diff --git a/.woodpecker.yml b/.woodpecker.yml
new file mode 100644
index 0000000..f99c874
--- /dev/null
+++ b/.woodpecker.yml
@@ -0,0 +1,30 @@
+steps:
+  build:
+    image: plugins/kaniko
+    settings:
+      repo: ${FORGE_NAME}/${CI_REPO}
+      registry: 
+        from_secret: container_registry
+      tags: latest,${CI_COMMIT_SHA}
+      username: 
+        from_secret: container_registry_username
+      password: 
+        from_secret: container_registry_password
+      
+      dockerfile: Dockerfile
+    when:
+      - event: [push,tag]
+
+  deploy:
+    image: portainer/kubectl-shell:latest
+    environment:
+      KUBE_CONFIG_CONTENT:
+        from_secret: kube_config
+    commands:
+      - export IMAGE_TAG=$CI_COMMIT_SHA
+      - printf "$KUBE_CONFIG_CONTENT" > /tmp/kubeconfig
+      - export KUBECONFIG=/tmp/kubeconfig
+      - ./deployment/deploy.sh
+    when:
+      - event: [push,tag]
+
diff --git a/deployment/deploy-yml.tmpl b/deployment/deploy-yml.tmpl
new file mode 100644
index 0000000..0321920
--- /dev/null
+++ b/deployment/deploy-yml.tmpl
@@ -0,0 +1,61 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: exim-forwarder-config
+data:
+  domains: |
+    mainscnt.eu
+  addresses: |
+    wn@mainscnt.eu: wolfgang.hottgenroth@icloud.com
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: exim-forwarder
+  annotations:
+    configmap.reloader.stakater.com/reload: "exim-forwarder-config"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: exim-forwarder
+  template:
+    metadata:
+      labels:
+        app: exim-forwarder
+    spec:
+      containers:
+        - name: exim-forwarder
+          image: %IMAGE%
+          ports:
+            - name: smtp
+              containerPort: 25
+              protocol: TCP
+          volumeMounts:
+            - name: exim-config
+              mountPath: /etc/exim
+              readOnly: true
+      volumes:
+        - name: exim-config
+          configMap:
+            name: exim-forwarder-config
+            items:
+              - key: domains
+                path: forward_domains
+              - key: addresses
+                path: forward_addresses
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: exim-forwarder
+spec:
+  type: LoadBalancer
+  selector:
+    app: exim-forwarder
+  ports:
+    - name: smtp
+      port: 25
+      targetPort: 25
+      protocol: TCP
+
diff --git a/deployment/deploy.sh b/deployment/deploy.sh
new file mode 100755
index 0000000..58a326b
--- /dev/null
+++ b/deployment/deploy.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+
+if [ "$IMAGE_TAG" == "" ]; then
+  echo "Make sure IMAGE_TAG is set"
+  exit 1
+fi
+
+
+IMAGE_NAME=gitea.hottis.de/deployments/exim-forwarder
+NAMESPACE=forwarder
+DEPLOYMENT_DIR=$PWD/deployment
+
+pushd $DEPLOYMENT_DIR > /dev/null
+
+kubectl create namespace $NAMESPACE \
+  --dry-run=client \
+  -o yaml | \
+  kubectl -f - apply
+
+
+cat $DEPLOYMENT_DIR/deploy-yml.tmpl | \
+  sed -e 's,%IMAGE%,'$IMAGE_NAME':'$IMAGE_TAG','g | \
+  kubectl apply -f - -n $NAMESPACE
+
+popd > /dev/null
+