diff --git a/kubernetes/apps/kube-system/kustomization.yaml b/kubernetes/apps/kube-system/kustomization.yaml
index 181447e..7f22a3a 100644
--- a/kubernetes/apps/kube-system/kustomization.yaml
+++ b/kubernetes/apps/kube-system/kustomization.yaml
@@ -17,3 +17,4 @@ resources:
   - ./node-feature-discovery/ks.yaml
   - ./reloader/ks.yaml
   - ./spegel/ks.yaml
+  - ./zfs-scrub/ks.yaml
diff --git a/kubernetes/apps/kube-system/zfs-scrub/app/helmrelease.yaml b/kubernetes/apps/kube-system/zfs-scrub/app/helmrelease.yaml
new file mode 100644
index 0000000..a4a102a
--- /dev/null
+++ b/kubernetes/apps/kube-system/zfs-scrub/app/helmrelease.yaml
@@ -0,0 +1,85 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: &app zfs-scrub
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.1.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      retries: 3
+      strategy: rollback
+  values:
+    controllers:
+      kubanetics:
+        type: cronjob
+        cronjob:
+          schedule: "@weekly"
+          parallelism: 1 # Set to my total number of nodes
+        containers:
+          app:
+            image:
+              repository: ghcr.io/onedr0p/kubanetics
+              tag: 2024.5.4@sha256:220ceb1bc1adca0b3ac45cedb3682091ff6f7f3725769fc22decbd3bb2091478
+            env:
+              SCRIPT_NAME: zfs-scrub.sh
+            probes:
+              liveness:
+                enabled: false
+              readiness:
+                enabled: false
+              startup:
+                enabled: false
+            resources:
+              requests:
+                cpu: 25m
+              limits:
+                memory: 128Mi
+            securityContext:
+              privileged: true
+        pod:
+          hostNetwork: true
+          hostPID: true
+          topologySpreadConstraints:
+            - maxSkew: 1
+              topologyKey: kubernetes.io/hostname
+              whenUnsatisfiable: DoNotSchedule
+              labelSelector:
+                matchLabels:
+                  app.kubernetes.io/name: *app
+    persistence:
+      zfs-scrub:
+        type: configMap
+        name: zfs-scrub-configmap
+        defaultMode: 0775
+        globalMounts:
+          - path: /app/zfs-scrub.sh
+            subPath: zfs-scrub.sh
+            readOnly: true
+      procfs:
+        type: hostPath
+        hostPath: /proc
+        hostPathType: Directory
+        globalMounts:
+          - path: /host/proc
+            readOnly: true
+      netfs:
+        type: hostPath
+        hostPath: /sys
+        hostPathType: Directory
+        globalMounts:
+          - path: /host/net
+            readOnly: true
diff --git a/kubernetes/apps/kube-system/zfs-scrub/app/kustomization.yaml b/kubernetes/apps/kube-system/zfs-scrub/app/kustomization.yaml
new file mode 100644
index 0000000..ae67449
--- /dev/null
+++ b/kubernetes/apps/kube-system/zfs-scrub/app/kustomization.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: zfs-scrub-configmap
+    files:
+      - zfs-scrub.sh=./resources/zfs-scrub.sh
diff --git a/kubernetes/apps/kube-system/zfs-scrub/app/resources/zfs-scrub.sh b/kubernetes/apps/kube-system/zfs-scrub/app/resources/zfs-scrub.sh
new file mode 100644
index 0000000..d90d0d9
--- /dev/null
+++ b/kubernetes/apps/kube-system/zfs-scrub/app/resources/zfs-scrub.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+KUBELET_BIN="/usr/local/bin/kubelet"
+KUBELET_PID="$(pgrep -f $KUBELET_BIN)"
+ZPOOL="nahar"
+
+if [ -z "${KUBELET_PID}" ]; then
+    echo "kubelet not found"
+    exit 1
+fi
+
+# Enter namespaces and run commands
+nsrun() {
+    nsenter \
+        --mount="/host/proc/${KUBELET_PID}/ns/mnt" \
+        --net="/host/proc/${KUBELET_PID}/ns/net" \
+        -- bash -c "$1"
+}
+
+# Scrub filesystems
+nsrun "zpool scrub ${ZPOOL}"
diff --git a/kubernetes/apps/kube-system/zfs-scrub/ks.yaml b/kubernetes/apps/kube-system/zfs-scrub/ks.yaml
new file mode 100644
index 0000000..0354a48
--- /dev/null
+++ b/kubernetes/apps/kube-system/zfs-scrub/ks.yaml
@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app zfs-scrub
+  namespace: flux-system
+spec:
+  targetNamespace: kube-system
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/apps/kube-system/zfs-scrub/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: homelab
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m