diff --git a/netbox/controller-rbac.yaml b/netbox/controller-rbac.yaml
new file mode 100644
index 0000000..a7fa5c5
--- /dev/null
+++ b/netbox/controller-rbac.yaml
@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: netbox-ip-controller
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "services"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: netbox-ip-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: netbox-ip-controller
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: netbox
\ No newline at end of file
diff --git a/netbox/controller.yaml b/netbox/controller.yaml
new file mode 100644
index 0000000..a8705e1
--- /dev/null
+++ b/netbox/controller.yaml
@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netbox-ip-controller
+  namespace: netbox
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: netbox-ip-controller
+  template:
+    metadata:
+      labels:
+        app: netbox-ip-controller
+    spec:
+      containers:
+        - name: controller
+          image: ghcr.io/digitalocean/netbox-ip-controller:latest
+          args:
+            - --netbox-api-url=https://netbox.apps.undercloud.dev
+            - --netbox-token=$(NETBOX_TOKEN)
+            - --dual-stack-ip=true
+            - --service-publish-labels=netbox-export
+            # disable pod export (recommended)
+            - --pod-publish-labels=netbox-export
+          env:
+            - name: NETBOX_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: netbox-token
+                  key: token
diff --git a/netbox/netbox.yaml b/netbox/netbox.yaml
index 1220d70..9ffeb3f 100644
--- a/netbox/netbox.yaml
+++ b/netbox/netbox.yaml
@@ -127,6 +127,7 @@ metadata:
   namespace: netbox
   labels:
     app: netbox
+    netbox-export: "true"
 spec:
   internalTrafficPolicy: Cluster
   ipFamilies:
diff --git a/netbox/secrets.yaml b/netbox/secrets.yaml
index ae9e754..c315ca9 100644
--- a/netbox/secrets.yaml
+++ b/netbox/secrets.yaml
@@ -27,4 +27,13 @@ type: Opaque
 stringData:
   username: admin
   email: admin@example.com
-  password: 4IsTheMindKiller
\ No newline at end of file
+  password: 4IsTheMindKiller
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: netbox-token
+  namespace: netbox
+type: Opaque
+stringData:
+  token: JvWamlvHZTl4Cq0wsFUVk6NxjgnYTKvrOJNvvTd8
\ No newline at end of file