/bin/bash
+{{ docker_bin_dir }}/docker run \
+  --restart=on-failure:5 \
+  --env-file=/etc/etcd.env \
+  --net=host \
+  -v /etc/ssl/certs:/etc/ssl/certs:ro \
+  -v {{ etcd_cert_dir }}:{{ etcd_cert_dir }}:ro \
+  -v {{ etcd_data_dir }}:/var/lib/etcd:rw \
+  {% if etcd_memory_limit is defined %}
+  --memory={{ etcd_memory_limit|regex_replace('Mi', 'M') }} \
+  {% endif %}
+  {% if etcd_cpu_limit is defined %}
+  --cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
+  {% endif %}
+  --name={{ etcd_member_name | default("etcd") }} \
+  {{ etcd_image_repo }}:{{ etcd_image_tag }} \
+  {% if etcd_after_v3 %}
+  {{ etcd_container_bin_dir }}etcd \
+  {% endif %}
+  "$@"
diff --git a/roles/kubernetes/node/tasks/install_docker.yml b/roles/kubernetes/node/tasks/install_docker.yml
index 3a0dd87d9..b74511bdd 100644
--- a/roles/kubernetes/node/tasks/install_docker.yml
+++ b/roles/kubernetes/node/tasks/install_docker.yml
@@ -1,9 +1,9 @@
 ---
 - name: install | Install kubelet launch script
-  template: 
-    src: kubelet-container.j2 
-    dest: "{{ bin_dir }}/kubelet" 
-    owner: kube 
-    mode: 0755 
+  template:
+    src: kubelet-container.j2
+    dest: "{{ bin_dir }}/kubelet"
+    owner: kube
+    mode: 0755
     backup: yes
   notify: restart kubelet