diff --git a/roles/container-engine/crun/defaults/main.yml b/roles/container-engine/crun/defaults/main.yml
index 232da9ab3..65e08d7e1 100644
--- a/roles/container-engine/crun/defaults/main.yml
+++ b/roles/container-engine/crun/defaults/main.yml
@@ -1,5 +1,3 @@
 ---
 
-crun_version: 0.18
-crun_release_url: https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ host_architecture }}
 crun_bin_dir: /usr/bin/
diff --git a/roles/container-engine/crun/tasks/main.yml b/roles/container-engine/crun/tasks/main.yml
index aff1bfec1..d541a49fc 100644
--- a/roles/container-engine/crun/tasks/main.yml
+++ b/roles/container-engine/crun/tasks/main.yml
@@ -1,24 +1,12 @@
 ---
+- name: crun | Download crun binary
+  include_tasks: "../../../download/tasks/download_file.yml"
+  vars:
+    download: "{{ download_defaults | combine(downloads.crun) }}"
 
-- name: Create binary destination folder
-  file:
-    mode: '0755'
-    state: directory
-    path: "{{ crun_bin_dir }}"
-
-- name: Check if binary exists
-  stat:
-    path: "{{ crun_bin_dir }}/crun"
-    get_attributes: no
-    get_checksum: no
-    get_mime: no
-  register: crun_stat
-
-# TODO: use download_file.yml
-- name: Download binary
-  get_url:
-    url: "{{ crun_release_url }}"
+- name: Copy crun binary from download dir
+  copy:
+    src: "{{ local_release_dir }}/crun"
     dest: "{{ crun_bin_dir }}/crun"
-    mode: '0755'
-  when: not crun_stat.stat.exists
-  environment: "{{ proxy_env }}"
+    mode: 0755
+    remote_src: true
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 9b1977899..56cef69c7 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -51,6 +51,7 @@ image_arch: "{{host_architecture | default('amd64')}}"
 # Versions
 kubeadm_version: "{{ kube_version }}"
 etcd_version: v3.4.13
+crun_version: 0.18
 
 # gcr and kubernetes image repo define
 gcr_image_repo: "gcr.io"
@@ -101,6 +102,7 @@ calicoctl_download_url: "https://github.com/projectcalico/calicoctl/releases/dow
 calico_crds_download_url: "https://github.com/projectcalico/calico/archive/{{ calico_version }}.tar.gz"
 crictl_download_url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/{{ crictl_version }}/crictl-{{ crictl_version }}-{{ ansible_system | lower }}-{{ image_arch }}.tar.gz"
 helm_download_url: "https://get.helm.sh/helm-{{ helm_version }}-linux-{{ image_arch }}.tar.gz"
+crun_download_url: "https://github.com/containers/crun/releases/download/{{ crun_version }}/crun-{{ crun_version }}-linux-{{ image_arch }}"
 
 crictl_checksums:
   arm:
@@ -433,6 +435,17 @@ helm_archive_checksums:
   arm64:
     v3.5.3: e1348d94ce4caace43689ee2dfa5f8bcd8687c12053d9c13d79875b65d6b72aa
 
+crun_checksums:
+  arm: 0
+  amd64:
+    0.16: a16508a9c15a2aa898d6ba18bbc394cd37cdb4e3968f177f2fbb7b70a8a0f4fb
+    0.17: af99d543a41c5ef441e9e653b60392e8d6988a56762819a6959031e3154e94c1
+    0.18: e94578c013eae98b0a50477f6bc77963a7c85145bf280da39f9855d69d9cab53
+  arm64:
+    0.16: 0
+    0.17: 0
+    0.18: e580157bc8f87114a2f1d8ac28f8a7c4a588dfa21969fc99f78919cb9bf3ed0a
+
 etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch] }}"
 cni_binary_checksum: "{{ cni_binary_checksums[image_arch] }}"
 kubelet_binary_checksum: "{{ kubelet_checksums[image_arch][kube_version] }}"
@@ -442,6 +455,7 @@ calicoctl_binary_checksum: "{{ calicoctl_binary_checksums[image_arch][calico_ctl
 calico_crds_archive_checksum: "{{ calico_crds_archive_checksums[calico_version] }}"
 crictl_binary_checksum: "{{ crictl_checksums[image_arch][crictl_version] }}"
 helm_archive_checksum: "{{ helm_archive_checksums[image_arch][helm_version] }}"
+crun_binary_checksum: "{{ crun_checksums[image_arch][crun_version] }}"
 
 # Containers
 # In some cases, we need a way to set --registry-mirror or --insecure-registry for docker,
@@ -696,6 +710,19 @@ downloads:
     groups:
     - k8s-cluster
 
+  crun:
+    file: true
+    enabled: "{{ crun_enabled }}"
+    version: "{{ crun_version }}"
+    dest: "{{ local_release_dir }}/crun"
+    sha256: "{{ crun_binary_checksum }}"
+    url: "{{ crun_download_url }}"
+    unarchive: false
+    owner: "root"
+    mode: "0755"
+    groups:
+    - k8s-cluster
+
   cilium:
     enabled: "{{ kube_network_plugin == 'cilium' or cilium_deploy_additionally | default(false) | bool }}"
     container: true