diff --git a/deployment/aks-periscope.yaml b/deployment/aks-periscope.yaml
index df0daaaa..a2b04db7 100644
--- a/deployment/aks-periscope.yaml
+++ b/deployment/aks-periscope.yaml
@@ -1,3 +1,5 @@
+# Note: this file is deprecated and will be removed in a future release
+# Use Kustomize to deploy the project
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -169,4 +171,4 @@ spec:
     singular: diagnostic
     kind: Diagnostic
     shortNames:
-    - apd
\ No newline at end of file
+    - apd
diff --git a/deployment/cluster-role-binding.yaml b/deployment/cluster-role-binding.yaml
new file mode 100644
index 00000000..bbc83ca4
--- /dev/null
+++ b/deployment/cluster-role-binding.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: aks-periscope-role-binding
+subjects:
+- kind: ServiceAccount
+  name: aks-periscope-service-account
+roleRef:
+  kind: ClusterRole
+  name: aks-periscope-role
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: aks-periscope-role-binding-view
+subjects:
+- kind: ServiceAccount
+  name: aks-periscope-service-account
+roleRef:
+  kind: ClusterRole
+  name: view
+  apiGroup: rbac.authorization.k8s.io
diff --git a/deployment/cluster-role.yaml b/deployment/cluster-role.yaml
new file mode 100644
index 00000000..cd58e155
--- /dev/null
+++ b/deployment/cluster-role.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: aks-periscope-role
+rules:
+- apiGroups: ["","metrics.k8s.io"]
+  resources: ["pods", "nodes"]
+  verbs: ["get", "watch", "list"]
+- apiGroups: ["aks-periscope.azure.github.com"]
+  resources: ["diagnostics"]
+  verbs: ["get", "watch", "list", "create", "patch"]
diff --git a/deployment/config-map.yaml b/deployment/config-map.yaml
new file mode 100644
index 00000000..1f82a9b1
--- /dev/null
+++ b/deployment/config-map.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1 
+kind: ConfigMap 
+metadata:
+  name: containerlogs-config
+data:
+  DIAGNOSTIC_CONTAINERLOGS_LIST: kube-system
+---
+apiVersion: v1 
+kind: ConfigMap 
+metadata:
+  name: kubeobjects-config
+data:
+  DIAGNOSTIC_KUBEOBJECTS_LIST: kube-system/pod kube-system/service kube-system/deployment
+---
+apiVersion: v1 
+kind: ConfigMap 
+metadata:
+  name: nodelogs-config
+data:
+  DIAGNOSTIC_NODELOGS_LIST: /var/log/azure/cluster-provision.log /var/log/cloud-init.log
diff --git a/deployment/crd.yaml b/deployment/crd.yaml
new file mode 100644
index 00000000..143a7662
--- /dev/null
+++ b/deployment/crd.yaml
@@ -0,0 +1,28 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: diagnostics.aks-periscope.azure.github.com
+spec:
+  group: aks-periscope.azure.github.com
+  versions:
+  - name: v1
+    served: true
+    storage: true
+  validation:
+    openAPIV3Schema:
+      type: object
+      properties:
+        spec:
+          type: object
+          properties:
+            dns:
+              type: string
+            networkoutbound:
+              type: string
+  scope: Namespaced
+  names:
+    plural: diagnostics
+    singular: diagnostic
+    kind: Diagnostic
+    shortNames:
+    - apd
diff --git a/deployment/daemon-set.yaml b/deployment/daemon-set.yaml
new file mode 100644
index 00000000..7d2cb971
--- /dev/null
+++ b/deployment/daemon-set.yaml
@@ -0,0 +1,48 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: aks-periscope
+  labels:
+    app: aks-periscope
+spec:
+  selector:
+    matchLabels:
+      app: aks-periscope
+  template:
+    metadata:
+      labels:
+        app: aks-periscope
+    spec:
+      serviceAccountName: aks-periscope-service-account
+      hostPID: true
+      nodeSelector:
+        beta.kubernetes.io/os: linux
+      containers:
+      - name: aks-periscope
+        image: aksrepos.azurecr.io/staging/aks-periscope
+        securityContext:
+          privileged: true
+        imagePullPolicy: Always
+        env: []
+        envFrom:
+        - configMapRef:
+            name: containerlogs-config
+        - configMapRef:
+            name: kubeobjects-config
+        - configMapRef:
+            name: nodelogs-config
+        volumeMounts:
+        - mountPath: /aks-periscope
+          name: aks-periscope-storage
+        resources:
+          requests:
+            memory: "500Mi"
+            cpu: "250m"
+          limits:
+            memory: "2000Mi"
+            cpu: "1000m"
+      volumes:
+      - name: aks-periscope-storage
+        hostPath:
+          path: /var/log/aks-periscope
+          type: DirectoryOrCreate
diff --git a/deployment/examples/kustomization_storage_account.yaml b/deployment/examples/kustomization_storage_account.yaml
new file mode 100644
index 00000000..fe9516f8
--- /dev/null
+++ b/deployment/examples/kustomization_storage_account.yaml
@@ -0,0 +1,34 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+- https://github.com/Azure/aks-periscope/blob/master/deployment/kustomization.yaml
+
+secretGenerator:
+- name: azureblob-secret
+  literals:
+  - AZURE_BLOB_SAS_KEY=<base 64 encoded value>
+
+patches:
+- target:
+    group: apps
+    kind: DaemonSet
+    name: aks-periscope
+    version: v1
+  patch: |-
+    - op: add
+      path: '/spec/template/spec/containers/0/env/-'
+      value:
+        name: AZURE_BLOB_ACCOUNT_NAME
+        value: <name>
+- target:
+    group: apps
+    kind: DaemonSet
+    name: aks-periscope
+    version: v1
+  patch: |-
+    - op: add
+      path: '/spec/template/spec/containers/0/envFrom/-'
+      value:
+        secretRef:
+          name: azureblob-secret
diff --git a/deployment/kustomization.yaml b/deployment/kustomization.yaml
new file mode 100644
index 00000000..73eb746c
--- /dev/null
+++ b/deployment/kustomization.yaml
@@ -0,0 +1,17 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: aks-periscope
+
+resources:
+- namespace.yaml
+- cluster-role.yaml
+- cluster-role-binding.yaml
+- config-map.yaml
+- crd.yaml
+- daemon-set.yaml
+- service-account.yaml
+
+images:
+  - name: aksrepos.azurecr.io/staging/aks-periscope
+    newTag: v0.3
diff --git a/deployment/namespace.yaml b/deployment/namespace.yaml
new file mode 100644
index 00000000..1c6ad0df
--- /dev/null
+++ b/deployment/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: aks-periscope
diff --git a/deployment/service-account.yaml b/deployment/service-account.yaml
new file mode 100644
index 00000000..712f51ec
--- /dev/null
+++ b/deployment/service-account.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: aks-periscope-service-account
diff --git a/docs/kustomize.md b/docs/kustomize.md
new file mode 100644
index 00000000..d2d6f157
--- /dev/null
+++ b/docs/kustomize.md
@@ -0,0 +1,50 @@
+# Deploy with Kustomize
+
+To store the logs an Azure Blob Service account is required.
+
+Patch the DeamonSet to add the `AZURE_BLOB_ACCOUNT_NAME` env var:
+
+```yaml
+patches:
+- target:
+    group: apps
+    kind: DaemonSet
+    name: aks-periscope
+    version: v1
+  patch: |-
+    - op: add
+      path: '/spec/template/spec/containers/0/env/-'
+      value:
+        name: AZURE_BLOB_ACCOUNT_NAME
+        value: your_account_name
+```
+
+## Connect to the Storage Account using a SAS key
+
+Create the following secret to connect to the Storage Account using a SAS Key:
+
+```yaml
+secretGenerator:
+- name: azureblob-secret
+  literals:
+  - AZURE_BLOB_SAS_KEY=your_sas_key_base_64_encoded
+
+patches:
+- target:
+    group: apps
+    kind: DaemonSet
+    name: aks-periscope
+    version: v1
+  patch: |-
+    - op: add
+      path: '/spec/template/spec/containers/0/envFrom/-'
+      value: |
+        secretRef:
+          name: azureblob-secret
+```
+
+## Apply
+
+```sh
+kubectl apply -f <(kustomize build)
+```