diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index d184fb9b4..49abb1d03 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -139,6 +139,9 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address')
 ## to self hosted registries like so:
 docker_options: "--insecure-registry={{ kube_service_addresses }}"
 
+# K8s image pull policy (imagePullPolicy)
+k8s_image_pull_policy: IfNotPresent
+
 # default packages to install within the cluster
 kpm_packages: []
 #  - name: kube-system/grafana
diff --git a/roles/dnsmasq/templates/dnsmasq-ds.yml b/roles/dnsmasq/templates/dnsmasq-ds.yml
index 49223124e..50cea23c5 100644
--- a/roles/dnsmasq/templates/dnsmasq-ds.yml
+++ b/roles/dnsmasq/templates/dnsmasq-ds.yml
@@ -15,6 +15,7 @@ spec:
       containers:
         - name: dnsmasq
           image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}"
+          imagePullPolicy: {{ k8s_image_pull_policy }}
           command:
             - dnsmasq
           args:
diff --git a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2 b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
index 1a45e023b..469060278 100644
--- a/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/calico-policy-controller.yml.j2
@@ -24,6 +24,7 @@ spec:
       containers:
         - name: calico-policy-controller
           image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}
+          imagePullPolicy: {{ k8s_image_pull_policy }}
           env:
             - name: ETCD_ENDPOINTS
               value: "{{ etcd_access_endpoint }}"
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml b/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
index ed38d671d..fc29a0942 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-rc.yml
@@ -22,6 +22,7 @@ spec:
       containers:
       - name: kubedns
         image: "{{ kubedns_image_repo }}:{{ kubedns_image_tag }}"
+        imagePullPolicy: {{ k8s_image_pull_policy }}
         resources:
           # TODO: Set memory limits when we've profiled the container for large
           # clusters, then set request = limit to keep this container in
@@ -64,6 +65,7 @@ spec:
           protocol: TCP
       - name: dnsmasq
         image: "{{ kubednsmasq_image_repo }}:{{ kubednsmasq_image_tag }}"
+        imagePullPolicy: {{ k8s_image_pull_policy }}
         args:
         - --log-facility=-
         - --cache-size=1000
@@ -78,6 +80,7 @@ spec:
           protocol: TCP
       - name: healthz
         image: "{{ exechealthz_image_repo }}:{{ exechealthz_image_tag }}"
+        imagePullPolicy: {{ k8s_image_pull_policy }}
         resources:
           # keep request = limit to keep this container in guaranteed class
           limits:
diff --git a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
index 77b8dde63..d5eb2266e 100644
--- a/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-apiserver.manifest.j2
@@ -10,6 +10,7 @@ spec:
   containers:
   - name: kube-apiserver
     image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+    imagePullPolicy: {{ k8s_image_pull_policy }}
     command:
     - /hyperkube
     - apiserver
diff --git a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
index a528f361e..02d386618 100644
--- a/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-controller-manager.manifest.j2
@@ -10,6 +10,7 @@ spec:
   containers:
   - name: kube-controller-manager
     image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+    imagePullPolicy: {{ k8s_image_pull_policy }}
     command:
     - /hyperkube
     - controller-manager
diff --git a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2 b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
index 15a705937..853e616fc 100644
--- a/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
+++ b/roles/kubernetes/master/templates/manifests/kube-scheduler.manifest.j2
@@ -10,6 +10,7 @@ spec:
   containers:
   - name: kube-scheduler
     image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+    imagePullPolicy: {{ k8s_image_pull_policy }}
     command:
     - /hyperkube
     - scheduler
diff --git a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
index 86d1e6f9e..422507acf 100644
--- a/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/kube-proxy.manifest.j2
@@ -10,6 +10,7 @@ spec:
   containers:
   - name: kube-proxy
     image: {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+    imagePullPolicy: {{ k8s_image_pull_policy }}
     command:
     - /hyperkube
     - proxy
diff --git a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2 b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
index 8e5dfcc11..0930ee61e 100644
--- a/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
+++ b/roles/kubernetes/node/templates/manifests/nginx-proxy.manifest.j2
@@ -10,6 +10,7 @@ spec:
   containers:
   - name: nginx-proxy
     image: {{ nginx_image_repo }}:{{ nginx_image_tag }}
+    imagePullPolicy: {{ k8s_image_pull_policy }}
     securityContext:
       privileged: true
     volumeMounts:
diff --git a/roles/network_plugin/canal/templates/canal-node.yml.j2 b/roles/network_plugin/canal/templates/canal-node.yml.j2
index 4fbb8bc14..f73fae9bd 100644
--- a/roles/network_plugin/canal/templates/canal-node.yml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yml.j2
@@ -48,6 +48,7 @@ spec:
         # container hosts.
         - name: flannel
           image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
+          imagePullPolicy: {{ k8s_image_pull_policy }}
           env:
             # Cluster name
             - name: CLUSTER_NAME
@@ -117,6 +118,7 @@ spec:
         # host.
         - name: calico-node
           image: "{{ calico_node_image_repo }}:{{ calico_node_image_tag }}"
+          imagePullPolicy: {{ k8s_image_pull_policy }}
           env:
             # The location of the etcd cluster.
             - name: ETCD_ENDPOINTS
diff --git a/roles/network_plugin/flannel/templates/flannel-pod.yml b/roles/network_plugin/flannel/templates/flannel-pod.yml
index 74a935bf1..70b62e9ac 100644
--- a/roles/network_plugin/flannel/templates/flannel-pod.yml
+++ b/roles/network_plugin/flannel/templates/flannel-pod.yml
@@ -18,6 +18,7 @@
     containers:
       - name: "flannel-container"
         image: "{{ flannel_image_repo }}:{{ flannel_image_tag }}"
+        imagePullPolicy: {{ k8s_image_pull_policy }}
         command:
           - "/bin/sh"
           - "-c"