diff --git a/freescout/application.yml b/freescout/application.yml
index d89cb6e..887115f 100644
--- a/freescout/application.yml
+++ b/freescout/application.yml
@@ -1,4 +1,133 @@
 ---
+apiVersion: codemowers.io/v1alpha1
+kind: OIDCGWMiddlewareClient
+metadata:
+  name: freescout
+spec:
+  displayName: Freescout Middleware
+  uri: 'https://freescout.k-space.ee'
+  allowedGroups:
+    - k-space:floor
+  headerMapping:
+    email: Remote-Email
+    groups: Remote-Groups
+    name: Remote-Name
+    user: Remote-User
+---
+apiVersion: codemowers.io/v1alpha1
+kind: OIDCGWClient
+metadata:
+  name: freescout
+spec:
+  displayName: Freescout
+  uri: https://freescout.k-space.ee
+  redirectUris:
+    - https://freescout.k-space.ee/oauth_callback
+  allowedGroups:
+    - k-space:floor
+  grantTypes:
+    - authorization_code
+    - refresh_token
+  responseTypes:
+    - code
+  availableScopes:
+    - openid
+    - profile
+  pkce: false
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: oidc-gateway
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+    external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
+    traefik.ingress.kubernetes.io/router.middlewares: freescout-freescout@kubernetescrd
+spec:
+  rules:
+    - host: freescout.k-space.ee
+      http:
+        paths:
+          - pathType: Prefix
+            path: "/"
+            backend:
+              service:
+                name: freescout
+                port:
+                  number: 80
+  tls:
+    - hosts:
+        - "*.k-space.ee"
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: freescout
+spec:
+  type: ClusterIP
+  selector:
+    app: freescout
+  ports:
+    - protocol: TCP
+      port: 80
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: freescout
+  labels:
+    app: freescout
+spec:
+  selector:
+    matchLabels:
+      app: freescout
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: freescout
+    spec:
+      containers:
+        - name: oidc-gateway
+          image: harbor.k-space.ee/k-space/freescout
+          ports:
+            - containerPort: 80
+          env:
+            - name: ENABLE_AUTO_UPDATE
+              value: 'false'
+            - name: DISPLAY_ERRORS
+              value: 'true'
+            - name: SITE_URL
+              value: 'https://freescout.k-space.ee'
+            - name: DB_HOST
+              value: mariadb.infra.k-space.ee
+            - name: DB_PORT
+              value: "3306"
+            - name: DB_NAME
+              value: kspace_freescout
+            - name: DB_USER
+              value: kspace_freescout
+            - name: ADMIN_EMAIL
+              value: lauri@k-space.ee
+            - name: ADMIN_PASS
+              value: Salakala1!
+            - name: TIMEZONE
+              value: Europe/Tallinn
+            - name: DB_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: freescout-secrets
+                  key: DB_PASS
+          volumeMounts:
+          - mountPath: /www/html/Modules
+            name: modules
+      volumes:
+      - name: modules
+        emptyDir:
+          sizeLimit: 500Mi
+---
 apiVersion: monitoring.coreos.com/v1
 kind: PrometheusRule
 metadata: