diff --git a/prepare-vms/scripts/postprep.rc b/prepare-vms/scripts/postprep.rc
index 3f05dfe3..43c9f9ce 100755
--- a/prepare-vms/scripts/postprep.rc
+++ b/prepare-vms/scripts/postprep.rc
@@ -1,8 +1,9 @@
 pssh -I tee /tmp/settings.yaml < $SETTINGS
 
-pssh sudo apt-get update
-pssh sudo apt-get install -y python-setuptools
-pssh sudo easy_install pyyaml
+pssh "
+	sudo apt-get update &&
+	sudo apt-get install -y python-setuptools &&
+	sudo easy_install pyyaml"
 
 pssh -I tee /tmp/postprep.py <<EOF
 #!/usr/bin/env python
@@ -45,9 +46,8 @@ def system(cmd):
     with open("/home/ubuntu/.bash_history", "a") as f:
         f.write("{}\n".format(cmd))
     if retcode != 0:
-        msg = "The following command failed:\n"
+        msg = "The following command failed with exit code {}:\n".format(retcode)
         msg+= cmd
-        msg+= "Exit code {} not in {}.".format(retcode, ok_codes)
         raise(Exception(msg))
 
 
@@ -63,7 +63,7 @@ system("curl --silent {} > /tmp/ipv4".format(ipv4_retrieval_endpoint))
 ipv4 = open("/tmp/ipv4").read()
 
 # Add a "docker" user with password "training"
-system("sudo useradd -d /home/docker -m -s /bin/bash docker")
+system("id docker || sudo useradd -d /home/docker -m -s /bin/bash docker")
 system("echo docker:training | sudo chpasswd")
 
 # Helper for Docker prompt.
@@ -192,13 +192,86 @@ fi
 pssh --timeout 900 --send-input "python /tmp/postprep.py >>/tmp/pp.out 2>>/tmp/pp.err" < $IPS_FILE
 
 # If /home/docker/.ssh/id_rsa doesn't exist, copy it from node1
-pssh "sudo -u docker [ -f /home/docker/.ssh/id_rsa ] || ssh -o StrictHostKeyChecking=no node1 sudo -u docker tar -C /home/docker -cvf- .ssh | sudo -u docker tar -C /home/docker -xf-"
+pssh "
+	sudo -u docker [ -f /home/docker/.ssh/id_rsa ] ||
+	ssh -o StrictHostKeyChecking=no node1 sudo -u docker tar -C /home/docker -cvf- .ssh |
+	sudo -u docker tar -C /home/docker -xf-"
 
 # if 'docker@' doesn't appear in /home/docker/.ssh/authorized_keys, copy it there
-pssh "grep docker@ /home/docker/.ssh/authorized_keys \
-    || cat /home/docker/.ssh/id_rsa.pub \
-        | sudo -u docker tee -a /home/docker/.ssh/authorized_keys"
+pssh "
+	grep docker@ /home/docker/.ssh/authorized_keys ||
+	cat /home/docker/.ssh/id_rsa.pub |
+	sudo -u docker tee -a /home/docker/.ssh/authorized_keys"
 
 # On node1, create and deploy TLS certs using Docker Machine
-#pssh "if grep -q node1 /tmp/node; then grep ' node' /etc/hosts | xargs -n2 sudo -H -u docker docker-machine create -d generic --generic-ssh-user docker --generic-ip-address; fi"
+true || pssh "
+	if grep -q node1 /tmp/node; then
+		grep ' node' /etc/hosts | 
+		xargs -n2 sudo -H -u docker \
+		docker-machine create -d generic --generic-ssh-user docker --generic-ip-address
+	fi"
 
+### Kubernetes cluster setup below ###
+
+_setup_kubernetes_ () {
+
+# Install packages
+pssh "
+	curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg |
+	sudo apt-key add - &&
+	echo deb http://apt.kubernetes.io/ kubernetes-xenial main |
+	sudo tee /etc/apt/sources.list.d/kubernetes.list"
+pssh "
+	sudo apt-get update -q &&
+	sudo apt-get install -qy kubelet kubeadm kubectl"
+
+# Work around https://github.com/kubernetes/kubernetes/issues/53356
+pssh "
+	if [ ! -f /etc/kubernetes/kubelet.conf ]; then
+		sudo systemctl stop kubelet
+		sudo rm -rf /var/lib/kubelet/pki
+	fi"
+
+# Initialize kube master
+pssh "
+	if grep -q node1 /tmp/node && [ ! -f /etc/kubernetes/admin.conf ]; then
+		sudo kubeadm init
+	fi"
+
+# Put kubeconfig in ubuntu's and docker's accounts
+pssh "
+	if grep -q node1 /tmp/node; then
+		sudo mkdir -p \$HOME/.kube /home/docker/.kube &&
+		sudo cp /etc/kubernetes/admin.conf \$HOME/.kube/config &&
+		sudo cp /etc/kubernetes/admin.conf /home/docker/.kube/config &&
+		sudo chown -R \$(id -u) \$HOME/.kube &&
+		sudo chown -R docker /home/docker/.kube
+	fi"
+
+# Get bootstrap token
+pssh "
+	if grep -q node1 /tmp/node; then
+		TOKEN_NAME=\$(kubectl -n kube-system get secret -o name | grep bootstrap-token)
+		TOKEN_ID=\$(kubectl -n kube-system get \$TOKEN_NAME -o go-template --template '{{ index .data \"token-id\" }}' | base64 -d)
+		TOKEN_SECRET=\$(kubectl -n kube-system get \$TOKEN_NAME -o go-template --template '{{ index .data \"token-secret\" }}' | base64 -d)
+		echo \$TOKEN_ID.\$TOKEN_SECRET >/tmp/token
+	fi"
+
+# Install weave as the pod network
+pssh "
+	if grep -q node1 /tmp/node; then
+		kubever=\$(kubectl version | base64 | tr -d '\n')
+		kubectl apply -f https://cloud.weave.works/k8s/net?k8s-version=\$kubever
+	fi"
+
+# Join the other nodes to the cluster
+pssh "
+	if ! grep -q node1 /tmp/node && [ ! -f /etc/kubernetes/kubelet.conf ]; then
+		TOKEN=\$(ssh -o StrictHostKeyChecking=no node1 cat /tmp/token)
+		sudo kubeadm join --token \$TOKEN node1:6443
+	fi"
+
+}
+
+# Just uncomment that line to enable kubernetes provisioning!
+#_setup_kubernetes_
\ No newline at end of file