diff --git a/hedgedoc/manifests/app.yml b/hedgedoc/manifests/app.yml
new file mode 100644
index 0000000000000000000000000000000000000000..7d2d3fdae84b10439855c1dc8dc0996eb4b7aa3e
--- /dev/null
+++ b/hedgedoc/manifests/app.yml
@@ -0,0 +1,146 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: hedgedoc
+ app.kubernetes.io/part-of: hedgedoc
+ name: ${FQDN}-app
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: hedgedoc
+ app.kubernetes.io/part-of: hedgedoc
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: hedgedoc
+ app.kubernetes.io/part-of: hedgedoc
+ spec:
+ volumes:
+ containers:
+ - env:
+ - name: CMD_DB_URL
+ valueFrom:
+ secretKeyRef:
+ key: postgresql-url
+ name: ${FQDN}
+ - name: CMD_SESSION_SECRET
+ valueFrom:
+ secretKeyRef:
+ key: session
+ name: ${FQDN}
+ - name: CMD_MINIO_ACCESS_KEY
+ valueFrom:
+ secretKeyRef:
+ key: AWS_ACCESS_KEY_ID
+ name: ${FQDN}-s3
+ - name: CMD_MINIO_SECRET_KEY
+ valueFrom:
+ secretKeyRef:
+ key: AWS_SECRET_ACCESS_KEY
+ name: ${FQDN}-s3
+{{if .ConfigureOAuth}}
+ - name: CMD_OAUTH2_CLIENT_ID
+ valueFrom:
+ secretKeyRef:
+ key: client-id
+ name: ${FQDN}-oidc
+ - name: CMD_OAUTH2_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ key: client-secret
+ name: ${FQDN}-oidc
+{{end}}
+ envFrom:
+ - configMapRef:
+ name: ${FQDN}-config
+ image: indiehosters/codimd:1.6.0
+ imagePullPolicy: IfNotPresent
+ name: hedgedoc
+ ports:
+ - containerPort: 3000
+ name: http
+ protocol: TCP
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: hedgedoc
+ app.kubernetes.io/part-of: hedgedoc
+ name: ${FQDN}-app
+ namespace: ${DOMAIN}
+spec:
+ ports:
+ - name: http
+ port: 3000
+ protocol: TCP
+ targetPort: http
+ selector:
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: hedgedoc
+ app.kubernetes.io/part-of: hedgedoc
+ type: ClusterIP
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ annotations:
+ kubernetes.io/tls-acme: "true"
+ labels:
+ app.kubernetes.io/component: app
+ app.kubernetes.io/instance: ${FQDN}
+ app.kubernetes.io/name: hedgedoc
+ app.kubernetes.io/part-of: hedgedoc
+ name: ${FQDN}-app
+ namespace: ${DOMAIN}
+spec:
+ rules:
+ - host: ${FQDN_DOTS}
+ http:
+ paths:
+ - backend:
+ serviceName: ${FQDN}-app
+ servicePort: http
+ path: /
+ tls:
+ - hosts:
+ - ${FQDN_DOTS}
+ secretName: ${FQDN}-tls
+---
+kind: ConfigMap
+metadata:
+ name: ${FQDN}-config
+apiVersion: v1
+data:
+{{ if .ConfigureOAuth }}
+ CMD_OAUTH2_USER_PROFILE_URL: https://id.indie.host/auth/realms/${DOMAIN}/protocol/openid-connect/userinfo
+ CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR: preferred_username
+ CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR: name
+ CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR: email
+ CMD_OAUTH2_TOKEN_URL: https://id.indie.host/auth/realms/${DOMAIN}/protocol/openid-connect/token
+ CMD_OAUTH2_AUTHORIZATION_URL: https://id.indie.host/auth/realms/${DOMAIN}/protocol/openid-connect/auth
+ CMD_OAUTH2_PROVIDERNAME: Liiibre
+{{ end }}
+ CMD_IMAGE_UPLOAD_TYPE: minio
+ CMD_S3_REGION: default
+ CMD_S3_BUCKET: ${FQDN}
+ CMD_MINIO_ENDPOINT: "s3.standard.indie.host"
+ CMD_PROTOCOL_USESSL: "true"
+ CMD_URL_ADDPORT: "false"
+ CMD_ALLOW_FREEURL: "true"
+ CMD_MINIO_PORT: "443"
+ CMD_MINIO_SECURE: "true"
+ CMD_USECDN: "false"
+ CMD_DOMAIN: ${FQDN_DOTS}
+ DB_TYPE: postgres
\ No newline at end of file