diff --git a/Unifi-Controller/kubernetes/README.md b/Unifi-Controller/kubernetes/README.md
new file mode 100644
index 0000000..9a64543
--- /dev/null
+++ b/Unifi-Controller/kubernetes/README.md
@@ -0,0 +1,14 @@
+# Deployment
+
+You can't just deploy the whole folder. You have to apply the files in the following order:
+
+1. Create the namespace and the secrets using ´kubectl apply -f namespaceAndSecret.yaml ´
+2. Apply the init-script using ´kubectl create configmap create-db-configmap --from-file=init-mongo.js --namespace unifi-controller´
+3. Create two persistent volumes and two persistent volume claims in Longhorn
+
+- unifi-db
+- unifi-config
+
+4. Deploy the pod and the service using ´kubectl apply -f deployment.yaml ´
+5. If you want to access the GUI via Traefik you can add an ingress using ´kubectl apply -f ingress.yaml ´
+6. Check if the MongoDB Container is running and delete the configmap ´create-db-configmap´ for security reasons
diff --git a/Unifi-Controller/kubernetes/deployment.yaml b/Unifi-Controller/kubernetes/deployment.yaml
new file mode 100644
index 0000000..2bcdfc3
--- /dev/null
+++ b/Unifi-Controller/kubernetes/deployment.yaml
@@ -0,0 +1,164 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: unifi-controller
+    app.kubernetes.io/instance: unifi-controller
+  name: unifi-controller
+  namespace: unifi-controller
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      app: unifi-controller
+  template:
+    metadata:
+      labels:
+        app: unifi-controller
+    spec:
+      nodeSelector:
+        worker: "true"
+      containers:
+        - image: docker.io/mongo:7.0
+          imagePullPolicy: IfNotPresent
+          name: unifi-db
+          args: ["--dbpath", "/data/db"]
+          livenessProbe:
+            exec:
+              command:
+                - mongo
+                - --disableImplicitSessions
+                - --eval
+                - "db.adminCommand('ping')"
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 6
+          readinessProbe:
+            exec:
+              command:
+                - mongo
+                - --disableImplicitSessions
+                - --eval
+                - "db.adminCommand('ping')"
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 6
+          ports:
+            - containerPort: 27017
+              name: mongo
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /data/db
+              name: unifi-db
+            - name: "init-database"
+              mountPath: "/docker-entrypoint-initdb.d/"
+        - image: lscr.io/linuxserver/unifi-network-application:8.1.113-ls36
+          imagePullPolicy: IfNotPresent
+          name: unifi-controller
+          envFrom:
+            - secretRef:
+                name: unifi-env
+          env:
+            - name: MONGO_HOST
+              value: "localhost"
+            - name: MONGO_PORT
+              value: "27017"
+          volumeMounts:
+            - mountPath: /config
+              name: unifi-config
+          ports:
+            - containerPort: 8443
+              name: web
+              protocol: TCP
+            - containerPort: 3478
+              name: stun
+              protocol: UDP
+            - containerPort: 1001
+              name: discovery
+              protocol: UDP
+            - containerPort: 8080
+              name: communication
+              protocol: TCP
+          resources:
+            limits:
+              cpu: 2
+              memory: 1Gi
+            requests:
+              cpu: 200m
+              memory: 256Mi
+          livenessProbe:
+            tcpSocket:
+              port: communication
+            initialDelaySeconds: 60
+            periodSeconds: 10
+          readinessProbe:
+            httpGet:
+              scheme: HTTPS
+              path: /
+              port: web
+            initialDelaySeconds: 30
+            periodSeconds: 10
+      volumes:
+        - name: unifi-db
+          persistentVolumeClaim:
+            claimName: unifi-db
+        - name: unifi-config
+          persistentVolumeClaim:
+            claimName: unifi-config
+        - name: "init-database"
+          configMap:
+            name: create-db-configmap
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: unifi-tcp
+  namespace: unifi-controller
+  annotations:
+    metallb.universe.tf/allow-shared-ip: unifi-controller
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.122.0.65 # MUST match loadBalancerIP of the other service. Choose a availible IP in your MetalLB Range
+  ports:
+    - name: web
+      protocol: TCP
+      port: 8443
+      targetPort: 8443
+    - name: communication
+      protocol: TCP
+      port: 8080
+      targetPort: 8080
+  selector:
+    app: unifi-controller
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: unifi-udp
+  namespace: unifi-controller
+  annotations:
+    metallb.universe.tf/allow-shared-ip: unifi-controller
+spec:
+  type: LoadBalancer
+  loadBalancerIP: 10.122.0.65 # MUST match loadBalancerIP of the other service. Choose a availible IP in your MetalLB Range
+  ports:
+    - name: stun
+      protocol: UDP
+      port: 3478
+      targetPort: 3478
+    - name: discovery
+      protocol: UDP
+      port: 10001
+      targetPort: 10001
+  selector:
+    app: unifi-controller
diff --git a/Unifi-Controller/kubernetes/ingress.yaml b/Unifi-Controller/kubernetes/ingress.yaml
new file mode 100644
index 0000000..171cf64
--- /dev/null
+++ b/Unifi-Controller/kubernetes/ingress.yaml
@@ -0,0 +1,39 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: default-headers
+  namespace: unifi-controller
+spec:
+  headers:
+    browserXssFilter: true
+    contentTypeNosniff: true
+    forceSTSHeader: true
+    stsIncludeSubdomains: true
+    stsPreload: true
+    stsSeconds: 15552000
+    customFrameOptionsValue: SAMEORIGIN
+    customRequestHeaders:
+      X-Forwarded-Proto: https
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: unifi-controller
+  namespace: unifi-controller
+  annotations:
+    kubernetes.io/ingress.class: traefik-external
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`unifi.yourdomain.com`) # change to your domain
+      kind: Rule
+      services:
+        - name: unifi-tcp
+          port: 8443
+          scheme: https
+      middlewares:
+        - name: default-headers
+  tls:
+    secretName: ffth-tls # change to your cert name
diff --git a/Unifi-Controller/kubernetes/init-mongo.js b/Unifi-Controller/kubernetes/init-mongo.js
new file mode 100644
index 0000000..a278b10
--- /dev/null
+++ b/Unifi-Controller/kubernetes/init-mongo.js
@@ -0,0 +1,10 @@
+db.getSiblingDB("unifi").createUser({
+  user: "unifi",
+  pwd: "5nHgg3G0cH9d",
+  roles: [{ role: "dbOwner", db: "unifi" }],
+});
+db.getSiblingDB("unifi_stat").createUser({
+  user: "unifi",
+  pwd: "5nHgg3G0cH9d",
+  roles: [{ role: "dbOwner", db: "unifi_stat" }],
+});
diff --git a/Unifi-Controller/kubernetes/namespaceAndSecret.yaml b/Unifi-Controller/kubernetes/namespaceAndSecret.yaml
new file mode 100644
index 0000000..1f8492d
--- /dev/null
+++ b/Unifi-Controller/kubernetes/namespaceAndSecret.yaml
@@ -0,0 +1,19 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: unifi-controller
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: unifi-env
+  namespace: unifi-controller
+type: Opaque
+stringData:
+  PUID: "1000"
+  PGID: "1000"
+  TZ: "Europe/London"
+  MONGO_USER: "unifi"
+  MONGO_PASS: "5nHgg3G0cH9d"
+  MONGO_DBNAME: unifi