diff --git a/kubernetes/files/kube-addons/contrail/contrail.yaml b/kubernetes/files/kube-addons/contrail/contrail.yaml
index 5d5ca58..ebee90f 100644
--- a/kubernetes/files/kube-addons/contrail/contrail.yaml
+++ b/kubernetes/files/kube-addons/contrail/contrail.yaml
@@ -50,6 +50,11 @@
         image: docker-prod-local.artifactory.mirantis.com/opencontrail-oc40/opencontrail-controller:{{ common.addons.get('contrail',{}).get('contrail_version',"latest") }}
         securityContext:
           privileged: true
+        env:
+        - name: CONTRAIL_UID
+          value: {{ salt['user.info']('contrail').get('uid', 0) }}
+        - name: CONTRAIL_GID
+          value: {{ salt['group.info']('contrail').get('gid', 0) }}
         lifecycle:
           postStart:
             exec:
@@ -81,12 +86,21 @@
           mountPath: /etc/zookeeper/conf/zoo.cfg
         - name: etc-zookeeper-conf-log4j-properties
           mountPath: /etc/zookeeper/conf/log4j.properties
+        - name: contrail-logs
+          mountPath: /var/log/contrail
+        - name: journal-controller
+          mountPath: /var/log/journal
 
 
       - name: opencontrail-analyticsdb
         image: docker-prod-local.artifactory.mirantis.com/opencontrail-oc40/opencontrail-analyticsdb:{{ common.addons.get('contrail',{}).get('contrail_version',"latest") }}
         securityContext:
           privileged: true
+        env:
+        - name: CONTRAIL_UID
+          value: {{ salt['user.info']('contrail').get('uid', 0) }}
+        - name: CONTRAIL_GID
+          value: {{ salt['group.info']('contrail').get('gid', 0) }}
         volumeMounts:
         - name: etc-contrail
           mountPath: /etc/contrail
@@ -114,6 +128,10 @@
           mountPath: /etc/zookeeper/conf/zoo.cfg
         - name: etc-zookeeper-conf-log4j-properties
           mountPath: /etc/zookeeper/conf/log4j.properties
+        - name: contrail-logs
+          mountPath: /var/log/contrail
+        - name: journal-analyticsdb
+          mountPath: /var/log/journal
 
       - name: opencontrail-analytics
         image: docker-prod-local.artifactory.mirantis.com/opencontrail-oc40/opencontrail-analytics:{{ common.addons.get('contrail',{}).get('contrail_version',"latest") }}
@@ -122,8 +140,17 @@
           mountPath: /etc/contrail
         - name: etc-redis-redis-conf
           mountPath: /etc/redis/redis.conf
+        - name: contrail-logs
+          mountPath: /var/log/contrail
+        - name: journal-analytics
+          mountPath: /var/log/journal
         securityContext:
           privileged: true
+        env:
+        - name: CONTRAIL_UID
+          value: {{ salt['user.info']('contrail').get('uid', 0) }}
+        - name: CONTRAIL_GID
+          value: {{ salt['group.info']('contrail').get('gid', 0) }}
 
       volumes:
       # analytics / analyticsdb / controller /
@@ -131,6 +158,10 @@
         hostPath:
           path: /etc/contrail
           type: Directory
+      - name: contrail-logs
+        hostPath:
+          path: /var/log/contrail
+          type: Directory
 
       # controller
       - name: var-lib-configdb
@@ -153,6 +184,10 @@
         hostPath:
           path: /etc/zookeeper/conf/zoo.cfg
           type: File
+      - name: journal-controller
+        hostPath:
+          path:  /var/log/journal/contrail-controller
+          type: DirectoryOrCreate
 
       # analyticsdb
       - name: etc-cassandra-cassandra-env-analytics-sh
@@ -203,12 +238,20 @@
         hostPath:
           path: /etc/zookeeper/conf/log4j.properties
           type: File
+      - name: journal-analyticsdb
+        hostPath:
+          path:  /var/log/journal/contrail-analyticsdb
+          type: DirectoryOrCreate
 
       # analytics
       - name: etc-redis-redis-conf
         hostPath:
           path: /etc/redis/redis.conf
           type: File
+      - name: journal-analytics
+        hostPath:
+          path:  /var/log/journal/contrail-analytics
+          type: DirectoryOrCreate
 
       nodeSelector:
         "node-role.kubernetes.io/master": "true"
diff --git a/kubernetes/files/kube-addons/contrail/kube-manager.yaml b/kubernetes/files/kube-addons/contrail/kube-manager.yaml
index 3004649..00e8d61 100644
--- a/kubernetes/files/kube-addons/contrail/kube-manager.yaml
+++ b/kubernetes/files/kube-addons/contrail/kube-manager.yaml
@@ -24,6 +24,11 @@
         image: docker-prod-local.artifactory.mirantis.com/opencontrail-oc40/opencontrail-kube-manager:{{ common.addons.get('contrail',{}).get('contrail_version',"latest") }}
         securityContext:
           privileged: true
+        env:
+        - name: CONTRAIL_UID
+          value: {{ salt['user.info']('contrail').get('uid', 0) }}
+        - name: CONTRAIL_GID
+          value: {{ salt['group.info']('contrail').get('gid', 0) }}
         lifecycle:
           postStart:
             exec:
@@ -40,6 +45,10 @@
           mountPath: /etc/kubernetes
         - name: etc-contrail
           mountPath: /etc/contrail
+        - name: contrail-logs
+          mountPath: /var/log/contrail
+        - name: journal-kube-manager
+          mountPath: /var/log/journal
 
       volumes:
       - name: etc-kubernetes
@@ -50,6 +59,13 @@
         hostPath:
           path: /etc/contrail
           type: Directory
+      - name: contrail-logs
+        hostPath:
+          path: /var/log/contrail
+      - name: journal-kube-manager
+        hostPath:
+          path:  /var/log/journal/contrail-kube-manager
+          type: DirectoryOrCreate
 
       nodeSelector:
         "node-role.kubernetes.io/master": "true"
diff --git a/kubernetes/files/kube-addons/dns/kubedns-rc.yaml b/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
index 8090402..febb3cf 100644
--- a/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
+++ b/kubernetes/files/kube-addons/dns/kubedns-rc.yaml
@@ -156,3 +156,8 @@
             cpu: 10m
       dnsPolicy: Default  # Don't use cluster DNS.
       serviceAccountName: kube-dns
+      {%- if salt['pillar.get']('kubernetes').get('master', {}).get('network', {}).get('opencontrail', {}).get('enabled', false) %}
+      tolerations:
+      - effect: NoSchedule
+        key: node-role.kubernetes.io/node
+      {%- endif %}