diff --git a/legacy-redirects/base/kustomization.yaml b/legacy-redirects/base/kustomization.yaml
new file mode 100644
index 0000000..1eb05a4
--- /dev/null
+++ b/legacy-redirects/base/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+configMapGenerator:
+  - name: legacy-redirects-settings
+    literals:
+    - ip=127.0.0.1
+resources:
+- legacy-redirects.deployment.yaml
+- legacy-redirects.ingress.yaml
+- legacy-redirects.service.yaml
diff --git a/legacy-redirects/base/legacy-redirects.deployment.yaml b/legacy-redirects/base/legacy-redirects.deployment.yaml
new file mode 100644
index 0000000..e0e6052
--- /dev/null
+++ b/legacy-redirects/base/legacy-redirects.deployment.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: legacy-redirects
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      name: legacy-redirects
+  template:
+    metadata:
+      labels:
+        name: legacy-redirects
+    spec:
+      containers:
+      - name: web
+        image: gcr.io/exac-gnomad/legacy-redirects:latest
+        env:
+        - name: INGRESS_IP
+          valueFrom:
+            configMapKeyRef:
+              name: legacy-redirects-settings
+              key: ip
+        ports:
+        - name: http
+          containerPort: 80
+        resources:
+          requests:
+            cpu: 10m
+            memory: 32Mi
+          limits:
+            cpu: 100m
+            memory: 32Mi
+        readinessProbe:
+          httpGet:
+            path: /health/ready
+            port: http
+          initialDelaySeconds: 5
+          periodSeconds: 30
+      nodeSelector:
+        cloud.google.com/gke-nodepool: main-pool
diff --git a/legacy-redirects/base/legacy-redirects.ingress.yaml b/legacy-redirects/base/legacy-redirects.ingress.yaml
new file mode 100644
index 0000000..095e15c
--- /dev/null
+++ b/legacy-redirects/base/legacy-redirects.ingress.yaml
@@ -0,0 +1,16 @@
+---
+  apiVersion: networking.k8s.io/v1
+  kind: Ingress
+  metadata:
+    name: legacy-redirects-ingress
+  spec:
+    rules:
+    - http:
+        paths:
+        - backend:
+            service:
+              name: legacy-redirects-nodeport
+              port:
+                number: 80
+          path: /*
+          pathType: ImplementationSpecific
diff --git a/legacy-redirects/base/legacy-redirects.service.yaml b/legacy-redirects/base/legacy-redirects.service.yaml
new file mode 100644
index 0000000..85a6550
--- /dev/null
+++ b/legacy-redirects/base/legacy-redirects.service.yaml
@@ -0,0 +1,12 @@
+---
+  apiVersion: v1
+  kind: Service
+  metadata:
+    name: legacy-redirects-nodeport
+  spec:
+    type: NodePort
+    selector:
+      name: legacy-redirects
+    ports:
+    - port: 80
+      targetPort: 80
diff --git a/legacy-redirects/prod/certificate.yaml b/legacy-redirects/prod/certificate.yaml
new file mode 100644
index 0000000..fbb6270
--- /dev/null
+++ b/legacy-redirects/prod/certificate.yaml
@@ -0,0 +1,7 @@
+apiVersion: networking.gke.io/v1
+kind: ManagedCertificate
+metadata:
+  name: legacy-redirects-managed-cert
+spec:
+  domains:
+    - exac.broadinstitute.org
diff --git a/legacy-redirects/prod/ingress.patch.yaml b/legacy-redirects/prod/ingress.patch.yaml
new file mode 100644
index 0000000..a06f31b
--- /dev/null
+++ b/legacy-redirects/prod/ingress.patch.yaml
@@ -0,0 +1,11 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: legacy-redirects-ingress
+  annotations:
+    kubernetes.io/ingress.global-static-ip-name: prod-legacy-redirects-ip
+    ingress.gcp.kubernetes.io/pre-shared-cert: exac-cert
+    networking.gke.io/v1beta1.FrontendConfig: legacy-redirects-frontend-config
+spec:
+  rules:
+  - host: exac.broadinstitute.org
diff --git a/legacy-redirects/prod/kustomization.yaml b/legacy-redirects/prod/kustomization.yaml
new file mode 100644
index 0000000..e4aa4f1
--- /dev/null
+++ b/legacy-redirects/prod/kustomization.yaml
@@ -0,0 +1,29 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ../base
+- legacy-redirects.frontendconfig.yaml
+- certificate.yaml
+configMapGenerator:
+  - name: legacy-redirects-settings
+    behavior: merge
+    literals:
+      - ip=34.36.116.121
+patches:
+  - patch: |-
+      apiVersion: networking.k8s.io/v1
+      kind: Ingress
+      metadata:
+        name: legacy-redirects-ingress
+        annotations:
+          kubernetes.io/ingress.global-static-ip-name: prod-legacy-redirects-ip
+          ingress.gcp.kubernetes.io/pre-shared-cert: exac-cert
+          networking.gke.io/managed-certificates: legacy-redirects-managed-cert
+          networking.gke.io/v1beta1.FrontendConfig: legacy-redirects-frontend-config
+  - patch: |-
+      - op: add
+        path: /spec/rules/0/host
+        value: exac.broadinstitute.org
+    target:
+      kind: Ingress
+      name: legacy-redirects-ingress
diff --git a/legacy-redirects/prod/legacy-redirects.frontendconfig.yaml b/legacy-redirects/prod/legacy-redirects.frontendconfig.yaml
new file mode 100644
index 0000000..651b0fa
--- /dev/null
+++ b/legacy-redirects/prod/legacy-redirects.frontendconfig.yaml
@@ -0,0 +1,7 @@
+apiVersion: networking.gke.io/v1beta1
+kind: FrontendConfig
+metadata:
+  name: legacy-redirects-frontend-config
+spec:
+  redirectToHttps:
+    enabled: true