diff --git a/playbooks/openshift-apps/ipsilon.yml b/playbooks/openshift-apps/ipsilon.yml
new file mode 100644
index 0000000000..48f7d4c3e7
--- /dev/null
+++ b/playbooks/openshift-apps/ipsilon.yml
@@ -0,0 +1,58 @@
+- name: make the app be real
+  hosts: os-masters-stg[0]
+  user: root
+  gather_facts: False
+
+  vars_files:
+    - /srv/web/infra/ansible/vars/global.yml
+    - "/srv/private/ansible/vars.yml"
+    - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml
+
+  pre_tasks:
+  - include_vars: dir=/srv/web/infra/ansible/vars/all/ ignore_files=README
+
+  roles:
+  - role: openshift/project
+    app: ipsilon
+    description: ipsilon
+    appowners:
+    - puiterwijk
+  - role: openshift/keytab
+    app: ipsilon
+    key: ipsilon-keytab
+    secret_name: ipsilon-keytab
+    service: HTTP
+    host: "id{{ env_suffix }}.fedoraproject.org"
+  - role: openshift/imagestream
+    app: ipsilon
+    imagename: ipsilon
+  - role: openshift/object
+    app: ipsilon
+    template: buildconfig.yml
+    objectname: buildconfig.yml
+  - role: openshift/start-build
+    app: ipsilon
+    buildname: ipsilon
+
+  - role: openshift/object
+    app: ipsilon
+    template_fullpath: "{{roles_path}}/bodhi2/base/templates/configmap.yml"
+    objectname: configmap.yml
+
+  - role: openshift/object
+    app: ipsilon
+    file: service.yml
+    objectname: service.yml
+  - role: openshift/route
+    app: ipsilon
+    routename: ipsilon
+    host: "id{{ env_suffix }}.fedoraproject.org"
+    serviceport: web
+    servicename: ipsilon
+  - role: openshift/object
+    app: ipsilon
+    template: deploymentconfig.yml
+    objectname: deploymentconfig.yml
+  - role: openshift/rollout
+    app: ipsilon
+    dcname: ipsilon
diff --git a/roles/openshift-apps/ipsilon/files/imagestream.yml b/roles/openshift-apps/ipsilon/files/imagestream.yml
new file mode 100644
index 0000000000..aa4c30237b
--- /dev/null
+++ b/roles/openshift-apps/ipsilon/files/imagestream.yml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ImageStream
+metadata:
+  name: ipsilon
+  labels:
+    build: ipsilon
diff --git a/roles/openshift-apps/ipsilon/files/service.yml b/roles/openshift-apps/ipsilon/files/service.yml
new file mode 100644
index 0000000000..fda4259b36
--- /dev/null
+++ b/roles/openshift-apps/ipsilon/files/service.yml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ipsilon
+  labels:
+    app: ipsilon
+    service: ipsilon
+  namespace: ipsilon
+spec:
+  ports:
+    - name: web
+      port: 8080
+      targetPort: 8080
+  selector:
+    deploymentconfig: ipsilon
diff --git a/roles/openshift-apps/ipsilon/templates/buildconfig.yml b/roles/openshift-apps/ipsilon/templates/buildconfig.yml
new file mode 100644
index 0000000000..f19299372e
--- /dev/null
+++ b/roles/openshift-apps/ipsilon/templates/buildconfig.yml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: BuildConfig
+metadata:
+  labels:
+    build: ipsilon
+  name: ipsilon
+spec:
+  runPolicy: Serial
+  source:
+    dockerfile: |-
+      FROM fedora:29
+      RUN curl -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/fedora-infra-tags.repo
+{% if env == "staging" %}
+      RUN curl -o /etc/yum.repos.d/infra-tags-stg.repo https://infrastructure.fedoraproject.org/cgit/ansible.git/plain/files/common/fedora-infra-tags-stg.repo
+{% endif %}
+      RUN dnf install -y ipsilon ipsilon-authfas ipsilon-openid ipsilon-saml2 ipsilon-persona ipsilon-infofas ipsilon-authgssapi ipsilon-openidc mod_auth_openidc python-psycopg2 httpd mod_wsgi
+      EXPOSE 8080
+      ENTRYPOINT bash /etc/ipsilon/start.sh
+    type: Dockerfile
+  strategy:
+    type: Docker
+    dockerStrategy:
+      noCache: false
+  output:
+    to:
+      kind: ImageStreamTag
+      name: ipsilon:latest
diff --git a/roles/openshift-apps/ipsilon/templates/deploymentconfig.yml b/roles/openshift-apps/ipsilon/templates/deploymentconfig.yml
new file mode 100644
index 0000000000..f592eb37af
--- /dev/null
+++ b/roles/openshift-apps/ipsilon/templates/deploymentconfig.yml
@@ -0,0 +1,75 @@
+apiVersion: v1
+kind: DeploymentConfig
+metadata:
+  labels:
+    app: ipsilon
+    service: ipsilon
+  name: ipsilon
+spec:
+  selector:
+    deploymentconfig: ipsilon
+  strategy:
+    activeDeadlineSeconds: 21600
+    recreateParams:
+      timeoutSeconds: 600
+    resources: {}
+    rollingParams:
+      intervalSeconds: 1
+      maxSurge: 25%
+      maxUnavailable: 25%
+      timeoutSeconds: 600
+      updatePeriodSeconds: 1
+    type: Rolling
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: ipsilon
+        deploymentconfig: ipsilon
+    spec:
+      containers:
+      - name: ipsilon
+        image: ipsilon:latest
+        ports:
+        - containerPort: 8080
+        volumeMounts:
+        - name: config-volume
+          mountPath: /etc/ipsilon
+          readOnly: true
+        - name: keytab-volume
+          mountPath: /etc/keytabs
+          readOnly: true
+        - name: httpdir-volume
+          mountPath: /httpdir
+        readinessProbe:
+          timeoutSeconds: 10
+          initialDelaySeconds: 5
+          httpGet:
+            path: /
+            port: 8080
+        livenessProbe:
+          timeoutSeconds: 10
+          initialDelaySeconds: 30
+          httpGet:
+            path: /
+            port: 8080
+      volumes:
+      - name: config-volume
+        configMap:
+          name: ipsilon-configmap
+      - name: keytab-volume
+        secret:
+          secretName: ipsilon-keytab
+      - name: httpdir-volume
+        emptyDir: {}
+  triggers:
+  - imageChangeParams:
+      automatic: true
+      containerNames:
+      - ipsilon
+      from:
+        kind: ImageStreamTag
+        name: ipsilon:latest
+        namespace: ipsilon
+    type: ImageChange
+  - type: ConfigChange