diff --git a/deluge/deployment.yaml b/deluge/deployment.yaml
new file mode 100644
index 0000000..6c1f8e8
--- /dev/null
+++ b/deluge/deployment.yaml
@@ -0,0 +1,157 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: deluge
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: deluge
+  namespace: deluge
+spec:
+  ingressClassName: istio
+  rules:
+  - host: deluge.strudelline.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: deluge
+            port:
+              number: 8112
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  namespace: deluge
+  name: deluge
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: deluge
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: deluge
+    spec:
+      terminationGracePeriodSeconds: 0
+      restartPolicy: Always
+      initContainers:
+      - name: killswitch
+        image: xjasonlyu/tun2socks:latest
+        command: ["sh","-c"]
+        args:
+        - |
+            iptables -t mangle -A POSTROUTING -o eth0 -d 172.16.0.0/12 -j ACCEPT
+            iptables -t mangle -A POSTROUTING -o eth0 -d 10.0.0.0/8 -j ACCEPT
+            iptables -t mangle -A POSTROUTING -o eth0 -d 192.168.0.0/16 -j ACCEPT
+            iptables -t mangle -A POSTROUTING -o eth0 -j DROP
+        securityContext:
+          capabilities:
+            add: ["NET_ADMIN","SYS_TIME"]
+      volumes:
+      - name: config
+        nfs:
+          server: 172.16.18.1
+          path: /volume1/k8s-volumes/deluge-config
+      - name: dropbox
+        nfs:
+          server: 172.16.18.1
+          path: /volume1/dropbox
+      containers:
+      - name: deluge
+        image: lscr.io/linuxserver/deluge:latest
+        env:
+        - name: TZ
+          value: America/Chicago
+        - name: PUID
+          value: "1029"
+        - name: PGID
+          value: "101"
+        - name: UMASK_SET
+          value: "000"
+        volumeMounts:
+        - mountPath: /volume1/dropbox
+          name: dropbox
+        - mountPath: /config
+          name: config
+      - name: vpn
+        image: xjasonlyu/tun2socks:latest
+        command: ["sh","-c"]
+        args:
+        - |
+            mkdir -p /dev/net
+            mknod /dev/net/tun c 10 200
+            exec /entrypoint.sh
+        env:
+        - name: TUN
+          value: tun0
+        - name: PROXY
+          value: socks5://172.16.17.180:1080
+        - name: TUN_EXCLUDED_ROUTES
+          value: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
+        securityContext:
+          capabilities:
+            add: ["NET_ADMIN","SYS_TIME"]
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: deluge
+  name: deluge
+  namespace: deluge
+spec:
+  ipFamilies:
+  - IPv4
+  ipFamilyPolicy: SingleStack
+  ports:
+  - name: deluge
+    port: 8112
+    protocol: TCP
+    targetPort: 8112
+  selector:
+    app: deluge
+  sessionAffinity: None
+  type: ClusterIP
+#apiVersion: v1
+#kind: Service
+#metadata:
+#  annotations:
+#    metallb.universe.tf/allow-shared-ip: 172.16.17.180
+#    metallb.universe.tf/loadBalancerIPs: 172.16.17.180
+#  labels:
+#    app: nordproxy
+#  name: nordproxy
+#  namespace: nordproxy
+#spec:
+#  ipFamilies:
+#  - IPv4
+#  ipFamilyPolicy: SingleStack
+#  ports:
+#  - name: dns
+#    port: 53
+#    protocol: UDP
+#    targetPort: 5353
+#  - name: socks
+#    port: 1080
+#    protocol: TCP
+#    targetPort: 1080
+#  - name: gost-auto
+#    port: 4080
+#    protocol: TCP
+#    targetPort: 4080
+#  - name: http
+#    port: 8080
+#    protocol: TCP
+#    targetPort: 8080
+#  selector:
+#    app: nordproxy
+#  sessionAffinity: None
+#  type: LoadBalancer