diff --git a/kustomization.yaml b/kustomization.yaml
index aa8cbeb..e7cc445 100644
--- a/kustomization.yaml
+++ b/kustomization.yaml
@@ -4,6 +4,7 @@ kind: Kustomization
 resources:
   - ./resources/hydra
   - ./resources/hydra-dispatcher
+  - ./resources/hydra-maester
 
 components:
   - ./components/hydra-cnpg-database
diff --git a/resources/hydra-maester/kustomization.yaml b/resources/hydra-maester/kustomization.yaml
new file mode 100644
index 0000000..ed75c21
--- /dev/null
+++ b/resources/hydra-maester/kustomization.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - ./resources/hydra-maester-deployment.yaml
+  - ./resources/hydra-maester-rbac.yaml
+
+configMapGenerator:
+  - name: hydra-maester-env
+    literals:
+      - APP_ENV=prod
+      - APP_DEBUG=false
+      - HYDRA_ADMIN_BASE_URL=http://hydra
+      - HYDRA_ADMIN_PORT=4445
\ No newline at end of file
diff --git a/resources/hydra-maester/resources/hydra-maester-deployment.yaml b/resources/hydra-maester/resources/hydra-maester-deployment.yaml
new file mode 100644
index 0000000..73da4e6
--- /dev/null
+++ b/resources/hydra-maester/resources/hydra-maester-deployment.yaml
@@ -0,0 +1,53 @@
+---
+# Source: hydra/charts/hydra-maester/templates/deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: hydra-maester
+  labels:
+    app.kubernetes.io/name: hydra-maester
+    app.kubernetes.io/instance: hydra-master
+    app.kubernetes.io/version: "v0.0.23"
+spec:
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      control-plane: controller-manager
+      app.kubernetes.io/name: hydra-maester
+      app.kubernetes.io/instance: hydra
+  template:
+    metadata:
+      labels:
+        control-plane: controller-manager
+        app.kubernetes.io/name: hydra-maester
+        app.kubernetes.io/instance: hydra
+      annotations:
+    spec:
+      containers:
+        - name: hydra-maester
+          image: reg.cadoles.com/proxy_cache/oryd/hydra-maester:v0.0.25
+          imagePullPolicy: IfNotPresent
+          command:
+            - /manager
+          args:
+            - --metrics-addr=127.0.0.1:8080
+            - --hydra-url=${HYDRA_ADMIN_BASE_URL}
+            - --hydra-port=${HYDRA_ADMIN_PORT}
+            - --endpoint=/admin/clients
+          resources:
+            {}
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+      serviceAccountName: hydra-maester-account
+      automountServiceAccountToken: true
+      nodeSelector:
diff --git a/resources/hydra-maester/resources/hydra-maester-rbac.yaml b/resources/hydra-maester/resources/hydra-maester-rbac.yaml
new file mode 100644
index 0000000..f2fa198
--- /dev/null
+++ b/resources/hydra-maester/resources/hydra-maester-rbac.yaml
@@ -0,0 +1,63 @@
+---
+# Source: hydra/charts/hydra-maester/templates/rbac.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: hydra-maester-account
+  namespace:  hydra
+---
+# Source: hydra/charts/hydra-maester/templates/rbac.yaml
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hydra-maester-role
+rules:
+  - apiGroups: ["hydra.ory.sh"]
+    resources: ["oauth2clients", "oauth2clients/status"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["list", "watch", "create"]
+---
+# Source: hydra/charts/hydra-maester/templates/rbac.yaml
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hydra-maester-role-binding
+subjects:
+  - kind: ServiceAccount
+    name: hydra-maester-account # Service account assigned to the controller pod.
+    namespace:  hydra
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: hydra-maester-role
+---
+# Source: hydra/charts/hydra-maester/templates/rbac.yaml
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hydra-maester-role
+  namespace:  hydra
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch", "create"]
+  - apiGroups: ["hydra.ory.sh"]
+    resources: ["oauth2clients", "oauth2clients/status"]
+    verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+---
+# Source: hydra/charts/hydra-maester/templates/rbac.yaml
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: hydra-maester-role-binding
+  namespace:  hydra
+subjects:
+  - kind: ServiceAccount
+    name: hydra-maester-account # Service account assigned to the controller pod.
+    namespace:  hydra
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: hydra-maester-role