diff --git a/cluster.yml b/cluster.yml
index 4ccef19634d658c606f026094396db2fc3ef7468..0c75b21b93090ee432e33f7a2c17aedad5fa7f4f 100644
--- a/cluster.yml
+++ b/cluster.yml
@@ -14,3 +14,7 @@
 - hosts: k8s-cluster
   roles:
     - { role: dnsmasq, tags: dnsmasq }
+
+- hosts: kube-master[0]
+  roles:
+    - {role: kubernetes-apps, tags: apps}
diff --git a/inventory/group_vars/all.yml b/inventory/group_vars/all.yml
index b73fb66b2dfa73f81d8dc115b4399e416e86c2db..e82c8314733431066610706aa607f9f69471e372 100644
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@@ -134,3 +134,11 @@ dns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(2)|ipaddr('address')
 ## An obvious use case is allowing insecure-registry access
 ## to self hosted registries like so:
 docker_options: "--insecure-registry={{ kube_service_addresses }}"
+
+# default packages to install within the cluster
+kpm_packages:
+  - name: kube-system/kubedns
+    namespace: kube-system
+    variables:
+      cluster_ip: "{{skydns_server}}"
+#  - name: kube-system/grafana
diff --git a/library/kpm.py b/library/kpm.py
new file mode 100644
index 0000000000000000000000000000000000000000..aa44d4cc8fc52ae3b2075d3e775570ca1ad2866b
--- /dev/null
+++ b/library/kpm.py
@@ -0,0 +1,111 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+import kpm.deploy
+from ansible.module_utils.basic import *
+
+DOCUMENTATION = """
+---
+module: kpm
+short_description: Application deployment on kubernetes with kpm registry
+description:
+  - Create, remove, and update resources within a Kubernetes Cluster
+version_added: "2.0"
+options:
+  name:
+    required: true
+    default: null
+    description:
+      - The name of the kpm package
+  namespace:
+    required: false
+    default: 'default'
+    description:
+      - The namespace to deploy package. It will be created if doesn't exist
+  force:
+    required: false
+    default: false
+    description:
+      - A flag to indicate to force delete, replace.
+  registry:
+    required: false
+    default: 'https://api.kpm.sh'
+    description:
+      - The registry url to fetch packages
+  version:
+    required: false
+    default: 'None'
+    description:
+      - The package version
+  variables:
+    required: false
+    default: 'None'
+    description:
+      - Set package variables
+  state:
+    required: false
+    choices: ['present', 'absent']
+    default: present
+    description:
+      - present handles checking existence or creating resources,
+        absent handles deleting resource(s).
+requirements:
+  - kubectl
+  - kpm
+author: "Antoine Legrand (ant31_2t@msn.com)"
+"""
+
+EXAMPLES = """
+- name: check presence or install ghost
+  kpm: name=ghost/ghost state=present
+
+- name: check absence or remove rocketchat
+  kpm: name=ant31/rocketchat state=absent
+"""
+
+RETURN = """
+"""
+
+
+def check_changed(result, state='present'):
+        no_change = ["ok", 'protected', 'absent']
+        for r in result:
+                if r['status'] not in no_change:
+                        return True
+        return False
+
+
+def main():
+        module = AnsibleModule(
+                supports_check_mode=True,
+                argument_spec = dict(
+                        version = dict(default=None, required=False),
+                        state = dict(default='present', choices=['present', 'absent']),
+                        name = dict(required=True),
+                        force = dict(required=False, default=False, type='bool'),
+                        variables = dict(required=False, default=None, type='dict'),
+                        registry = dict(required=False, default="https://api.kpm.sh"),
+                        namespace=dict(default='default', required=False)))
+
+        params = {"version": module.params.get("version"),
+                  "namespace": module.params.get('namespace'),
+                  "variables": module.params.get('variables'),
+                  "endpoint": module.params.get('registry'),
+                  "dry": module.check_mode,
+                  "proxy": None,
+                  "fmt": "json"}
+        state = module.params.get("state")
+        try:
+                if state == 'present':
+                        r = kpm.deploy.deploy(module.params.get('name'), **params)
+                elif state == 'absent':
+                        r = kpm.deploy.delete(module.params.get('name'), **params)
+        except Exception as e:
+                module.fail_json(msg=e.message)
+        res = {}
+        res['kpm'] = r
+        res['changed'] = check_changed(r, state)
+        module.exit_json(**res)
+
+if __name__ == '__main__':
+        main()
diff --git a/roles/kubernetes-apps/defaults/main.yaml b/roles/kubernetes-apps/defaults/main.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d95001316dc050692fb6614d6a38f08ae6ac7e2a
--- /dev/null
+++ b/roles/kubernetes-apps/defaults/main.yaml
@@ -0,0 +1,4 @@
+---
+kpm_registry: "https://api.kpm.sh"
+kpm_namespace: "default"
+kpm_packages: []
\ No newline at end of file
diff --git a/roles/kubernetes-apps/tasks/main.yaml b/roles/kubernetes-apps/tasks/main.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c30a73d2484579b40ff85d08580f15ba256a6ab1
--- /dev/null
+++ b/roles/kubernetes-apps/tasks/main.yaml
@@ -0,0 +1,25 @@
+- name: Install pip
+  action:
+    module: "{{ ansible_pkg_mgr }}"
+    name: "python-pip"
+    state: latest
+  when: ansible_os_family != "CoreOS" and kpm_packages | length > 0
+
+- name: install kpm
+  pip:
+    name: "kpm"
+    state: "latest"
+  when: kpm_packages | length > 0
+
+- name: manage kubernetes applications
+  kpm:
+    namespace: "{{item.namespace | default(kpm_namespace | default('default'))}}"
+    registry: "{{item.registry | default(kpm_registry | default('https://api.kpm.sh'))}}"
+    state: "{{item.state | default(omit)}}"
+    version: "{{item.version | default(omit)}}"
+    variables: "{{item.variables | default(omit)}}"
+    name: "{{item.name}}"
+  with_items: "{{kpm_packages}}"
+  register: kpmresults
+  environment:
+    PATH: "{{ ansible_env.PATH }}:{{ bin_dir }}"
diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index 376663519b05b634164bff4109dcc88cb25861bb..49f9b7c0ee8477388b9c03a9afdff0ae62855e29 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -2,7 +2,6 @@
 run_gitinfos: false
 
 common_required_pkgs:
-  - python-pip
   - python-httplib2
   - openssl
   - curl
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index 08998e6957dde97b22a6e72ab59540c0e9ad0d03..95cd134ce5307a490b9e65688aff2a8e8d084201 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -106,8 +106,4 @@
     mode: 0640
   when: cloud_provider is defined and cloud_provider == "openstack"
 
-- name: Install kpm
-  pip:
-    name: "kpm"
-
 - include: etchosts.yml