diff --git a/cluster/saltbase/salt/kube-admission-controls/init.sls b/cluster/saltbase/salt/kube-admission-controls/init.sls
new file mode 100644
index 00000000000..55cfd017805
--- /dev/null
+++ b/cluster/saltbase/salt/kube-admission-controls/init.sls
@@ -0,0 +1,10 @@
+{% if 'LimitRanger' in pillar.get('admission_control', '') %}
+/etc/kubernetes/admission-controls/limit-range:
+  file.recurse:
+    - source: salt://kube-admission-controls/limit-range
+    - include_pat: E@(^.+\.yaml$|^.+\.json$)
+    - user: root
+    - group: root
+    - dir_mode: 755
+    - file_mode: 644
+{% endif %}
diff --git a/cluster/saltbase/salt/kube-admission-controls/limit-range/limit-range.yaml b/cluster/saltbase/salt/kube-admission-controls/limit-range/limit-range.yaml
new file mode 100644
index 00000000000..bda18808822
--- /dev/null
+++ b/cluster/saltbase/salt/kube-admission-controls/limit-range/limit-range.yaml
@@ -0,0 +1,9 @@
+apiVersion: "v1beta3"
+kind: "LimitRange"
+metadata:
+  name: "limits"
+spec:
+  limits:
+    - type: "Container"
+      default:
+        cpu: "100m"
diff --git a/cluster/saltbase/salt/top.sls b/cluster/saltbase/salt/top.sls
index c1aa08c50d2..d95588b8fcf 100644
--- a/cluster/saltbase/salt/top.sls
+++ b/cluster/saltbase/salt/top.sls
@@ -39,6 +39,7 @@ base:
     - cadvisor
     - kube-client-tools
     - kube-master-addons
+    - kube-admission-controls
 {% if grains['cloud'] is defined and grains['cloud'] != 'vagrant' %}
     - logrotate
 {% endif %}