diff --git a/master.tf b/master.tf
index 9b39ef1..9aba058 100644
--- a/master.tf
+++ b/master.tf
@@ -88,6 +88,15 @@ data "template_file" "kube-apiserver" {
     cloud_provider        = "${var.cloud_provider}"
     oidc_issuer_url       = "${var.oidc_issuer_url}"
     oidc_client_id        = "${var.oidc_client_id}"
+
+    /*
+     * for the list of APIs & resources enabled by default, please see near the
+     * bottom of the file:
+     *   https://github.com/kubernetes/kubernetes/blob/<ref>/pkg/master/master.go
+     *
+     */
+
+    runtime_config = "${join(",", list())}"
   }
 }
 
diff --git a/resources/kube-apiserver.yaml b/resources/kube-apiserver.yaml
index 5dcd79a..63e7009 100644
--- a/resources/kube-apiserver.yaml
+++ b/resources/kube-apiserver.yaml
@@ -25,7 +25,7 @@ spec:
     - --client-ca-file=/etc/kubernetes/ssl/ca.pem
     - --service-account-key-file=/etc/kubernetes/ssl/signing-key.pem
     - --service-account-lookup=true
-    - --runtime-config=extensions/v1beta1=true,extensions/v1beta1/deployments=true,extensions/v1beta1/daemonsets=true,extensions/v1beta1/networkpolicies=true,extensions/v1beta1/thirdpartyresources=true,rbac.authorization.k8s.io/v1beta1=true,batch/v2alpha1=true
+    ${runtime_config == "" ? "" : "- --runtime-config=${runtime_config}"}
     ${cloud_provider == "" ? "" : "- --cloud-provider=${cloud_provider}"}
     - --oidc-issuer-url=${oidc_issuer_url}
     - --oidc-username-claim=email
diff --git a/resources/master-kubelet.service b/resources/master-kubelet.service
index 1ab1de1..798b55d 100644
--- a/resources/master-kubelet.service
+++ b/resources/master-kubelet.service
@@ -26,7 +26,6 @@ ExecStartPre=-/bin/sh -c "docker restart $(docker ps --no-trunc | grep '/hyperku
 ExecStartPre=-/bin/sh -c "docker restart $(docker ps --no-trunc | grep '/hyperkube apiserver' | awk '{ print $1; }')"
 ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet-pod.uuid
 ExecStart=/usr/lib/coreos/kubelet-wrapper \
-  --require-kubeconfig=true \
   --kubeconfig=/var/lib/kubelet/kubeconfig \
   --node-labels=role=master \
   --register-node=true \
diff --git a/resources/worker-kubelet.service b/resources/worker-kubelet.service
index 92182ed..2c7ae65 100644
--- a/resources/worker-kubelet.service
+++ b/resources/worker-kubelet.service
@@ -28,7 +28,6 @@ ExecStartPre=/opt/bin/cfssl-new-cert
 ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/kubelet-pod.uuid
 ExecStart=/usr/lib/coreos/kubelet-wrapper \
   --kubeconfig=/var/lib/kubelet/kubeconfig \
-  --require-kubeconfig=true \
   --node-labels=role=${role} \
   --container-runtime=docker \
   --network-plugin=cni \
diff --git a/variables.tf b/variables.tf
index f250cf3..0aa5da6 100644
--- a/variables.tf
+++ b/variables.tf
@@ -39,7 +39,7 @@ variable "hyperkube_image_url" {
 
 variable "hyperkube_image_tag" {
   description = "The version of the hyperkube image to use."
-  default     = "v1.7.6_coreos.0"
+  default     = "v1.8.1_coreos.0"
 }
 
 variable "cluster_dns" {