diff --git a/.build/prod/apps_v1_deployment_label-bot-ml-github-app.yaml b/.build/prod/apps_v1_deployment_label-bot-ml-github-app.yaml
new file mode 100644
index 00000000..e9ec0aa0
--- /dev/null
+++ b/.build/prod/apps_v1_deployment_label-bot-ml-github-app.yaml
@@ -0,0 +1,81 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: label-bot
+    environment: prod
+    service: label-bot
+  name: label-bot-ml-github-app
+  namespace: label-bot-prod
+spec:
+  replicas: 9
+  selector:
+    matchLabels:
+      app: label-bot
+      environment: prod
+      service: label-bot
+  template:
+    metadata:
+      labels:
+        app: label-bot
+        environment: prod
+        service: label-bot
+    spec:
+      containers:
+      - command:
+        - python
+        - app.py
+        env:
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              key: DATABASE_URL
+              name: ml-app-inference-secret
+        - name: WEBHOOK_SECRET
+          valueFrom:
+            secretKeyRef:
+              key: WEBHOOK_SECRET
+              name: ml-app-inference-secret
+        - name: APP_ID
+          value: "27079"
+        - name: GITHUB_APP_PEM_KEY
+          value: /var/secrets/github/kf-label-bot-prod.private-key.pem
+        - name: GCP_PROJECT_ID
+          value: issue-label-bot-dev
+        - name: GCP_PUBSUB_TOPIC_NAME
+          value: event_queue
+        - name: GOOGLE_APPLICATION_CREDENTIALS
+          value: /var/secrets/google/user-gcp-sa.json
+        - name: FLASK_ENV
+          value: production
+        - name: PORT
+          value: "3000"
+        - name: APP_URL
+          value: https://mlbot.net/
+        - name: authors
+          value: c
+        image: gcr.io/github-probots/label-bot-frontend:3f698dc
+        name: frontend
+        ports:
+        - containerPort: 443
+        - containerPort: 80
+        - containerPort: 3000
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 3000
+          initialDelaySeconds: 10
+          periodSeconds: 3
+        volumeMounts:
+        - mountPath: /var/secrets/google
+          name: user-gcp-sa
+        - mountPath: /var/secrets/github
+          name: github-app
+        workingDir: /flask_app
+      volumes:
+      - name: user-gcp-sa
+        secret:
+          secretName: user-gcp-sa
+      - name: github-app
+        secret:
+          secretName: github-app
diff --git a/.build/prod/extensions_v1beta1_ingress_label-bot-frontend.yaml b/.build/prod/extensions_v1beta1_ingress_label-bot-frontend.yaml
new file mode 100644
index 00000000..cceaf86d
--- /dev/null
+++ b/.build/prod/extensions_v1beta1_ingress_label-bot-frontend.yaml
@@ -0,0 +1,23 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.global-static-ip-name: label-bot-prod
+    networking.gke.io/managed-certificates: certificate
+  labels:
+    app: label-bot
+    environment: prod
+    service: label-bot
+  name: label-bot-frontend
+  namespace: label-bot-prod
+spec:
+  backend:
+    serviceName: label-bot-ml-github-app
+    servicePort: 3000
+  rules:
+  - http:
+      paths:
+      - backend:
+          serviceName: label-bot-ml-github-app
+          servicePort: 3000
+        path: /
diff --git a/.build/prod/networking.gke.io_v1beta1_managedcertificate_certificate.yaml b/.build/prod/networking.gke.io_v1beta1_managedcertificate_certificate.yaml
new file mode 100644
index 00000000..6c3a776c
--- /dev/null
+++ b/.build/prod/networking.gke.io_v1beta1_managedcertificate_certificate.yaml
@@ -0,0 +1,10 @@
+apiVersion: networking.gke.io/v1beta1
+kind: ManagedCertificate
+metadata:
+  labels:
+    environment: prod
+  name: certificate
+  namespace: label-bot-prod
+spec:
+  domains:
+  - label-bot-prod.mlbot.net
diff --git a/.build/prod/~g_v1_service_label-bot-ml-github-app.yaml b/.build/prod/~g_v1_service_label-bot-ml-github-app.yaml
new file mode 100644
index 00000000..3c5dbc28
--- /dev/null
+++ b/.build/prod/~g_v1_service_label-bot-ml-github-app.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: label-bot
+    environment: prod
+    service: label-bot
+  name: label-bot-ml-github-app
+  namespace: label-bot-prod
+spec:
+  ports:
+  - port: 3000
+    protocol: TCP
+  selector:
+    app: label-bot
+    environment: prod
+    service: label-bot
+  type: NodePort
diff --git a/.gitignore b/.gitignore
index a8c7fbc8..35108e4b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+!.build
 .*
 *.pem
 *.hdf5
diff --git a/Makefile b/Makefile
index c2315507..1048bfff 100644
--- a/Makefile
+++ b/Makefile
@@ -21,6 +21,16 @@ else
 GIT_VERSION := $(shell git describe --always)-dirty-$(shell git diff | shasum -a256 | cut -c -6)
 endif
 
+CONTEXT=label-bot-frontend-prod
+
+hydrate-prod:
+	rm -rf .build/prod
+	mkdir -p .build/prod
+	kustomize build -o .build/prod deployment/overlays/prod
+
+apply-prod: hydrate-prod
+	kubectl --context=$(CONTEXT) apply -f .build/prod
+
 TAG := $(shell date +v%Y%m%d)-$(GIT_VERSION)
 all: build
 
diff --git a/deployment/overlays/prod/kustomization.yaml b/deployment/overlays/prod/kustomization.yaml
index d20645ee..27fdbb56 100644
--- a/deployment/overlays/prod/kustomization.yaml
+++ b/deployment/overlays/prod/kustomization.yaml
@@ -6,7 +6,7 @@ namespace: label-bot-prod
 images:
 - name: gcr.io/github-probots/label-bot-frontend
   newName: gcr.io/github-probots/label-bot-frontend
-  newTag: 2cb624e
+  newTag: 3f698dc
 resources:
 - certificate.yaml
 - ../../base