diff --git a/k8s/apps/n8n/deployment-main.yaml b/k8s/apps/n8n/deployment-main.yaml
index f5f8045..5782be7 100644
--- a/k8s/apps/n8n/deployment-main.yaml
+++ b/k8s/apps/n8n/deployment-main.yaml
@@ -19,6 +19,35 @@ spec:
         component: main
     spec:
       serviceAccountName: n8n
+      initContainers:
+      - name: install-tools
+        image: alpine:3.22
+        command:
+        - /bin/sh
+        - -c
+        - |
+          set -e
+          if [ -x /tools/kubectl ]; then
+            echo "kubectl already exists, skipping download"
+            /tools/kubectl version --client
+            exit 0
+          fi
+          echo "Downloading kubectl..."
+          ARCH=$(uname -m)
+          case $ARCH in
+            x86_64) ARCH="amd64" ;;
+            aarch64) ARCH="arm64" ;;
+          esac
+          wget -O /tools/kubectl "https://dl.k8s.io/release/$(wget -qO- https://dl.k8s.io/release/stable.txt)/bin/linux/${ARCH}/kubectl"
+          chmod +x /tools/kubectl
+          /tools/kubectl version --client
+        volumeMounts:
+        - name: tools
+          mountPath: /tools
+        securityContext:
+          runAsUser: 1000
+          runAsGroup: 1000
+          runAsNonRoot: true
       containers:
       - name: n8n
         image: docker.n8n.io/n8nio/n8n:latest
@@ -26,6 +55,8 @@ spec:
         - containerPort: 5678
           name: http
         env:
+        - name: PATH
+          value: "/opt/tools:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
         - name: HOME
           value: "/home/node"
         - name: N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS
@@ -83,6 +114,8 @@ spec:
         volumeMounts:
         - name: n8n-data
           mountPath: /home/node/.n8n
+        - name: tools
+          mountPath: /opt/tools
         resources:
           requests:
             cpu: 2000m
@@ -110,6 +143,9 @@ spec:
       - name: n8n-data
         persistentVolumeClaim:
           claimName: n8n-data
+      - name: tools
+        persistentVolumeClaim:
+          claimName: n8n-tools
       securityContext:
         runAsUser: 1000
         runAsGroup: 1000
diff --git a/k8s/apps/n8n/deployment-worker.yaml b/k8s/apps/n8n/deployment-worker.yaml
index d568d30..4f8a7f2 100644
--- a/k8s/apps/n8n/deployment-worker.yaml
+++ b/k8s/apps/n8n/deployment-worker.yaml
@@ -24,6 +24,8 @@ spec:
         image: docker.n8n.io/n8nio/n8n:latest
         command: ["n8n", "worker"]
         env:
+        - name: PATH
+          value: "/opt/tools:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
         - name: HOME
           value: "/home/node"
         - name: NODES_EXCLUDE
@@ -77,6 +79,8 @@ spec:
         volumeMounts:
         - name: n8n-data
           mountPath: /home/node/.n8n
+        - name: tools
+          mountPath: /opt/tools
         resources:
           requests:
             cpu: 2000m
@@ -98,6 +102,9 @@ spec:
       - name: n8n-data
         persistentVolumeClaim:
           claimName: n8n-data
+      - name: tools
+        persistentVolumeClaim:
+          claimName: n8n-tools
       securityContext:
         runAsUser: 1000
         runAsGroup: 1000
diff --git a/k8s/apps/n8n/storage.yaml b/k8s/apps/n8n/storage.yaml
index cf6fc32..cdbe225 100644
--- a/k8s/apps/n8n/storage.yaml
+++ b/k8s/apps/n8n/storage.yaml
@@ -10,3 +10,15 @@ spec:
   resources:
     requests:
       storage: 10Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: n8n-tools
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 20Gi