diff --git a/molecule/download_binaries/converge.yml b/molecule/download_binaries/converge.yml
new file mode 100644
index 00000000..b61fd2b2
--- /dev/null
+++ b/molecule/download_binaries/converge.yml
@@ -0,0 +1,4 @@
+- name: include playbook
+  ansible.builtin.import_playbook: vexxhost.kubernetes.download_binaries
+  vars:
+    target: instance
diff --git a/molecule/download_binaries/molecule.yml b/molecule/download_binaries/molecule.yml
new file mode 100644
index 00000000..b8f807d2
--- /dev/null
+++ b/molecule/download_binaries/molecule.yml
@@ -0,0 +1,25 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+dependency:
+  name: galaxy
+driver:
+  name: default
+  options:
+    managed: False
+    ansible_connection_options:
+      ansible_become: "true"
+      ansible_connection: local
+platforms:
+  - name: instance
+    groups:
+      - controllers
+provisioner:
+  name: ansible
+  config_options:
+    connection:
+      pipelining: true
+    defaults:
+      callbacks_enabled: ansible.posix.profile_tasks
+verifier:
+  name: ansible
diff --git a/molecule/download_binaries/prepare.yml b/molecule/download_binaries/prepare.yml
new file mode 100644
index 00000000..f144066a
--- /dev/null
+++ b/molecule/download_binaries/prepare.yml
@@ -0,0 +1,33 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Prepare
+  hosts: all
+  become: true
+  pre_tasks:
+    - name: Wait for systemd to complete initialization
+      ansible.builtin.command: systemctl is-system-running
+      register: systemctl_status
+      until: >
+        'running' in systemctl_status.stdout or
+        'degraded' in systemctl_status.stdout
+      retries: 30
+      delay: 5
+      changed_when: false
+      failed_when: systemctl_status.rc > 1
+  tasks:
+    - name: Run APT update
+      ansible.builtin.apt:
+        update_cache: yes
+      when: ansible_facts['pkg_mgr'] == "apt"
diff --git a/molecule/download_binaries/verify.yml b/molecule/download_binaries/verify.yml
new file mode 100644
index 00000000..5af6a92b
--- /dev/null
+++ b/molecule/download_binaries/verify.yml
@@ -0,0 +1,40 @@
+# Copyright (c) 2023 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Verify
+  hosts: all
+  become: true
+  vars:
+    dir: /var/lib/downloads
+  tasks:
+    - name: Stat target dir
+      ansible.builtin.stat:
+        path: "{{ dir }}"
+      register: _dir_stat
+
+    - name: Assert that target dir is created
+      ansible.builtin.assert:
+        that:
+          - _dir_stat.stat.exists
+          - _dir_stat.stat.isdir
+
+    - name: Find target files
+      ansible.builtin.find:
+        paths: "{{ dir }}"
+      register: _dir_find
+
+    - name: Assert that some files were downloaded
+      ansible.builtin.assert:
+        that:
+          - _dir_find.matched > 0
diff --git a/playbooks/download_binaries.yml b/playbooks/download_binaries.yml
new file mode 100644
index 00000000..4c6538a2
--- /dev/null
+++ b/playbooks/download_binaries.yml
@@ -0,0 +1,60 @@
+- name: Download all binaries required at runtime for ansible-collection-kubernetes
+  hosts: "{{ target | default('all') }}"
+  gather_facts: false
+  vars:
+   # some role defaults use vars only defined in the download_artifact role
+    _download_artifact_goarch_groups:
+      x86_64: amd64
+      aarch64: arm64
+      armv7l: arm
+
+    download_artifact_goarch: >-
+      {%- if ansible_facts['architecture'] in _download_artifact_goarch_groups -%}
+      {{ _download_artifact_goarch_groups[ansible_facts['architecture']] }}
+      {%- else -%}
+      {{ ansible_facts['architecture'] }}
+      {%- endif -%}
+
+    download_artifact_work_directory: /var/lib/downloads
+
+    role_location: "{{ playbook_dir }}/../roles"
+  tasks:
+    - name: Gather minimal facts
+      ansible.builtin.setup:
+        gather_subset: min
+      delegate_to: localhost
+
+    - name: Find all subdirectories in the role location
+      ansible.builtin.find:
+        file_type: directory
+        paths: "{{ role_location }}"
+        recurse: true
+      register: role_paths
+      delegate_to: localhost
+
+    - name: Select only defaults/ directories and load vars
+    # also load vars from download_artifact to get architecture mappings
+      ansible.builtin.include_vars:
+        dir: "{{ item }}"
+      with_items:
+        - "{{ role_paths.files | selectattr('path', 'search', 'defaults') | map(attribute='path') }}"
+      delegate_to: localhost
+
+    - name: Generate list of all binaries for all roles
+      vexxhost.containers.binary_downloads:
+        prefixes: "{{ query('varnames', '_download_url$') | map('replace', '_download_url', '') }}"
+      register: binaries
+      delegate_to: localhost
+
+    - name: Include download_artifact role
+      ansible.builtin.include_role:
+        name: vexxhost.containers.download_artifact
+      vars:
+        download_artifact_url: "{{ item.url }}"
+        download_artifact_dest: "{{ item.dest }}"
+        download_artifact_checksum: "sha256:{{ item.checksum }}"
+        download_artifact_owner: "{{ ansible_user }}"
+        download_artifact_mode: "0755"
+        download_artifact_unarchive: false
+        download_artifact_no_log: false
+      with_items: "{{ binaries.downloads }}"
diff --git a/roles/helm/defaults/main.yml b/roles/helm/defaults/main.yml
index 309858a2..bb7ad69a 100644
--- a/roles/helm/defaults/main.yml
+++ b/roles/helm/defaults/main.yml
@@ -38,5 +38,5 @@ helm_diff_checksums:
     v3.8.1: d451e4772a3987710f485de4caed760583c88f8f15864a623b3fbd73be7077ec
 
 helm_diff_download_url: "https://github.com/databus23/helm-diff/releases/download/{{ helm_diff_version }}/helm-diff-{{ ansible_facts['system'] | lower }}-{{ download_artifact_goarch }}.tgz" # noqa: yaml[line-length]
-helm_diff_download_dest: "{{ download_artifact_work_directory }}/helm-diff-{{ ansible_facts['system'] | lower }}-{{ download_artifact_goarch }}.tgz"
+helm_diff_download_dest: "{{ download_artifact_work_directory }}/helm-diff-{{ helm_diff_version }}-{{ ansible_facts['system'] | lower }}-{{ download_artifact_goarch }}.tgz" # noqa: yaml[line-length]
 helm_diff_checksum: "{{ helm_diff_checksums[download_artifact_goarch][helm_diff_version] }}"
diff --git a/tox.ini b/tox.ini
index de51e591..de6a974c 100644
--- a/tox.ini
+++ b/tox.ini
@@ -39,3 +39,9 @@ deps =
   {[testenv:molecule-venv]deps}
 commands =
   molecule test -s upload-helm-chart
+
+[testenv:molecule-download-binaries]
+deps =
+  {[testenv:molecule-venv]deps}
+commands =
+  molecule test -s download_binaries
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index 977c0835..e2e95e50 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -41,3 +41,9 @@
     parent: ansible-collection-kubernetes-molecule
     vars:
       tox_envlist: molecule-upload-helm-chart
+
+- job:
+    name: ansible-collection-kubernetes-molecule-download-binaries
+    parent: ansible-collection-kubernetes-molecule
+    vars:
+      tox_envlist: molecule-download-binaries
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 70360c11..0035ca4a 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -22,6 +22,7 @@
         - ansible-collection-kubernetes-molecule-cluster-api-upgrade
         - ansible-collection-kubernetes-molecule-helm
         - ansible-collection-kubernetes-molecule-upload-helm-chart
+        - ansible-collection-kubernetes-molecule-download-binaries
         - build-ansible-collection
     gate:
       jobs:
@@ -31,6 +32,7 @@
         - ansible-collection-kubernetes-molecule-cluster-api-upgrade
         - ansible-collection-kubernetes-molecule-helm
         - ansible-collection-kubernetes-molecule-upload-helm-chart
+        - ansible-collection-kubernetes-molecule-download-binaries
         - build-ansible-collection
     release:
       jobs: