diff --git a/contrib/ansible/group_vars/all.yml b/contrib/ansible/group_vars/all.yml
index 89ffd8090f8..b4a087c705e 100644
--- a/contrib/ansible/group_vars/all.yml
+++ b/contrib/ansible/group_vars/all.yml
@@ -14,6 +14,14 @@ cluster_name: kube.local
 # If a password is needed to sudo to root that password must be set here
 #ansible_sudo_pass: password
 
+# A list of insecure registrys you night need to define
+insecure_registrys:
+#  - "gcr.io"
+
+# If you need a proxy for the docker daemon define these here
+#http_proxy: "http://proxy.example.com:3128"
+#https_proxy: "http://proxy.example.com:3128"
+
 # Kubernetes internal network for services.
 # Kubernetes services will get fake IP addresses from this range.
 # This range must not conflict with anything in your infrastructure. These
diff --git a/contrib/ansible/roles/docker/defaults/main.yml b/contrib/ansible/roles/docker/defaults/main.yml
new file mode 100644
index 00000000000..8a4bbb922a5
--- /dev/null
+++ b/contrib/ansible/roles/docker/defaults/main.yml
@@ -0,0 +1 @@
+no_proxy: "localhost,127.0.0.0/8,::1,/var/run/docker.sock"
\ No newline at end of file
diff --git a/contrib/ansible/roles/docker/handlers/main.yml b/contrib/ansible/roles/docker/handlers/main.yml
new file mode 100644
index 00000000000..43016e002a2
--- /dev/null
+++ b/contrib/ansible/roles/docker/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart docker
+  service: name=docker state=restarted
diff --git a/contrib/ansible/roles/docker/tasks/generic-install.yml b/contrib/ansible/roles/docker/tasks/generic-install.yml
new file mode 100644
index 00000000000..694d54db591
--- /dev/null
+++ b/contrib/ansible/roles/docker/tasks/generic-install.yml
@@ -0,0 +1,6 @@
+---
+- name: Generic | Install Docker
+  action: "{{ ansible_pkg_mgr }}"
+  args:
+    name: docker
+    state: latest
diff --git a/contrib/ansible/roles/docker/tasks/main.yml b/contrib/ansible/roles/docker/tasks/main.yml
new file mode 100644
index 00000000000..86e8d115982
--- /dev/null
+++ b/contrib/ansible/roles/docker/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+- include: generic-install.yml
+  when: not is_atomic
+
+- name: Turn down docker logging
+  lineinfile: dest=/etc/sysconfig/docker regexp=^OPTIONS= line=OPTIONS="--selinux-enabled --log-level=warn"
+  notify:
+    - restart docker
+
+- name: Install http_proxy into docker-network
+  lineinfile: dest=/etc/sysconfig/docker-network regexp=^HTTP_PROXY= line=HTTP_PROXY="{{ http_proxy }}"
+  when: http_proxy is defined
+  notify:
+    - restart docker
+
+- name: Install https_proxy into docker-network
+  lineinfile: dest=/etc/sysconfig/docker-network regexp=^HTTPS_PROXY= line=HTTPS_PROXY="{{ https_proxy }}"
+  when: https_proxy is defined
+  notify:
+    - restart docker
+
+- name: Install no-proxy into docker-network
+  lineinfile: dest=/etc/sysconfig/docker-network regexp=^NO_PROXY= line=NO_PROXY="{{ no_proxy }}"
+  when: no_proxy is defined
+  notify:
+    - restart docker
+
+- name: Add any insecure registrys to docker config
+  lineinfile: dest=/etc/sysconfig/docker regexp=^INSECURE_REGISTRY= line=INSECURE_REGISTRY='{% for reg in insecure_registrys %}--insecure-registry="{{ reg }}" {% endfor %}'
+  when: insecure_registrys is defined and insecure_registrys > 0
+  notify:
+    - restart docker
+
+- name: Enable Docker
+  service: name=docker enabled=yes state=started
diff --git a/contrib/ansible/roles/master/meta/main.yml b/contrib/ansible/roles/master/meta/main.yml
new file mode 100644
index 00000000000..ca127c83f59
--- /dev/null
+++ b/contrib/ansible/roles/master/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+    - { role: common }
+    - { role: kubernetes }
diff --git a/contrib/ansible/roles/node/meta/main.yml b/contrib/ansible/roles/node/meta/main.yml
new file mode 100644
index 00000000000..be654b3de8a
--- /dev/null
+++ b/contrib/ansible/roles/node/meta/main.yml
@@ -0,0 +1,4 @@
+---
+dependencies:
+    - { role: docker }
+    - { role: kubernetes }