diff --git a/02_hetzner/01_prod/passbolt/deployment.yaml b/02_hetzner/01_prod/passbolt/deployment.yaml
new file mode 100644
index 0000000..a607ef6
--- /dev/null
+++ b/02_hetzner/01_prod/passbolt/deployment.yaml
@@ -0,0 +1,106 @@
+# Deployment description
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: passbolt-deployment
+  namespace: prod-environment
+  labels:
+    app: passbolt-infra
+spec:
+  strategy:
+    type: Recreate
+  replicas: 1
+  selector:
+    matchLabels:
+      app: passbolt-infra
+  template:
+    metadata:
+      labels:
+        app: passbolt-infra
+    spec:
+      containers:
+        - name: passbolt
+          image: passbolt/passbolt:3.5.0-ce
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "4"
+          ports:
+            - containerPort: 80
+              name: passbolt-http
+              protocol: TCP
+          envFrom:
+            - configMapRef:
+                name: passbolt-config-infra
+---
+# passbolt ConfigMap
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: prod-environment
+  name: passbolt-config-infra
+  labels:
+    app: passbolt-infra
+data:
+  DATASOURCES_DEFAULT_HOST: mariadb-infra.infra-environment
+  DATASOURCES_DEFAULT_PASSWORD: vQRn7hvuQAUMHWp72MTXst 
+  DATASOURCES_DEFAULT_USERNAME: passbolt-prod
+  DATASOURCES_DEFAULT_DATABASE: passbolt-prod
+  APP_FULL_BASE_URL: https://donotforget.semapp.de
+  ## Email config
+  EMAIL_DEFAULT_FROM: support@semantic-applications.de
+  EMAIL_TRANSPORT_DEFAULT_HOST: smtp.strato.de
+  EMAIL_TRANSPORT_DEFAULT_PORT: "587"
+  EMAIL_TRANSPORT_DEFAULT_USERNAME: support@semantic-applications.de
+  EMAIL_TRANSPORT_DEFAULT_PASSWORD: "uN1zPIqN9@br"
+  EMAIL_TRANSPORT_DEFAULT_TLS: "true"
+
+---
+# passbolt Service
+apiVersion: v1
+kind: Service
+metadata:
+  name: passbolt
+  namespace: prod-environment
+spec:
+  selector:
+    app: passbolt-infra
+  ports:
+    - name: passbolt-http
+      port: 80
+      targetPort: passbolt-http
+  type: NodePort
+---
+# Ingress description
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: passbolt-infra-ingress
+  namespace: prod-environment
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+spec:
+  rules:
+  - host: passbolt.k8s.semprod.local
+    http:
+      paths:
+      - backend:
+          service:
+            name: passbolt
+            port:
+              number: 80
+        path: /
+        pathType: ImplementationSpecific
+  - host: donotforget.semapp.de
+    http:
+      paths:
+      - backend:
+          service:
+            name: passbolt
+            port:
+              number: 80
+        path: /
+        pathType: ImplementationSpecific
\ No newline at end of file