diff --git a/kube/roles.yaml b/kube/deployment.yaml
similarity index 55%
rename from kube/roles.yaml
rename to kube/deployment.yaml
index 216972c..e19de76 100644
--- a/kube/roles.yaml
+++ b/kube/deployment.yaml
@@ -1,33 +1,3 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: minecraft-ingress
-  namespace: default
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  namespace: default
-  name: minecraft-ingress
-rules:
-- apiGroups: ["apps", ""] # "" indicates the core API group
-  resources: ["pods","deployments","services"]
-  verbs: ["get", "list", "patch", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: minecraft-ingress
-  namespace: default
-subjects:
-- kind: ServiceAccount
-  name: minecraft-ingress
-  namespace: default
-roleRef:
-  kind: Role
-  name: minecraft-ingress
-  apiGroup: rbac.authorization.k8s.io
----
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -48,7 +18,7 @@ spec:
       terminationGracePeriodSeconds: 5
       containers:
       - name: minecraft-ingress
-        image: git.tami.moe/tamipes/minecraft-ingress:latest
+        image: git.tami.moe/tamipes/minecraft-ingress:testing
         env:
         - name: FILTER_CONN
           value: '(addr == "87.229.85.222") || (addr == "") || (addr == "ogmur.xyz") || (addr == "@mat:matdoes.dev (hi honeypots) ") || (addr == "@mat:matdoes.dev ") || (addr == "slowstack.tv")'
diff --git a/kube/rbac.yaml b/kube/rbac.yaml
new file mode 100644
index 0000000..954af26
--- /dev/null
+++ b/kube/rbac.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: minecraft-ingress
+  namespace: default
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: default
+  name: minecraft-ingress
+rules:
+- apiGroups: ["apps", ""] # "" indicates the core API group
+  resources: ["pods","deployments","services"]
+  verbs: ["get", "list", "patch", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: minecraft-ingress
+  namespace: default
+subjects:
+- kind: ServiceAccount
+  name: minecraft-ingress
+  namespace: default
+roleRef:
+  kind: Role
+  name: minecraft-ingress
+  apiGroup: rbac.authorization.k8s.io
diff --git a/kube/test-deployment.yaml b/kube/test-deployment.yaml
new file mode 100644
index 0000000..0d5089a
--- /dev/null
+++ b/kube/test-deployment.yaml
@@ -0,0 +1,25 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: minecraft-ingress
+  labels:
+    app: minecraft-ingress
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: minecraft-ingress
+  template:
+    metadata:
+      labels:
+        app: minecraft-ingress
+    spec:
+      serviceAccountName: minecraft-ingress
+      terminationGracePeriodSeconds: 5
+      containers:
+      - name: minecraft-ingress
+        image: git.tami.moe/tamipes/minecraft-ingress:testing
+        env:
+        - name: FILTER_CONN
+          value: '(addr == "87.229.85.222") || (addr == "") || (addr == "ogmur.xyz") || (addr == "@mat:matdoes.dev (hi honeypots) ") || (addr == "@mat:matdoes.dev ") || (addr == "slowstack.tv")'
+