diff --git a/kubernetes/gitea-server-statefulset.yaml b/kubernetes/gitea-server-statefulset.yaml
new file mode 100644
index 0000000..97f843f
--- /dev/null
+++ b/kubernetes/gitea-server-statefulset.yaml
@@ -0,0 +1,103 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: gitea-server
+  labels:
+    app: gitea
+spec:
+  serviceName: gitea-server
+  updateStrategy:
+    type: RollingUpdate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea
+  template:
+    metadata:
+      labels:
+        name: gitea-server
+        app: gitea
+    spec:
+      initContainers:
+        - name: init-config
+          # This is a busybox image with our gitea customizations saved to
+          # /custom, built using ./script/build_customizations_image from the
+          # root of the repo
+          image: eu.gcr.io/fluted-magpie-218106/gitea_custom:0.1.2
+          command: [
+            'sh', '-c',
+            'mkdir -p /data/gitea/conf && mkdir -p /data/gitea/https && cp /root/conf/app.ini /data/gitea/conf/app.ini && chown 1000:1000 /data/gitea/conf/app.ini && chmod 660 /data/gitea/conf/app.ini && cp /root/conf/*.pem /data/gitea/https && chmod 600 /data/gitea/https/*.pem && cp -R /custom/* /data/gitea && chown -R 1000:1000 /data/gitea'
+          ]
+          volumeMounts:
+          - mountPath: /data
+            name: gitea-server-data
+          - mountPath: /root/conf
+            name: config
+      containers:
+      - name: gitea-server
+        image: gitea/gitea:1.10.1
+        ports:
+        - containerPort: 3000
+        - containerPort: 3001
+        - containerPort: 22
+        volumeMounts:
+        - mountPath: /data
+          name: gitea-server-data
+        resources:
+          requests:
+            cpu: 150m
+            memory: 256Mi
+          limits:
+            cpu: 250m
+            memory: 512Mi
+      restartPolicy: Always
+      volumes:
+      - name: config
+        secret:
+          secretName: gitea-config
+          items:
+            - key: app.ini
+              path: app.ini
+              mode: 256
+            - key: cert.pem
+              path: cert.pem
+              mode: 256
+            - key: key.pem
+              path: key.pem
+              mode: 256
+  volumeClaimTemplates:
+    - metadata:
+        name: gitea-server-data
+        labels:
+          app: gitea
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 20Gi
+        storageClassName: gcePersistentDisk
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-server
+  labels:
+    name: gitea-server
+    app: gitea
+spec:
+  type: LoadBalancer
+  # preserves the client source IP
+  externalTrafficPolicy: Local
+  ports:
+    - name: "ssh"
+      port: 22
+      targetPort: 22
+    - name: "http"
+      port: 80
+      targetPort: 3001
+    - name: "https"
+      port: 443
+      targetPort: 3000
+  selector:
+    name: gitea-server