diff --git a/parts/k8s/addons/ip-masq-agent.yaml b/parts/k8s/addons/ip-masq-agent.yaml
index 83cd71f27f..887d1f41a0 100644
--- a/parts/k8s/addons/ip-masq-agent.yaml
+++ b/parts/k8s/addons/ip-masq-agent.yaml
@@ -18,6 +18,13 @@ spec:
       hostNetwork: true
       nodeSelector:
         beta.kubernetes.io/os: linux
+      tolerations:
+      - key: CriticalAddonsOnly
+        operator: Exists
+      - key: node-role.kubernetes.io/master
+        operator: Equal
+        value: "true"
+        effect: NoSchedule
       containers:
       - name: azure-ip-masq-agent
         image: gcr.io/google-containers/ip-masq-agent-amd64:v2.0.0
diff --git a/test/e2e/kubernetes/kubernetes_test.go b/test/e2e/kubernetes/kubernetes_test.go
index 2c98b404e9..f724b2c148 100644
--- a/test/e2e/kubernetes/kubernetes_test.go
+++ b/test/e2e/kubernetes/kubernetes_test.go
@@ -781,6 +781,27 @@ var _ = Describe("Azure Container Cluster using the Kubernetes Orchestrator", fu
 				Skip("No linux agent was provisioned for this Cluster Definition")
 			}
 		})
+
+		It("should be able to schedule a pod to a master node", func() {
+			By("Creating a pod with master nodeSelector")
+			p, err := pod.CreatePodFromFile(filepath.Join(WorkloadDir, "nginx-master.yaml"), "nginx-master", "default")
+			if err != nil {
+				p, err = pod.Get("nginx-master", "default")
+				Expect(err).NotTo(HaveOccurred())
+			}
+			running, err := p.WaitOnReady(5*time.Second, cfg.Timeout)
+			Expect(err).NotTo(HaveOccurred())
+			Expect(running).To(Equal(true))
+
+			By("validating that master-scheduled pod has outbound internet connectivity")
+			pass, err := p.CheckLinuxOutboundConnection(5*time.Second, cfg.Timeout)
+			Expect(err).NotTo(HaveOccurred())
+			Expect(pass).To(BeTrue())
+
+			By("Cleaning up after ourselves")
+			err = p.Delete(deleteResourceRetries)
+			Expect(err).NotTo(HaveOccurred())
+		})
 	})
 
 	Describe("with a GPU-enabled agent pool", func() {
diff --git a/test/e2e/kubernetes/workloads/nginx-master.yaml b/test/e2e/kubernetes/workloads/nginx-master.yaml
new file mode 100644
index 0000000000..8a23f39957
--- /dev/null
+++ b/test/e2e/kubernetes/workloads/nginx-master.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: nginx-master
+  labels:
+    app: nginx-master
+spec:
+  containers:
+  - image: library/nginx:latest
+    name: nginx-master
+    command:
+      - sleep
+      - "1000000"
+  tolerations:
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/master
+    operator: "Exists"
+  nodeSelector:
+    kubernetes.io/role: master
\ No newline at end of file