diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml
new file mode 100644
index 0000000..4150577
--- /dev/null
+++ b/.gitea/workflows/build.yaml
@@ -0,0 +1,54 @@
+name: Build and Push Image
+on:
+  push:
+    tags:
+    - '*'
+env:
+  REGISTRY: reg.cadoles.com
+
+jobs:
+  build:
+    name: Build and push image
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Login to Docker Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ${{ env.REGISTRY }}
+        username: ${{ secrets.REGISTRY_USERNAME }}
+        password: ${{ secrets.REGISTRY_TOKEN }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Docker meta base
+      id: metabase
+      uses: docker/metadata-action@v5
+      with:
+        images: |
+          reg.cadoles.com/cadoles/gotemplate
+        flavor: |
+          latest=auto
+        tags: |
+          type=schedule
+          type=ref,event=branch
+          type=ref,event=pr
+          type=ref,event=tag
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
+          type=semver,pattern={{major}}
+          type=sha,prefix=,suffix=
+
+    - name: Build and push
+      uses: docker/build-push-action@v6
+      with:
+        build-args: |
+          GOTEMPLATE_VERSION=3.12.0
+        context: ./misc/docker
+        push: ${{ github.event_name != 'pull_request' }}
+        tags: ${{ steps.metabase.outputs.tags }}
+        labels: ${{ steps.metabase.outputs.labels }}
diff --git a/README.md b/README.md
index e097d4e..b7cc446 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,3 @@
 # varnish-kustom
 
+Deploy a simple varnish server with kustomize
\ No newline at end of file
diff --git a/files/default.vcl b/files/default.vcl
new file mode 100644
index 0000000..1cb8790
--- /dev/null
+++ b/files/default.vcl
@@ -0,0 +1,6 @@
+vcl 4.0;
+
+backend default {
+  .host = "127.0.0.1";
+  .port = "8080";
+}
\ No newline at end of file
diff --git a/kustomization.yaml b/kustomization.yaml
new file mode 100644
index 0000000..10dfa43
--- /dev/null
+++ b/kustomization.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- resources/deployment.yaml
+- resources/svc.yaml
+
+configMapGenerator:
+- name: varnish-env
+  literals:
+  - VARNISH_SIZE=1G
+- name: varnish-config
+  files:
+  - files/default.vcl
diff --git a/misc/docker/Dockerfile b/misc/docker/Dockerfile
new file mode 100644
index 0000000..d468f70
--- /dev/null
+++ b/misc/docker/Dockerfile
@@ -0,0 +1,18 @@
+# Base image
+FROM golang AS builder
+
+# Set directory to known value
+WORKDIR /app
+# Define the version as a build argument
+ARG GOTEMPLATE_VERSION=3.12.0
+
+# Git clone the repo for gotemplate, checkout the desired tag, and build the executable
+RUN git clone https://github.com/coveooss/gotemplate.git . && \
+    git checkout v${GOTEMPLATE_VERSION} && \
+    CGO_ENABLED=0 go build
+
+FROM busybox
+
+COPY --from=builder /app/gotemplate /gotemplate
+
+ENTRYPOINT [ "/gotemplate" ]
\ No newline at end of file
diff --git a/resources/deployment.yaml b/resources/deployment.yaml
new file mode 100644
index 0000000..3ae5e80
--- /dev/null
+++ b/resources/deployment.yaml
@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: varnish
+  labels:
+    app: varnish
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: varnish
+  template:
+    metadata:
+      labels:
+        app: varnish
+    spec:
+      containers:
+      - name: varnish
+        image: reg.cadoles.com/dh/library/varnish:7.6.1-alpine
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: VARNISH_HTTP_PORT
+          value: "8080"
+        envFrom:
+        - configMapRef:
+            name: varnish-env
+        ports:
+        - containerPort: 8080
+        volumeMounts:
+        - mountPath: /etc/varnish/default.vcl
+          name: varnish-config
+          subPath: default.vcl
+        - mountPath: /var/lib/varnish/varnishd
+          name: varnish-lib
+        securityContext:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+          capabilities:
+            add: [ "IPC_LOCK" ]
+      volumes:
+      - name: varnish-config
+        configMap:
+          name: varnish-config
+          items:
+          - key: default.vcl
+            path: default.vcl
+      - name: varnish-lib
+        emptyDir:
+          sizeLimit: 1Gi
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        runAsNonRoot: true
diff --git a/resources/svc.yaml b/resources/svc.yaml
new file mode 100644
index 0000000..8e5047d
--- /dev/null
+++ b/resources/svc.yaml
@@ -0,0 +1,12 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: varnish
+spec:
+  selector:
+    app: varnish
+  ports:
+  - name: varnish-http
+    protocol: TCP
+    port: 8080
+    targetPort: 8080