diff --git a/roles/kubernetes/node/tasks/gen_tokens.yml b/roles/kubernetes/node/tasks/gen_tokens.yml
index 7d1ce0156..4a60ac254 100644
--- a/roles/kubernetes/node/tasks/gen_tokens.yml
+++ b/roles/kubernetes/node/tasks/gen_tokens.yml
@@ -46,10 +46,3 @@
   register: calico_token
   when: kube_network_plugin == "calico"
   delegate_to: "{{ groups['kube-master'][0] }}"
-
-- name: tokens | Add KUBE_AUTH_TOKEN for calico
-  lineinfile:
-    regexp: "^KUBE_AUTH_TOKEN=.*$"
-    line: "KUBE_AUTH_TOKEN={{ calico_token.content|b64decode }}"
-    dest: "/etc/network-environment"
-  when: kube_network_plugin == "calico"
diff --git a/roles/kubernetes/node/tasks/main.yml b/roles/kubernetes/node/tasks/main.yml
index 54217fd22..a01314f0c 100644
--- a/roles/kubernetes/node/tasks/main.yml
+++ b/roles/kubernetes/node/tasks/main.yml
@@ -42,6 +42,9 @@
     src: manifests/kube-proxy.manifest.j2
     dest: "{{ kube_manifest_dir }}/kube-proxy.manifest"
 
+- name: Write network-environment
+  template: src=network-environment.j2 dest=/etc/network-environment mode=640
+
 - name: Enable kubelet
   service:
     name: kubelet
diff --git a/roles/network_plugin/templates/network-environment.j2 b/roles/kubernetes/node/templates/network-environment.j2
similarity index 84%
rename from roles/network_plugin/templates/network-environment.j2
rename to roles/kubernetes/node/templates/network-environment.j2
index 6173a7a97..20bd60311 100755
--- a/roles/network_plugin/templates/network-environment.j2
+++ b/roles/kubernetes/node/templates/network-environment.j2
@@ -13,11 +13,12 @@ KUBERNETES_MASTER={{ hostvars[groups['kube-master'][0]]['ip'] | default(hostvars
 
 # Location of etcd cluster used by Calico.  By default, this uses the etcd
 # instance running on the Kubernetes Master
-{% if inventory_hostname in groups['etcd'] %}
 ETCD_AUTHORITY="127.0.0.1:2379"
-{% else %}
-ETCD_AUTHORITY="127.0.0.1:23799"
-{% endif %}
+#{% if inventory_hostname in groups['etcd'] %}
+#ETCD_AUTHORITY="127.0.0.1:2379"
+#{% else %}
+#ETCD_AUTHORITY="127.0.0.1:23799"
+#{% endif %}
 
 # The kubernetes-apiserver location - used by the calico plugin
 {% if loadbalancer_apiserver is defined and apiserver_loadbalancer_domain_name is defined %}
@@ -28,3 +29,6 @@ KUBE_API_ROOT=https://{{ hostvars[groups['kube-master'][0]]['ip'] | default(host
 {% else %}
 FLANNEL_ETCD_PREFIX="--etcd-prefix=/{{ cluster_name }}/network"
 {% endif %}
+{% if calico_token is defined | default('') %}
+KUBE_AUTH_TOKEN={{ calico_token.content|b64decode }}
+{% endif %}
diff --git a/roles/network_plugin/tasks/main.yml b/roles/network_plugin/tasks/main.yml
index a5e4c1f59..16a80e096 100644
--- a/roles/network_plugin/tasks/main.yml
+++ b/roles/network_plugin/tasks/main.yml
@@ -4,9 +4,6 @@
   when: ( kube_network_plugin is defined and kube_network_plugin == "calico" and kube_network_plugin == "flannel" ) or
         kube_network_plugin is not defined
 
-- name: Write network-environment
-  template: src=network-environment.j2 dest=/etc/network-environment mode=640
-
 - include: flannel.yml
   when: kube_network_plugin == "flannel"