diff --git a/jsonnet/kube-prometheus/kube-prometheus.libsonnet b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
index 7dae5f38bd0587b5472f6aef8a4ec9e85aeaedf2..4b0d5a22bf7560bc0d1f6eb684cf1c21602ecb9d 100644
--- a/jsonnet/kube-prometheus/kube-prometheus.libsonnet
+++ b/jsonnet/kube-prometheus/kube-prometheus.libsonnet
@@ -59,12 +59,12 @@ local configMapList = k.core.v1.configMapList;
       'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA',
       'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
       'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
-      'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',
-      'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256',
-      'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',
-      'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384',
-      'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305',
-      'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305',
+      // 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256',   // Doesn't work with h2
+      // 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // Doesn't work with h2
+      // 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384',   // TODO: Might not work with h2
+      // 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', // TODO: Might not work with h2
+      // 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305',    // TODO: Might not work with h2
+      // 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305',  // TODO: Might not work with h2
     ],
 
     cadvisorSelector: 'job="kubelet"',
diff --git a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
index 30a176f51089c47626ea9a565a8ccf8b3ef4682f..2cf7ebbc3e99fd6c6b570e3c54c838d19bde102f 100644
--- a/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
+++ b/jsonnet/kube-prometheus/kube-state-metrics/kube-state-metrics.libsonnet
@@ -134,6 +134,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       local proxyClusterMetrics =
         container.new('kube-rbac-proxy-main', $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy) +
         container.withArgs([
+          '--logtostderr',
           '--secure-listen-address=:8443',
           '--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites),
           '--upstream=http://127.0.0.1:8081/',
diff --git a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
index 7030d2f9073c1d2ec425b005cd1f817c9df52b64..052f8dc63a7a580b31a1a7fda244deb02bf1f81e 100644
--- a/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
+++ b/jsonnet/kube-prometheus/node-exporter/node-exporter.libsonnet
@@ -106,6 +106,7 @@ local k = import 'ksonnet/ksonnet.beta.3/k.libsonnet';
       local proxy =
         container.new('kube-rbac-proxy', $._config.imageRepos.kubeRbacProxy + ':' + $._config.versions.kubeRbacProxy) +
         container.withArgs([
+          '--logtostderr',
           '--secure-listen-address=$(IP):' + $._config.nodeExporter.port,
           '--tls-cipher-suites=' + std.join(',', $._config.tlsCipherSuites),
           '--upstream=http://127.0.0.1:' + $._config.nodeExporter.port + '/',