diff --git a/deploy/kustomization.yaml b/deploy/kustomization.yaml
new file mode 100644
index 0000000..b75b06d
--- /dev/null
+++ b/deploy/kustomization.yaml
@@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: qemu-vms
+
+resources:
+- crds/vms-crd.yaml
+- vmop-cluster-role.yaml
+- vmop-service-account.yaml
+- vmop-role-binding.yaml
+- vmop-image-repository-pvc.yaml
+- vmop-config-map.yaml
+- vmop-deployment.yaml
\ No newline at end of file
diff --git a/deploy/vmop-cluster-role.yaml b/deploy/vmop-cluster-role.yaml
new file mode 100644
index 0000000..1b5b7bd
--- /dev/null
+++ b/deploy/vmop-cluster-role.yaml
@@ -0,0 +1,33 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: vm-operator
+  labels:
+    app.kubernetes.io/name: vm-operator
+rules:
+- apiGroups:
+  - vmoperator.jdrupes.org
+  resources:
+  - vms
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  resources:
+  - statefulsets
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - secrets
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - list
+  - delete
diff --git a/deploy/vmop-config-map.yaml b/deploy/vmop-config-map.yaml
new file mode 100644
index 0000000..ddeb9d9
--- /dev/null
+++ b/deploy/vmop-config-map.yaml
@@ -0,0 +1,22 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vm-operator
+  labels:
+    app.kubernetes.io/name: vm-operator
+
+data:
+  config.yaml: |
+    "/Manager": {}
+
+  logging.properties: |
+    handlers=java.util.logging.ConsoleHandler
+    
+    org.jgrapes.level=FINE
+    org.jgrapes.core.handlerTracking.level=FINER
+
+    org.jdrupes.vmoperator.manager.level=FINE
+    
+    java.util.logging.ConsoleHandler.level=ALL
+    java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
+    java.util.logging.SimpleFormatter.format=%1$tb %1$td %1$tT %4$s %5$s%6$s%n
diff --git a/deploy/vmop-deployment.yaml b/deploy/vmop-deployment.yaml
new file mode 100644
index 0000000..34903e4
--- /dev/null
+++ b/deploy/vmop-deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: vm-operator
+  labels:
+    app.kubernetes.io/name: vm-operator
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: vm-operator
+      app.kubernetes.io/component: manager
+  template:
+    metadata:
+      name: vm-operator
+      namespace: qemu-vms
+      labels:
+        app.kubernetes.io/name: vm-operator
+        app.kubernetes.io/component: manager
+    spec:
+      containers:
+        - name: vm-operator
+          image: >-
+            docker-registry.lan.mnl.de/vmoperator/org.jdrupes.vmoperator.manager:latest
+          volumeMounts:
+            - name: config
+              mountPath: /etc/opt/vmoperator
+            - name: vmop-image-repository
+              mountPath: /var/local/vmop-image-repository
+          imagePullPolicy: Always
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
+      volumes:
+      - name: config
+        configMap:
+          name: vm-operator
+      - name: vmop-image-repository
+        persistentVolumeClaim:
+          claimName: vmop-image-repository
+      nodeSelector:
+        kubernetes.io/os: linux
+      serviceAccountName: vm-operator
+      serviceAccount: vm-operator
+      securityContext:
+        runAsUser: 65534
+        runAsNonRoot: true
diff --git a/deploy/vmop-image-repository-pvc.yaml b/deploy/vmop-image-repository-pvc.yaml
new file mode 100644
index 0000000..ec9443e
--- /dev/null
+++ b/deploy/vmop-image-repository-pvc.yaml
@@ -0,0 +1,13 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: vmop-image-repository
+  labels:
+    app.kubernetes.io/name: vm-operator
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+  volumeMode: Filesystem
diff --git a/deploy/vmop-role-binding.yaml b/deploy/vmop-role-binding.yaml
new file mode 100644
index 0000000..aa570d8
--- /dev/null
+++ b/deploy/vmop-role-binding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: vm-operator
+  labels:
+    app.kubernetes.io/name: vm-operator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: vm-operator
+subjects:
+- kind: ServiceAccount
+  name: vm-operator
diff --git a/deploy/vmop-service-account.yaml b/deploy/vmop-service-account.yaml
new file mode 100644
index 0000000..fde5b24
--- /dev/null
+++ b/deploy/vmop-service-account.yaml
@@ -0,0 +1,6 @@
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: vm-operator
+  labels:
+    app.kubernetes.io/name: vm-operator