diff --git a/build/common.sh b/build/common.sh
index 365639d56be..a85570be748 100644
--- a/build/common.sh
+++ b/build/common.sh
@@ -91,6 +91,13 @@ readonly DOCKER_DATA_MOUNT_ARGS=(
 readonly RELEASE_STAGE="${LOCAL_OUTPUT_ROOT}/release-stage"
 readonly RELEASE_DIR="${LOCAL_OUTPUT_ROOT}/release-tars"
 
+# The set of master binaries that run in Docker (on Linux)
+readonly KUBE_DOCKER_WRAPPED_BINARIES=(
+  kube-apiserver
+  kube-controller-manager
+  kube-scheduler
+)
+
 # ---------------------------------------------------------------------------
 # Basic setup functions
 
@@ -553,6 +560,8 @@ function kube::release::package_server_tarballs() {
     # KUBE_SERVER_BINARIES array.
     cp "${KUBE_SERVER_BINARIES[@]/#/${LOCAL_OUTPUT_BINPATH}/${platform}/}" \
       "${release_stage}/server/bin/"
+    
+    kube::release::create_docker_images_for_server "${release_stage}/server/bin";
 
     # Include the client binaries here too as they are useful debugging tools.
     local client_bins=("${KUBE_CLIENT_BINARIES[@]}")
@@ -569,6 +578,30 @@ function kube::release::package_server_tarballs() {
   done
 }
 
+# This will take binaries that run on master and creates Docker images
+# that wrap the binary in them. (One docker image per binary)
+function kube::release::create_docker_images_for_server() {
+  # Create a sub-shell so that we don't pollute the outer environment
+  (
+    local binary_name;
+    for binary_name in "${KUBE_DOCKER_WRAPPED_BINARIES[@]}"; do
+      echo "+++ Building docker image: ${binary_name}";
+      local docker_file_path="$1/Dockerfile";
+      local binary_file_path="$1/${binary_name}";
+      if [ -f ${docker_file_path} ]; then
+        rm ${docker_file_path};
+      fi;
+      printf " FROM scratch \n ADD ${binary_name} /${binary_name} \n ENTRYPOINT [ \"/${binary_name}\" ]\n" >> ${docker_file_path};
+      local md5_sum=$(md5sum ${binary_file_path} | awk '{print $1}')
+      local docker_image_tag=gcr.io/google_containers/$binary_name:$md5_sum
+      docker build -t "${docker_image_tag}" ${1};
+      docker save ${docker_image_tag} > ${1}/${binary_name}.tar;
+      echo $md5_sum > ${1}/${binary_name}.docker_tag;
+      rm ${docker_file_path};
+    done
+  )
+}
+
 # Package up the salt configuration tree.  This is an optional helper to getting
 # a cluster up and running.
 function kube::release::package_salt_tarball() {
diff --git a/cluster/saltbase/install.sh b/cluster/saltbase/install.sh
index 18fb701f287..76795f57848 100755
--- a/cluster/saltbase/install.sh
+++ b/cluster/saltbase/install.sh
@@ -24,6 +24,12 @@ set -o pipefail
 SALT_ROOT=$(dirname "${BASH_SOURCE}")
 readonly SALT_ROOT
 
+readonly KUBE_DOCKER_WRAPPED_BINARIES=(
+      kube-apiserver
+      kube-controller-manager
+      kube-scheduler
+)
+    
 readonly SERVER_BIN_TAR=${1-}
 if [[ -z "$SERVER_BIN_TAR" ]]; then
   echo "!!! No binaries specified"
@@ -60,6 +66,15 @@ tar -xz -C "${KUBE_TEMP}" -f "$1"
 mkdir -p /srv/salt-new/salt/kube-bins
 cp -v "${KUBE_TEMP}/kubernetes/server/bin/"* /srv/salt-new/salt/kube-bins/
 
+kube_bin_dir="/srv/salt-new/salt/kube-bins";
+docker_images_sls_file="/srv/salt-new/pillar/docker-images.sls";
+for docker_file in "${KUBE_DOCKER_WRAPPED_BINARIES[@]}"; do
+  docker load -i "${kube_bin_dir}/${docker_file}.tar";
+  docker_tag=$(cat ${kube_bin_dir}/${docker_file}.docker_tag);
+  sed -i "s/#${docker_file}_docker_tag_value#/${docker_tag}/" "${docker_images_sls_file}";
+done
+
+
 echo "+++ Swapping in new configs"
 for dir in "${SALTDIRS[@]}"; do
   if [[ -d "/srv/$dir" ]]; then
diff --git a/cluster/saltbase/pillar/docker-images.sls b/cluster/saltbase/pillar/docker-images.sls
new file mode 100644
index 00000000000..bad6c0509d9
--- /dev/null
+++ b/cluster/saltbase/pillar/docker-images.sls
@@ -0,0 +1,4 @@
+# This file is populated when kubernetes is built.
+kube-apiserver_docker_tag: #kube-apiserver_docker_tag_value#
+kube-controller-manager_docker_tag: #kube-controller-manager_docker_tag_value#
+kube-scheduler_docker_tag: #kube-scheduler_docker_tag_value#
diff --git a/cluster/saltbase/pillar/top.sls b/cluster/saltbase/pillar/top.sls
index 9e74dfbb880..273eb165f02 100644
--- a/cluster/saltbase/pillar/top.sls
+++ b/cluster/saltbase/pillar/top.sls
@@ -3,4 +3,5 @@ base:
     - mine
     - cluster-params
     - logging
+    - docker-images
     - privilege