diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..836eb3558
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,11 @@
+FROM openjdk:17.0.1-slim
+WORKDIR /opt
+ENV PORT 8080
+ENV POSTGRES_USER petclinic
+ENV POSTGRES_PASSWORD petclinic
+ENV POSTGRES_URL jdbc:postgresql://postgres/petclinic
+ENV JAVA_OPTS "-Dspring.profiles.active=postgres -Xmx2g"
+EXPOSE 8080
+COPY target/*.jar /opt/app.jar
+ENV JAVA_TOOL_OPTIONS $CONTRAST_OPTS -Dcontrast.application.group=craft.petclinic
+ENTRYPOINT exec java $JAVA_OPTS -jar app.jar
diff --git a/Makefile b/Makefile
new file mode 100644
index 000000000..0f265a4fa
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,51 @@
+.SILENT: validate docker cluster
+validate:
+	test -n "$$EMAIL" || (echo "EMAIL is not set. Please set it first."; exit 1)
+	if ! command which envsubst &> /dev/null; then \
+		echo "gettext is not installed. Please install it first."; \
+		exit 1; \
+	fi
+	if ! command which minikube &> /dev/null; then \
+		echo "minikube is not installed. Please install it first."; \
+		exit 1; \
+	fi
+	if ! command which kubectl &> /dev/null; then \
+		echo "kubectl is not installed. Please install it first."; \
+		exit 1; \
+	fi
+	if ! command which docker &> /dev/null; then \
+		echo "docker is not installed. Please install it first."; \
+		exit 1; \
+	fi
+	if ! command which md5sum &> /dev/null; then \
+		echo "md5sum is not installed. Please install it first."; \
+		exit 1; \
+	fi
+	if ! command which mvn &> /dev/null; then \
+		echo "maven is not installed. Please install it first."; \
+		exit 1; \
+	fi
+
+docker: validate
+	if ! command docker info &> /dev/null; then \
+		echo "docker is not running. Please make sure docker is running."; \
+		exit 1; \
+	fi
+
+cluster: docker
+	if ! command minikube status &> /dev/null; then \
+		minikube config set memory 4096; \
+		minikube start --driver=docker; \
+	fi \
+
+build: cluster
+	mvn install
+	minikube image build -t petclinic:latest .
+
+deploy: build
+	export RANDOM_PART=${EMAIL}_$$(hostname | md5sum | cut -c1-30) && \
+	minikube kubectl -- apply -f kube/postgresql.yaml && \
+	envsubst < kube/petclinic.yaml | minikube kubectl -- apply -f -
+
+undeploy:
+	minikube kubectl -- delete -f kube/
\ No newline at end of file
diff --git a/config/contrast_security.yaml b/config/contrast_security.yaml
new file mode 100644
index 000000000..4db9935a5
--- /dev/null
+++ b/config/contrast_security.yaml
@@ -0,0 +1,6 @@
+agent:
+  java:
+    scan_all_classes: false
+    scan_all_code_sources: false
+  logger:
+    stdout: true
diff --git a/kube/petclinic.yaml b/kube/petclinic.yaml
new file mode 100644
index 000000000..9331c117a
--- /dev/null
+++ b/kube/petclinic.yaml
@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: petclinic
+spec:
+  selector:
+    app: petclinic
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
+  type: LoadBalancer
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: petclinic
+  labels:
+    app: petclinic
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: petclinic
+  template:
+    metadata:
+      labels:
+        app: petclinic
+    spec:
+      containers:
+        - name: app
+          image: docker.io/library/petclinic:latest
+          resources:
+            limits:
+              memory: "512Mi"
+              cpu: "500m"
+          ports:
+            - containerPort: 8080
+          env:
+            - name: CONTRAST__APPLICATION__NAME
+              value: "petclinic_$RANDOM_PART"
+            - name: CONTRAST__APPLICATION__LANGUAGE
+              value: "java"
+            - name: CONTRAST__API__URL
+              value: "https://intuit.contrastsecurity.com/Contrast"
+            - name: CONTRAST__API__API_KEY
+              value: "$CONTRAST__API__API_KEY"
+            - name: CONTRAST__API__SERVICE_KEY
+              value: "$CONTRAST__API__SERVICE_KEY"
+            - name: CONTRAST__API__USER_NAME
+              value: "$CONTRAST__API__USER_NAME"
+            - name: POSTGRES_URL
+              value: "jdbc:postgresql://postgresql/petclinic"
+            - name: POSTGRES_USER
+              value: "petclinic"
+            - name: POSTGRES_PASSWORD
+              value: "petclinic"
+          imagePullPolicy: IfNotPresent
diff --git a/kube/postgresql.yaml b/kube/postgresql.yaml
new file mode 100644
index 000000000..6757353ae
--- /dev/null
+++ b/kube/postgresql.yaml
@@ -0,0 +1,66 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: postgresql-pvc
+spec:
+  resources:
+    requests:
+      storage: 256Mi
+  accessModes:
+    - ReadWriteOnce
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: postgresql
+spec:
+  selector:
+    app: postgresql
+  ports:
+    - protocol: TCP
+      port: 5432
+      targetPort: 5432
+  type: ClusterIP
+
+---
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: postgresql
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: postgresql
+  template:
+    metadata:
+      labels:
+        app: postgresql
+    spec:
+      containers:
+        - name: postgres
+          image: postgres:15.2
+          resources:
+            limits:
+              memory: "512Mi"
+              cpu: "500m"
+          env:
+            - name: POSTGRES_DB
+              value: "petclinic"
+            - name: POSTGRES_USER
+              value: "petclinic"
+            - name: POSTGRES_PASSWORD
+              value: "petclinic"
+          ports:
+            - containerPort: 5432
+          volumeMounts:
+            - name: storage
+              mountPath: /data/db
+          imagePullPolicy: Always
+      volumes:
+        - name: storage
+          persistentVolumeClaim:
+            claimName: postgresql-pvc