diff --git a/kubernetes.yml b/kubernetes.yml
index 242b6b0..45dfd08 100644
--- a/kubernetes.yml
+++ b/kubernetes.yml
@@ -27,5 +27,6 @@
     - { role: kubernetes/cloud-controller-manager }
     - { role: kubernetes/container-storage-interface }
     - { role: kubernetes/cert-manager }
+    - { role: kubernetes/external-dns }
     - { role: kubernetes/ingress-controller }
     - { role: kubernetes/apps }
diff --git a/roles/kubernetes/external-dns/defaults/main.yml b/roles/kubernetes/external-dns/defaults/main.yml
new file mode 100644
index 0000000..cbb63a9
--- /dev/null
+++ b/roles/kubernetes/external-dns/defaults/main.yml
@@ -0,0 +1,30 @@
+---
+
+k8s_prometheus_helm__name: "prometheus"
+
+k8s_externaldns_helm__chart_ref: external-dns
+k8s_externaldns_helm__chart_repo_url: https://kubernetes-sigs.github.io/external-dns/
+k8s_externaldns_helm__chart_version: v1.6.0
+k8s_externaldns_helm__release_namespace: external-dns
+
+k8s_externaldns_helm__release_values:
+  provider: digitalocean
+  env:
+    - name: DO_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: "digitalocean-dns"
+          key: access-token
+  interval: "1m"
+  policy: sync
+  sources:
+    - ingress
+  domainFilters: [
+    'smardigo.digital'
+  ]
+  txtOwnerId: "{{ stage }}-external-dns"
+  txtPrefix: "{{ stage }}"
+  serviceMonitor:
+    enabled: true
+    additionalLabels:
+      release: "{{ k8s_prometheus_helm__name }}"
diff --git a/roles/kubernetes/external-dns/tasks/main.yml b/roles/kubernetes/external-dns/tasks/main.yml
new file mode 100644
index 0000000..cce6c83
--- /dev/null
+++ b/roles/kubernetes/external-dns/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+
+### tags:
+###   external-dns
+
+- name: Install external-dns via helm
+  kubernetes.core.helm:
+    name: external-dns
+    chart_ref: "{{ k8s_externaldns_helm__chart_ref }}"
+    chart_repo_url: "{{ k8s_externaldns_helm__chart_repo_url }}"
+    chart_version: "{{ k8s_externaldns_helm__chart_version }}"
+    release_namespace: "{{ k8s_externaldns_helm__release_namespace }}"
+    create_namespace: yes
+    release_values: "{{ k8s_externaldns_helm__release_values }}"
+  when:
+  - inventory_hostname == groups['kube_control_plane'][0]
+  tags:
+    - external-dns
+
+- name: Create secret for digitalocean-dns
+  kubernetes.core.k8s:
+    definition:
+      api_version: v1
+      kind: Secret
+      metadata:
+        namespace: "{{ k8s_externaldns_helm__release_namespace }}"
+        name: digitalocean-dns
+      type: Opaque
+      data:
+        access-token: "{{ digitalocean_authentication_token | string | b64encode }}"
+  when: 
+  - inventory_hostname == groups['kube_control_plane'][0]
+  tags:
+    - external-dns