diff --git a/infrastructure/kube-system/README.md b/infrastructure/kube-system/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..40bdad40520dec36d90e6e33bc14b337bc95c501
--- /dev/null
+++ b/infrastructure/kube-system/README.md
@@ -0,0 +1,35 @@
+Kube-system
+===
+
+This component adds some useful controllers, operators and extensions to the `kube-system` namespace.
+
+Quorum
+---
+
+This is a simple set of pods, with a PodDisruptionBudget (PDB) of 1, which will be scheduled on control-plane hosts and prevents them from being drained e.g. during a update by accident. It's mainly there since one can not put PDBs on static pods. It's built to integrate nicely with the system-upgrades component.
+
+Descheduler
+---
+
+The descheduler is supposed to help rebalancing workload after updates and alike, since small clusters will otherwise run with quite unbalanced pods. The descheduler should rebalance workload, keeping each CPU a bit cooler and this way reduce potential noise as well as the risk for all workload when a single node fails.
+
+Metrics-server
+---
+
+The metrics-server is the standard component to provide basic pod metrics that can be used for vertial and horizontal pod autoscaling. Mainly here for completeness and insights using `kubectl top pods`.
+
+
+Nice to knows
+---
+
+- `kubeadm` doesn't provide proper certificates for the kubelet by default, which makes metrics-server require `--kubelet-insecure-tls` until one fixes the certificates.
+- One has to explicitly enable `--authentication-token-webhook` for `kubeadm`-installed clusters in order to allow access to the metrics endpoint for metrics-server.
+- One can't put PDBs on either daemonsets nor static-pods, therefore one requires a deployment to keep a quorum for e.g. etcd.
+
+Links
+---
+
+- [Docs - Descheduler](https://github.com/kubernetes-sigs/descheduler)
+- [Docs - Metrics-Server](https://github.com/kubernetes-sigs/metrics-server)
+- [Docs - Secure Kubelet](https://v1-21.docs.kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/#kubelet-serving-certs)
+-