diff --git a/kubernetes/apps/kube-system/coredns/app/helm-values.yml b/kubernetes/apps/kube-system/coredns/app/helm-values.yml
new file mode 100644
index 0000000..e7722b3
--- /dev/null
+++ b/kubernetes/apps/kube-system/coredns/app/helm-values.yml
@@ -0,0 +1,58 @@
+---
+fullnameOverride: coredns
+replicaCount: 3
+k8sAppLabelOverride: kube-dns
+serviceAccount:
+  create: true
+service:
+  name: kube-dns
+  clusterIP: 10.96.0.10
+servers:
+  - zones:
+      - zone: .
+        scheme: dns://
+        use_tcp: true
+    port: 53
+    plugins:
+      - name: errors
+      - name: health
+        configBlock: |-
+          lameduck 5s
+      - name: ready
+      - name: log
+        configBlock: |-
+          class error
+      - name: prometheus
+        parameters: 0.0.0.0:9153
+      - name: kubernetes
+        parameters: cluster.local in-addr.arpa ip6.arpa
+        configBlock: |-
+          pods insecure
+          fallthrough in-addr.arpa ip6.arpa
+      - name: forward
+        parameters: . /etc/resolv.conf
+      - name: cache
+        parameters: 30
+      - name: loop
+      - name: reload
+      - name: loadbalance
+affinity:
+  nodeAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: node-role.kubernetes.io/control-plane
+              operator: Exists
+tolerations:
+  - key: CriticalAddonsOnly
+    operator: Exists
+  - key: node-role.kubernetes.io/control-plane
+    operator: Exists
+    effect: NoSchedule
+topologySpreadConstraints:
+  - maxSkew: 1
+    topologyKey: kubernetes.io/hostname
+    whenUnsatisfiable: DoNotSchedule
+    labelSelector:
+      matchLabels:
+        app.kubernetes.io/instance: coredns
diff --git a/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml b/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml
new file mode 100644
index 0000000..845d130
--- /dev/null
+++ b/kubernetes/apps/kube-system/coredns/app/helmrelease.yaml
@@ -0,0 +1,27 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: coredns
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: coredns
+      version: 1.32.0
+      sourceRef:
+        kind: HelmRepository
+        name: coredns
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  valuesFrom:
+    - kind: ConfigMap
+      name: coredns-helm-values
diff --git a/kubernetes/apps/kube-system/coredns/app/kustomization.yaml b/kubernetes/apps/kube-system/coredns/app/kustomization.yaml
new file mode 100644
index 0000000..a270d5e
--- /dev/null
+++ b/kubernetes/apps/kube-system/coredns/app/kustomization.yaml
@@ -0,0 +1,12 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: coredns-helm-values
+    files:
+      - values.yaml=./helm-values.yml
+configurations:
+  - kustomizeconfig.yaml
diff --git a/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml b/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml
new file mode 100644
index 0000000..58f92ba
--- /dev/null
+++ b/kubernetes/apps/kube-system/coredns/app/kustomizeconfig.yaml
@@ -0,0 +1,7 @@
+---
+nameReference:
+  - kind: ConfigMap
+    version: v1
+    fieldSpecs:
+      - path: spec/valuesFrom/name
+        kind: HelmRelease
diff --git a/kubernetes/apps/kube-system/coredns/ks.yaml b/kubernetes/apps/kube-system/coredns/ks.yaml
new file mode 100644
index 0000000..1878af1
--- /dev/null
+++ b/kubernetes/apps/kube-system/coredns/ks.yaml
@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app coredns
+  namespace: flux-system
+spec:
+  targetNamespace: kube-system
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/kube-system/coredns/app
+  prune: false # never should be deleted
+  sourceRef:
+    kind: GitRepository
+    name: homelab
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m
diff --git a/kubernetes/apps/kube-system/kustomization.yaml b/kubernetes/apps/kube-system/kustomization.yaml
index 8abd2e8..d5bf8c9 100644
--- a/kubernetes/apps/kube-system/kustomization.yaml
+++ b/kubernetes/apps/kube-system/kustomization.yaml
@@ -7,13 +7,12 @@ resources:
   - ./namespace.yaml
   # Flux-Kustomizations
   - ./cilium/ks.yaml
+  - ./coredns/ks.yaml
   - ./descheduler/ks.yaml
   - ./dnsimple-webhook-rbac.yaml
   - ./fstrim/ks.yaml
   - ./kubelet-csr-approver/ks.yaml
   - ./metrics-server/ks.yaml
-  # - ./multus/ks.yaml
-  - ./nvidia-device-plugin/ks.yaml
   - ./node-feature-discovery/ks.yaml
+  - ./nvidia-device-plugin/ks.yaml
   - ./reloader/ks.yaml
-  # - ./zfs-scrub/ks.yaml # Until nvidia-container-plugin issues are resolved with the ZFS extension.