diff --git a/1password/secrets.yaml b/1password/secrets.yaml
index fe6627e..4ed5832 100644
--- a/1password/secrets.yaml
+++ b/1password/secrets.yaml
@@ -58,3 +58,13 @@ metadata:
     operator.1password.io/auto-restart: "true"
 spec:
   itemPath: "vaults/Lab/items/Cloudflare"
+---
+apiVersion: onepassword.com/v1
+kind: OnePasswordItem
+metadata:
+  name: cloudflare-token
+  namespace: cloudflare-system
+  annotations:
+    operator.1password.io/auto-restart: "true"
+spec:
+  itemPath: "vaults/Lab/items/Cloudflare"
diff --git a/cloudflare/ddns.yaml b/cloudflare/ddns.yaml
new file mode 100644
index 0000000..ea9b7d8
--- /dev/null
+++ b/cloudflare/ddns.yaml
@@ -0,0 +1,44 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cloudflare-domains-config
+  namespace: cloudflare-system
+data:
+  DOMAINS: "postgres.dogar.dev,git.dogar.dev"
+  PROXIED: "false"
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cloudflare-ddns
+  namespace: cloudflare-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cloudflare-ddns
+  template:
+    metadata:
+      labels:
+        app: cloudflare-ddns
+    spec:
+      containers:
+      - name: cloudflare-ddns
+        image: favonia/cloudflare-ddns:latest
+        env:
+        - name: CF_API_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: cloudflare-token
+              key: credential
+        - name: DOMAINS
+          valueFrom:
+            configMapKeyRef:
+              name: cloudflare-domains-config
+              key: DOMAINS
+        - name: PROXIED
+          valueFrom:
+            configMapKeyRef:
+              name: cloudflare-domains-config
+              key: PROXIED