diff --git a/k8s/apps/amnezia/fellow-deployment.yaml b/k8s/apps/amnezia/fellow-deployment.yaml
new file mode 100644
index 0000000..873ffa4
--- /dev/null
+++ b/k8s/apps/amnezia/fellow-deployment.yaml
@@ -0,0 +1,74 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: amnezia-fellow
+  labels:
+    app: amnezia-fellow
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: amnezia-fellow
+  template:
+    metadata:
+      labels:
+        app: amnezia-fellow
+    spec:
+      serviceAccountName: amnezia-fellow
+      containers:
+        - name: amnezia-fellow
+          image: ultradesu/amnezia-fellow:latest
+          imagePullPolicy: Always
+          args:
+            - "--listen"
+            - "0.0.0.0:8000"
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+          env:
+            - name: AMNEZIA_FELLOW_DATABASE_URL
+              value: "sqlite:///data/amnezia-fellow.sqlite3?mode=rwc"
+            - name: AMNEZIA_FELLOW_K8S_NAMESPACE
+              value: "amnezia"
+            - name: AMNEZIA_FELLOW_K8S_CLIENTS_SECRET
+              value: "amneziawg-clients"
+            - name: AMNEZIA_FELLOW_K8S_CLIENTS_SECRET_KEY
+              value: "peers.conf"
+            - name: AMNEZIA_FELLOW_K8S_SERVER_SECRET
+              value: "amneziawg-server"
+            - name: AMNEZIA_FELLOW_K8S_ENDPOINTS_SECRET
+              value: "amneziawg-endpoints"
+            - name: AMNEZIA_FELLOW_VPN_CLIENT_CIDR
+              value: "10.8.0.0/16"
+            - name: AMNEZIA_FELLOW_VPN_MTU
+              value: "1376"
+          readinessProbe:
+            tcpSocket:
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 3
+          livenessProbe:
+            tcpSocket:
+              port: http
+            initialDelaySeconds: 30
+            periodSeconds: 30
+            timeoutSeconds: 5
+          resources:
+            requests:
+              cpu: "50m"
+              memory: "128Mi"
+            limits:
+              cpu: "500m"
+              memory: "512Mi"
+          volumeMounts:
+            - name: data
+              mountPath: /data
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: amnezia-fellow-data
diff --git a/k8s/apps/amnezia/fellow-ingress.yaml b/k8s/apps/amnezia/fellow-ingress.yaml
new file mode 100644
index 0000000..082f7ab
--- /dev/null
+++ b/k8s/apps/amnezia/fellow-ingress.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: amnezia-fellow-tls-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-https-redirect@kubernetescrd
+    acme.cert-manager.io/http01-edit-in-place: "true"
+spec:
+  ingressClassName: traefik
+  rules:
+    - host: awg.hexor.cy
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: amnezia-fellow
+                port:
+                  number: 8000
+  tls:
+    - secretName: amnezia-fellow-tls
+      hosts:
+        - awg.hexor.cy
diff --git a/k8s/apps/amnezia/fellow-rbac.yaml b/k8s/apps/amnezia/fellow-rbac.yaml
new file mode 100644
index 0000000..67e1469
--- /dev/null
+++ b/k8s/apps/amnezia/fellow-rbac.yaml
@@ -0,0 +1,35 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: amnezia-fellow
+  labels:
+    app: amnezia-fellow
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: amnezia-fellow
+  labels:
+    app: amnezia-fellow
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create", "update", "patch"]
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: amnezia-fellow
+  labels:
+    app: amnezia-fellow
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: amnezia-fellow
+subjects:
+  - kind: ServiceAccount
+    name: amnezia-fellow
diff --git a/k8s/apps/amnezia/fellow-service.yaml b/k8s/apps/amnezia/fellow-service.yaml
new file mode 100644
index 0000000..5421697
--- /dev/null
+++ b/k8s/apps/amnezia/fellow-service.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: amnezia-fellow
+  labels:
+    app: amnezia-fellow
+spec:
+  type: ClusterIP
+  selector:
+    app: amnezia-fellow
+  ports:
+    - name: http
+      protocol: TCP
+      port: 8000
+      targetPort: 8000
diff --git a/k8s/apps/amnezia/fellow-storage.yaml b/k8s/apps/amnezia/fellow-storage.yaml
new file mode 100644
index 0000000..cdecc70
--- /dev/null
+++ b/k8s/apps/amnezia/fellow-storage.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: amnezia-fellow-data
+  labels:
+    app: amnezia-fellow
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: longhorn
+  resources:
+    requests:
+      storage: 3Gi
diff --git a/k8s/apps/amnezia/kustomization.yaml b/k8s/apps/amnezia/kustomization.yaml
index 34e8eef..347f8dc 100644
--- a/k8s/apps/amnezia/kustomization.yaml
+++ b/k8s/apps/amnezia/kustomization.yaml
@@ -7,4 +7,9 @@ resources:
   - external-secrets.yaml
   - configmap-scripts.yaml
   - rbac.yaml
+  - fellow-rbac.yaml
+  - fellow-storage.yaml
+  - fellow-service.yaml
+  - fellow-ingress.yaml
+  - fellow-deployment.yaml
   - daemonset.yaml