diff --git a/roles/cadvisor/README.md b/roles/cadvisor/README.md
new file mode 100644
index 0000000..548b15a
--- /dev/null
+++ b/roles/cadvisor/README.md
@@ -0,0 +1,24 @@
+# `finallycoffee.observability.cadvisor` ansible role
+
+## Overview
+
+Deploys [cadvisor](https://github.com/google/cadvisor/), a daemon
+for collecting and exporting information about running (docker)
+containers in a docker container.
+
+## Configuration
+
+In order to scrape `/metrics` of running containers, it is recommended
+to expose the default port of cadvisor to the host using
+```yaml
+cadvisor_container_ports:
+  - "127.0.0.1:8080:8080`
+```
+so that cadvisor metrics are exposed at `http://127.0.0.1:8080/metrics`.
+
+### Enabling/Disabling collection of metrics
+
+By setting `cadvisor_disabled_metrics`, the collection of metrics
+can be disabled. The default list of disabled metrics is quite extensive,
+so when enabling a disabled-by-default metric, it is recommended to
+use `cadvisor_force_enable_metrics` instead, as it's empty by default.
diff --git a/roles/cadvisor/defaults/main.yml b/roles/cadvisor/defaults/main.yml
new file mode 100644
index 0000000..f4b63a7
--- /dev/null
+++ b/roles/cadvisor/defaults/main.yml
@@ -0,0 +1,53 @@
+---
+
+cadvisor_version: 0.39.3
+
+cadvisor_container_name: cadvisor
+cadvisor_container_image_name: gcr.io/cadvisor/cadvisor
+cadvisor_container_image_tag: ~
+cadvisor_container_image_ref: >-
+  {{ cadvisor_container_image_name }}:{{ cadvisor_container_image_tag | default('v' + cadvisor_version, True) }}
+cadvisor_container_volumes: >-
+  {{ cadvisor_container_base_volumes + cadvisor_container_extra_volumes | default([], True) }}
+cadvisor_container_extra_volumes: ~
+cadvisor_container_env: ~
+cadvisor_container_labels: "{{ cadvisor_container_base_labels | combine(cadvisor_container_extra_labels) }}"
+cadvisor_container_extra_labels: {}
+cadvisor_container_ports: ~
+cadvisor_container_networks: ~
+cadvisor_container_etc_hosts: ~
+cadvisor_container_devices: [ "/dev/kmsg:/dev/kmsg:rwm" ]
+cadvisor_container_privileged: yes
+cadvisor_container_pid_mode: "host"
+cadvisor_container_userns_mode: "host"
+cadvisor_container_capabilities: ~
+cadvisor_container_restart_policy: unless-stopped
+cadvisor_container_command: >-2
+  {{ ["--docker_only=false"]
+    + (["--disable_metrics=" + cadvisor_disabled_metrics | join( ',' )]
+      if cadvisor_disabled_metrics | default(false, True) else [])
+    + (["--enable_metrics=" +  cadvisor_force_enable_metrics | join( ',' )]
+      if cadvisor_force_enable_metrics | default(false, True) else [])
+  }}
+cadvisor_container_base_labels:
+  version: "{{ cadvisor_version }}"
+cadvisor_container_base_volumes:
+  - "/:/rootfs:ro"
+  - "/var/run:/var/run:ro"
+  - "/sys:/sys:ro"
+  - "/var/lib/docker/:/var/lib/docker:ro"
+  - "/dev/disk/:/dev/disk:ro"
+
+cadvisor_disabled_metrics:
+  - advtcp
+  - cpu_topology
+  - cpuset
+  - hugetlb
+  - memory_numa
+  - process
+  - referenced_memory
+  - resctrl
+  - sched
+  - tcp
+  - udp
+cadvisor_force_enable_metrics: []
diff --git a/roles/cadvisor/tasks/main.yml b/roles/cadvisor/tasks/main.yml
new file mode 100644
index 0000000..2233c0d
--- /dev/null
+++ b/roles/cadvisor/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+
+- name: Ensure container image is present
+  docker_image:
+    name: "{{ cadvisor_container_image_ref }}"
+    state: present
+    source: pull
+    force_source: "{{ cadvisor_container_image_tag|default(False, True) | bool }}"
+
+- name: Ensure cadvisor container is running
+  docker_container:
+    name: "{{ cadvisor_container_name }}"
+    image: "{{ cadvisor_container_image_ref }}"
+    env: "{{ cadvisor_container_env | default(omit, True) }}"
+    ports: "{{ cadvisor_container_ports | default(omit, True) }}"
+    labels: "{{ cadvisor_container_labels }}"
+    devices: "{{ cadvisor_container_devices }}"
+    volumes: "{{ cadvisor_container_volumes }}"
+    networks: "{{ cadvisor_container_networks | default(omit, True) }}"
+    etc_hosts: "{{ cadvisor_container_etc_hosts | default(omit, True) }}"
+    privileged: "{{ cadvisor_container_privileged }}"
+    command: "{{ cadvisor_container_command }}"
+    pid_mode: "{{ cadvisor_container_pid_mode | default(omit, True) }}"
+    userns_mode: "{{ cadvisor_container_userns_mode | default(omit, True) }}"
+    restart_policy: "{{ cadvisor_container_restart_policy }}"
+    state: started