diff --git a/cluster/addons/calico-policy-controller/calico-clusterrole.yaml b/cluster/addons/calico-policy-controller/calico-clusterrole.yaml
index 35508b2a66d..0e3f406091e 100644
--- a/cluster/addons/calico-policy-controller/calico-clusterrole.yaml
+++ b/cluster/addons/calico-policy-controller/calico-clusterrole.yaml
@@ -36,6 +36,7 @@ rules:
       - get
       - list
       - watch
+      - patch
   - apiGroups: [""]
     resources:
       - nodes
@@ -51,17 +52,28 @@ rules:
       - get
       - list
       - watch
+  - apiGroups: ["networking.k8s.io"]
+    resources:
+      - networkpolicies
+    verbs:
+      - watch
+      - list
   - apiGroups: ["crd.projectcalico.org"]
     resources:
       - globalfelixconfigs
+      - felixconfigurations
+      - bgppeers
       - globalbgpconfigs
+      - bgpconfigurations
       - ippools
       - globalnetworkpolicies
+      - globalnetworksets
+      - networkpolicies
+      - clusterinformations
+      - hostendpoints
     verbs:
       - create
       - get
       - list
       - update
-      - patch
-      - delete
       - watch
diff --git a/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml b/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml
index 27a2ece72fb..96440e74d85 100644
--- a/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml
+++ b/cluster/addons/calico-policy-controller/calico-node-daemonset.yaml
@@ -41,18 +41,22 @@ spec:
               value: "none"
             - name: DATASTORE_TYPE
               value: "kubernetes"
-            - name: FELIX_TYPHAK8SSERVICENAME
-              value: "calico-typha"
             - name: FELIX_DEFAULTENDPOINTTOHOSTACTION
               value: "ACCEPT"
+            - name: FELIX_HEALTHENABLED
+              value: "true"
             - name: FELIX_IPV6SUPPORT
               value: "false"
             - name: FELIX_LOGSEVERITYSYS
               value: "none"
+            - name: FELIX_LOGSEVERITYSCREEN
+              value: "info"
             - name: FELIX_PROMETHEUSMETRICSENABLED
               value: "true"
-            - name: FELIX_HEALTHENABLED
-              value: "true"
+            - name: FELIX_REPORTINGINTERVALSECS
+              value: "0"
+            - name: FELIX_TYPHAK8SSERVICENAME
+              value: "calico-typha"
             - name: IP
               value: ""
             - name: NO_DEFAULT_POOLS
@@ -84,6 +88,12 @@ spec:
             - mountPath: /etc/calico
               name: etc-calico
               readOnly: true
+            - mountPath: /var/run/calico
+              name: var-run-calico
+              readOnly: false
+            - mountPath: /var/lib/calico
+              name: var-lib-calico
+              readOnly: false
         # This container installs the Calico CNI binaries
         # and CNI network config file on each node.
         - name: install-cni
@@ -149,6 +159,12 @@ spec:
         - name: cni-net-dir
           hostPath:
             path: /etc/cni/net.d
+        - name: var-run-calico
+          hostPath:
+            path: /var/run/calico
+        - name: var-lib-calico
+          hostPath:
+            path: /var/lib/calico
       tolerations:
         # Make sure calico/node gets scheduled on all nodes.
         - effect: NoSchedule
diff --git a/cluster/addons/calico-policy-controller/clusterinformations-crd.yaml b/cluster/addons/calico-policy-controller/clusterinformations-crd.yaml
new file mode 100644
index 00000000000..6809b8db2be
--- /dev/null
+++ b/cluster/addons/calico-policy-controller/clusterinformations-crd.yaml
@@ -0,0 +1,15 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: clusterinformations.crd.projectcalico.org
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: ClusterInformation
+    plural: clusterinformations
+    singular: clusterinformation
diff --git a/cluster/addons/calico-policy-controller/felixconfigurations-crd.yaml b/cluster/addons/calico-policy-controller/felixconfigurations-crd.yaml
new file mode 100644
index 00000000000..e76badcf327
--- /dev/null
+++ b/cluster/addons/calico-policy-controller/felixconfigurations-crd.yaml
@@ -0,0 +1,15 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: felixconfigurations.crd.projectcalico.org
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: FelixConfiguration
+    plural: felixconfigurations
+    singular: felixconfiguration
diff --git a/cluster/addons/calico-policy-controller/globalnetworksets-crd.yaml b/cluster/addons/calico-policy-controller/globalnetworksets-crd.yaml
new file mode 100644
index 00000000000..53465397360
--- /dev/null
+++ b/cluster/addons/calico-policy-controller/globalnetworksets-crd.yaml
@@ -0,0 +1,15 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: globalnetworksets.crd.projectcalico.org
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: GlobalNetworkSet
+    plural: globalnetworksets
+    singular: globalnetworkset
diff --git a/cluster/addons/calico-policy-controller/hostendpoints-crd.yaml b/cluster/addons/calico-policy-controller/hostendpoints-crd.yaml
new file mode 100644
index 00000000000..6da4d9789c7
--- /dev/null
+++ b/cluster/addons/calico-policy-controller/hostendpoints-crd.yaml
@@ -0,0 +1,15 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: hostendpoints.crd.projectcalico.org
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+spec:
+  scope: Cluster
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: HostEndpoint
+    plural: hostendpoints
+    singular: hostendpoint
diff --git a/cluster/addons/calico-policy-controller/networkpolicies-crd.yaml b/cluster/addons/calico-policy-controller/networkpolicies-crd.yaml
new file mode 100644
index 00000000000..a225569078c
--- /dev/null
+++ b/cluster/addons/calico-policy-controller/networkpolicies-crd.yaml
@@ -0,0 +1,15 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: networkpolicies.crd.projectcalico.org
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+spec:
+  scope: Namespaced
+  group: crd.projectcalico.org
+  version: v1
+  names:
+    kind: NetworkPolicy
+    plural: networkpolicies
+    singular: networkpolicy
diff --git a/cluster/addons/calico-policy-controller/typha-deployment.yaml b/cluster/addons/calico-policy-controller/typha-deployment.yaml
index f4c9ba82fc1..ebc6d6dbafc 100644
--- a/cluster/addons/calico-policy-controller/typha-deployment.yaml
+++ b/cluster/addons/calico-policy-controller/typha-deployment.yaml
@@ -44,6 +44,8 @@ spec:
             value: "9093"
           - name: TYPHA_DATASTORETYPE
             value: "kubernetes"
+          - name: TYPHA_REPORTINGINTERVALSECS
+            value: "0"
           - name: TYPHA_MAXCONNECTIONSLOWERLIMIT
             value: "1"
           - name: TYPHA_HEALTHENABLED
diff --git a/cluster/addons/calico-policy-controller/typha-vertical-autoscaler-clusterrole.yaml b/cluster/addons/calico-policy-controller/typha-vertical-autoscaler-clusterrole.yaml
new file mode 100644
index 00000000000..51751613bcd
--- /dev/null
+++ b/cluster/addons/calico-policy-controller/typha-vertical-autoscaler-clusterrole.yaml
@@ -0,0 +1,14 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: typha-cpva
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+rules:
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["list"]
+  - apiGroups: ["apps", "extensions"]
+    resources: ["deployments"]
+    verbs: ["patch"]
diff --git a/cluster/addons/calico-policy-controller/typha-vertical-autoscaler-clusterrolebinding.yaml b/cluster/addons/calico-policy-controller/typha-vertical-autoscaler-clusterrolebinding.yaml
new file mode 100644
index 00000000000..327965cdcbd
--- /dev/null
+++ b/cluster/addons/calico-policy-controller/typha-vertical-autoscaler-clusterrolebinding.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: typha-cpva
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: typha-cpva
+subjects:
+  - kind: ServiceAccount
+    name: typha-cpva
+    namespace: kube-system
diff --git a/cluster/addons/calico-policy-controller/typha-vertical-autoscaler-serviceaccount.yaml b/cluster/addons/calico-policy-controller/typha-vertical-autoscaler-serviceaccount.yaml
new file mode 100644
index 00000000000..bf9a72359dc
--- /dev/null
+++ b/cluster/addons/calico-policy-controller/typha-vertical-autoscaler-serviceaccount.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: typha-cpva
+  namespace: kube-system
+  labels:
+    kubernetes.io/cluster-service: "true"
+    addonmanager.kubernetes.io/mode: Reconcile