diff --git a/apis/management.cattle.io/v3/k8s_defaults.go b/apis/management.cattle.io/v3/k8s_defaults.go
index 2a258a6a..c94d543f 100644
--- a/apis/management.cattle.io/v3/k8s_defaults.go
+++ b/apis/management.cattle.io/v3/k8s_defaults.go
@@ -14,6 +14,11 @@ var (
 		K8sV110: v110SystemImages,
 	}
 
+	// K8sVersionServiceOptions - service options per k8s version
+	K8sVersionServiceOptions = map[string]KubernetesServicesOptions{
+		K8sV110: v110ServiceOptions,
+	}
+
 	// K8SVersionToSystemImages16 - images map for 1.6. Keeping it sepate in case we have to diverge
 	K8SVersionToSystemImages16 = map[string]RKESystemImages{
 		K8sV18:  v18SystemImages,
@@ -136,4 +141,14 @@ var (
 		Tiller:                    "rancher/tiller:v2.8.2",
 		Dashboard:                 "rancher/kubernetes-dashboard-amd64:v1.8.3",
 	}
+
+	// v110 service options
+	v110ServiceOptions = KubernetesServicesOptions{
+		KubeAPI: map[string]string{
+			"tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+		},
+		Kubelet: map[string]string{
+			"tls-cipher-suites": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
+		},
+	}
 )
diff --git a/apis/management.cattle.io/v3/rke_types.go b/apis/management.cattle.io/v3/rke_types.go
index 2b535e0e..68468584 100644
--- a/apis/management.cattle.io/v3/rke_types.go
+++ b/apis/management.cattle.io/v3/rke_types.go
@@ -409,3 +409,16 @@ type FlannelNetworkProvider struct {
 
 type CanalNetworkProvider struct {
 }
+
+type KubernetesServicesOptions struct {
+	// Additional options passed to KubeAPI
+	KubeAPI map[string]string `json:"kubeapi"`
+	// Additional options passed to Kubelet
+	Kubelet map[string]string `json:"kubelet"`
+	// Additional options passed to Kubeproxy
+	Kubeproxy map[string]string `json:"kubeproxy"`
+	// Additional options passed to KubeController
+	KubeController map[string]string `json:"kubeController"`
+	// Additional options passed to Scheduler
+	Scheduler map[string]string `json:"scheduler"`
+}
diff --git a/apis/management.cattle.io/v3/zz_generated_deepcopy.go b/apis/management.cattle.io/v3/zz_generated_deepcopy.go
index 01c6af22..a8c56e1c 100644
--- a/apis/management.cattle.io/v3/zz_generated_deepcopy.go
+++ b/apis/management.cattle.io/v3/zz_generated_deepcopy.go
@@ -388,6 +388,10 @@ func RegisterDeepCopies(scheme *runtime.Scheme) error {
 			in.(*KubeproxyService).DeepCopyInto(out.(*KubeproxyService))
 			return nil
 		}, InType: reflect.TypeOf(&KubeproxyService{})},
+		conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
+			in.(*KubernetesServicesOptions).DeepCopyInto(out.(*KubernetesServicesOptions))
+			return nil
+		}, InType: reflect.TypeOf(&KubernetesServicesOptions{})},
 		conversion.GeneratedDeepCopyFunc{Fn: func(in interface{}, out interface{}, c *conversion.Cloner) error {
 			in.(*ListOpts).DeepCopyInto(out.(*ListOpts))
 			return nil
@@ -3260,6 +3264,57 @@ func (in *KubeproxyService) DeepCopy() *KubeproxyService {
 	return out
 }
 
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *KubernetesServicesOptions) DeepCopyInto(out *KubernetesServicesOptions) {
+	*out = *in
+	if in.KubeAPI != nil {
+		in, out := &in.KubeAPI, &out.KubeAPI
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.Kubelet != nil {
+		in, out := &in.Kubelet, &out.Kubelet
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.Kubeproxy != nil {
+		in, out := &in.Kubeproxy, &out.Kubeproxy
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.KubeController != nil {
+		in, out := &in.KubeController, &out.KubeController
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	if in.Scheduler != nil {
+		in, out := &in.Scheduler, &out.Scheduler
+		*out = make(map[string]string, len(*in))
+		for key, val := range *in {
+			(*out)[key] = val
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesServicesOptions.
+func (in *KubernetesServicesOptions) DeepCopy() *KubernetesServicesOptions {
+	if in == nil {
+		return nil
+	}
+	out := new(KubernetesServicesOptions)
+	in.DeepCopyInto(out)
+	return out
+}
+
 // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
 func (in *ListOpts) DeepCopyInto(out *ListOpts) {
 	*out = *in