diff --git a/upup/models/cloudup/resources/addons/networking.kuberouter/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/networking.kuberouter/k8s-1.12.yaml.template
index af6e186d14449..d989b522e510c 100644
--- a/upup/models/cloudup/resources/addons/networking.kuberouter/k8s-1.12.yaml.template
+++ b/upup/models/cloudup/resources/addons/networking.kuberouter/k8s-1.12.yaml.template
@@ -1,4 +1,4 @@
-# Pulled and modified from https://github.com/cloudnativelabs/kube-router/blob/v0.3.1/daemonset/generic-kuberouter-all-features.yaml
+# Pulled and modified from https://github.com/cloudnativelabs/kube-router/blob/v0.4.0/daemonset/generic-kuberouter-all-features.yaml
 
 ---
 apiVersion: v1
@@ -45,12 +45,12 @@ spec:
       labels:
         k8s-app: kube-router
         tier: node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
+      serviceAccountName: kube-router
       containers:
       - name: kube-router
-        image: cloudnativelabs/kube-router:v0.3.1
+        image: docker.io/cloudnativelabs/kube-router:v0.4.0
         args:
         - --run-router=true
         - --run-firewall=true
@@ -82,9 +82,6 @@ spec:
           readOnly: true
         - name: cni-conf-dir
           mountPath: /etc/cni/net.d
-        - name: kubeconfig
-          mountPath: /var/lib/kube-router/kubeconfig
-          readOnly: true
       initContainers:
       - name: install-cni
         image: busybox
@@ -101,28 +98,27 @@ spec:
             mv ${TMP} /etc/cni/net.d/10-kuberouter.conflist;
           fi
         volumeMounts:
-        - name: cni-conf-dir
-          mountPath: /etc/cni/net.d
-        - name: kube-router-cfg
-          mountPath: /etc/kube-router
+        - mountPath: /etc/cni/net.d
+          name: cni-conf-dir
+        - mountPath: /etc/kube-router
+          name: kube-router-cfg
       hostNetwork: true
-      priorityClassName: system-node-critical
-      serviceAccountName: kube-router
       tolerations:
       - key: CriticalAddonsOnly
         operator: Exists
       - effect: NoSchedule
+        key: node-role.kubernetes.io/master
+        operator: Exists
+      - effect: NoSchedule
+        key: node.kubernetes.io/not-ready
         operator: Exists
       volumes:
-      - hostPath:
+      - name: lib-modules
+        hostPath:
           path: /lib/modules
-        name: lib-modules
-      - hostPath:
-          path: /etc/cni/net.d
-        name: cni-conf-dir
-      - name: kubeconfig
+      - name: cni-conf-dir
         hostPath:
-          path: /var/lib/kube-router/kubeconfig
+          path: /etc/cni/net.d
       - name: kube-router-cfg
         configMap:
           name: kube-router-cfg
@@ -133,14 +129,14 @@ metadata:
   name: kube-router
   namespace: kube-system
 ---
-# Kube-router roles
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: kube-router
   namespace: kube-system
 rules:
-  - apiGroups: [""]
+- apiGroups:
+  - ""
     resources:
       - namespaces
       - pods
@@ -148,17 +144,19 @@ rules:
       - nodes
       - endpoints
     verbs:
-      - get
       - list
+  - get
       - watch
-  - apiGroups: ["networking.k8s.io"]
+- apiGroups:
+  - "networking.k8s.io"
     resources:
       - networkpolicies
     verbs:
+  - list
       - get
-      - list
       - watch
-  - apiGroups: ["extensions"]
+- apiGroups:
+  - extensions
     resources:
       - networkpolicies
     verbs:
@@ -178,5 +176,3 @@ subjects:
 - kind: ServiceAccount
   name: kube-router
   namespace: kube-system
-- kind: User
-  name: system:kube-router
diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
index 6a0d253154f52..c5e0c8106147c 100644
--- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
+++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
@@ -795,7 +795,10 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons {
 
 	if b.cluster.Spec.Networking.Kuberouter != nil {
 		key := "networking.kuberouter"
-		version := "0.3.1-kops.3"
+		versions := map[string]string{
+			"k8s-1.6":  "3.1.0-kops.3",
+			"k8s-1.12": "0.4.0-kops.1",
+		}
 
 		{
 			location := key + "/k8s-1.6.yaml"
@@ -803,7 +806,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons {
 
 			addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{
 				Name:              fi.String(key),
-				Version:           fi.String(version),
+				Version:           fi.String(versions[id]),
 				Selector:          networkingSelector,
 				Manifest:          fi.String(location),
 				KubernetesVersion: "<1.12.0",
@@ -817,7 +820,7 @@ func (b *BootstrapChannelBuilder) buildAddons() *channelsapi.Addons {
 
 			addons.Spec.Addons = append(addons.Spec.Addons, &channelsapi.AddonSpec{
 				Name:              fi.String(key),
-				Version:           fi.String(version),
+				Version:           fi.String(versions[id]),
 				Selector:          networkingSelector,
 				Manifest:          fi.String(location),
 				KubernetesVersion: ">=1.12.0",