diff --git a/roles/kubernetes/base/tasks/main.yml b/roles/kubernetes/base/tasks/main.yml
index 16f0bc0..063f42f 100644
--- a/roles/kubernetes/base/tasks/main.yml
+++ b/roles/kubernetes/base/tasks/main.yml
@@ -1,6 +1,7 @@
 ---
 
 ### tags:
+###   base
 
 - name: Install dependencies
   ansible.builtin.package:
@@ -10,6 +11,8 @@
     - python3-pip
   when:
   - inventory_hostname == groups['kube_control_plane'][0]
+  tags:
+    - base
 
 - name: Install pip dependencies
   ansible.builtin.pip:
@@ -18,6 +21,8 @@
     - kubernetes
   when:
   - inventory_hostname == groups['kube_control_plane'][0]
+  tags:
+    - base
 
 - name: Install Helm plugins
   kubernetes.core.helm_plugin:
@@ -27,3 +32,5 @@
     - https://github.com/databus23/helm-diff
   when:
   - inventory_hostname == groups['kube_control_plane'][0]
+  tags:
+    - base
diff --git a/roles/kubernetes/cert-manager/defaults/main.yml b/roles/kubernetes/cert-manager/defaults/main.yml
index ea1c8e4..9b8938f 100644
--- a/roles/kubernetes/cert-manager/defaults/main.yml
+++ b/roles/kubernetes/cert-manager/defaults/main.yml
@@ -1,5 +1,10 @@
 ---
 
+k8s_certmanager_helm__chart_ref: cert-manager
+k8s_certmanager_helm__chart_repo_url: https://charts.jetstack.io
+k8s_certmanager_helm__chart_version: v1.6.1
+k8s_certmanager_helm__release_namespace: cert-manager
+
 k8s_certmanager_helm__release_values:
   installCRDs: true
   webhook.timeoutSeconds: 4
diff --git a/roles/kubernetes/cert-manager/tasks/main.yml b/roles/kubernetes/cert-manager/tasks/main.yml
index d122d6c..94c2dd8 100644
--- a/roles/kubernetes/cert-manager/tasks/main.yml
+++ b/roles/kubernetes/cert-manager/tasks/main.yml
@@ -1,16 +1,21 @@
 ---
 
+### tags:
+###   cert-manager
+
 - name: Install cert-manager via helm
   kubernetes.core.helm:
     name: cert-manager
-    chart_repo_url: "{{ k8s_certmanager_helm__chart_repo_url | default('https://charts.jetstack.io') }}"
-    chart_ref: "{{ k8s_certmanager_helm__chart_ref | default('cert-manager') }}"
-    chart_version: "{{ k8s_certmanager_helm__chart_version | default('v1.5.4') }}"
-    release_namespace: "{{ k8s_certmanager_helm__release_namespace | default('cert-manager') }}"
+    chart_ref: "{{ k8s_certmanager_helm__chart_ref }}"
+    chart_repo_url: "{{ k8s_certmanager_helm__chart_repo_url }}"
+    chart_version: "{{ k8s_certmanager_helm__chart_version }}"
+    release_namespace: "{{ k8s_certmanager_helm__release_namespace }}"
     create_namespace: yes
     release_values: "{{ k8s_certmanager_helm__release_values }}"
   when:
   - inventory_hostname == groups['kube_control_plane'][0]
+  tags:
+    - cert-manager
 
 - name: Create secret for digitalocean-dns
   kubernetes.core.k8s:
@@ -25,8 +30,10 @@
         access-token: "{{ digitalocean_authentication_token | string | b64encode }}"
   when: 
   - inventory_hostname == groups['kube_control_plane'][0]
+  tags:
+    - cert-manager
 
-- name: Create ClusterIssuer_letsencrypt_prod 
+- name: Create ClusterIssuer for letsencrypt (prod/staging)
   kubernetes.core.k8s:
     definition:
       api_version: cert-manager.io/v1
@@ -51,3 +58,5 @@
   loop: "{{ k8s_certmanager_helm__cluster_issuers | dict2items }}"
   when: 
   - inventory_hostname == groups['kube_control_plane'][0]
+  tags:
+    - cert-manager