diff --git a/docker/barbican/Dockerfile b/docker/barbican/Dockerfile
new file mode 100644
index 0000000000..58759fb766
--- /dev/null
+++ b/docker/barbican/Dockerfile
@@ -0,0 +1,41 @@
+FROM kollaglue/fedora-rdo-base
+MAINTAINER Kolla Project (https://launchpad.net/kolla)
+
+ADD ./start.sh /start.sh
+
+# Install required packages
+RUN yum install -y gcc Cython sqlite-devel mysql-devel libffi-devel && yum clean all
+
+# use the Barbican Juno version
+# setting this as environment variable also keeps pbr version checking happy
+# TODO: when the Barbican rpm from cloudkeep.io is usable,
+# switch to using that instead
+ENV PBR_VERSION 2014.2
+
+# Get and extract the Barbican tar ball
+RUN curl -o /barbican-$PBR_VERSION.tar.gz https://github.com/openstack/barbican/archive/$PBR_VERSION.tar.gz -L
+RUN tar -xzf barbican-$PBR_VERSION.tar.gz
+
+# Install Barbican requirements
+RUN pip install -r barbican-$PBR_VERSION/requirements.txt
+RUN pip install MySQL-python
+
+# Install Barbican
+RUN cd barbican-$PBR_VERSION ; python setup.py install
+
+# Configure Barbican
+RUN mkdir -p /etc/barbican
+RUN mkdir -p /var/log/barbican
+RUN cp -r /barbican-$PBR_VERSION/etc/barbican/* /etc/barbican
+
+# Instal uwsgi as that is what we will use to run Barbican
+RUN pip install uwsgi
+
+# Cleanup files not required anymore
+RUN rm -rf /barbican-$PBR_VERSION
+RUN rm -rf /barbican-$PBR_VERSION.tar.gz
+
+# Expose the dev and admin ports
+EXPOSE 9311 9312
+
+CMD ["/start.sh"]
diff --git a/docker/barbican/build b/docker/barbican/build
new file mode 120000
index 0000000000..d2accf7d39
--- /dev/null
+++ b/docker/barbican/build
@@ -0,0 +1 @@
+../../tools/build-docker-image
\ No newline at end of file
diff --git a/docker/barbican/start.sh b/docker/barbican/start.sh
new file mode 100755
index 0000000000..676374faa0
--- /dev/null
+++ b/docker/barbican/start.sh
@@ -0,0 +1,86 @@
+#!/bin/bash
+
+set -e
+
+: ${BARBICAN_DB_USER:=barbican}
+: ${BARBICAN_DB_NAME:=barbican}
+: ${KEYSTONE_AUTH_PROTOCOL:=http}
+: ${BARBICAN_KEYSTONE_USER:=barbican}
+: ${ADMIN_TENANT_NAME:=admin}
+
+if ! [ "$KEYSTONE_ADMIN_TOKEN" ]; then
+    echo "*** Missing KEYSTONE_ADMIN_TOKEN" >&2
+        exit 1
+fi
+
+if ! [ "$DB_ROOT_PASSWORD" ]; then
+        echo "*** Missing DB_ROOT_PASSWORD" >&2
+        exit 1
+fi
+
+if ! [ "$BARBICAN_DB_PASSWORD" ]; then
+        BARBICAN_DB_PASSWORD=$(openssl rand -hex 15)
+        export BARBICAN_DB_PASSWORD
+fi
+
+mysql -h ${MARIADB_SERVICE_HOST} -u root -p"${DB_ROOT_PASSWORD}" mysql <<EOF
+CREATE DATABASE IF NOT EXISTS ${BARBICAN_DB_NAME};
+GRANT ALL PRIVILEGES ON barbican.* TO
+    '${BARBICAN_DB_USER}'@'%' IDENTIFIED BY '${BARBICAN_DB_PASSWORD}'
+EOF
+
+# config file setup
+crudini --set /etc/barbican/barbican-api.conf \
+    DEFAULT \
+    sql_connection \
+    "mysql://${BARBICAN_DB_USER}:${BARBICAN_DB_PASSWORD}@${MARIADB_SERVICE_HOST}/${BARBICAN_DB_NAME}"
+crudini --set /etc/barbican/barbican-api.conf \
+    DEFAULT \
+    log_dir \
+    "/var/log/barbican/"
+crudini --set /etc/barbican/barbican-api.conf \
+    DEFAULT \
+    log_file \
+    "/var/log/barbican/barbican.log"
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    pipeline:barbican_api \
+    pipeline \
+    "keystone_authtoken context apiapp"
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    auth_host \
+    ${KEYSTONE_ADMIN_SERVICE_HOST}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    auth_port \
+    ${KEYSTONE_ADMIN_SERVICE_PORT}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    auth_protocol \
+    ${KEYSTONE_AUTH_PROTOCOL}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    admin_tenant_name \
+    ${ADMIN_TENANT_NAME}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    admin_user \
+    ${BARBICAN_KEYSTONE_USER}
+crudini --set /etc/barbican/barbican-api-paste.ini \
+    filter:keystone_authtoken \
+    admin_password \
+    ${BARBICAN_KEYSTONE_USER}
+
+# create the required keystone entities for barbican
+export SERVICE_TOKEN="${KEYSTONE_ADMIN_TOKEN}"
+export SERVICE_ENDPOINT="${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_ADMIN_SERVICE_HOST}:${KEYSTONE_ADMIN_SERVICE_PORT}/v2.0"
+
+keystone user-get ${BARBICAN_KEYSTONE_USER} > /dev/null 2>&1 || /bin/keystone user-create --name ${BARBICAN_KEYSTONE_USER} --pass ${BARBICAN_ADMIN_PASSWORD}
+
+keystone role-get observer > /dev/null 2>&1 || /bin/keystone role-create --name observer
+keystone role-get creator > /dev/null 2>&1 || /bin/keystone role-create --name creator
+
+keystone user-get ${BARBICAN_KEYSTONE_USER} > /dev/null 2>&1 || /bin/keystone user-role-add --user ${BARBICAN_KEYSTONE_USER} --role admin --tenant ${ADMIN_TENANT_NAME}
+
+# launch Barbican using uwsgi
+exec uwsgi --master --emperor /etc/barbican/vassals
diff --git a/k8s/pod/barbican-pod.yaml b/k8s/pod/barbican-pod.yaml
new file mode 100644
index 0000000000..1a79adbace
--- /dev/null
+++ b/k8s/pod/barbican-pod.yaml
@@ -0,0 +1,22 @@
+desiredState:
+  manifest:
+    containers:
+    - env:
+      - name: BARBICAN_DB_PASSWORD
+        value: password
+      - name: DB_ROOT_PASSWORD
+        value: password
+      - name: KEYSTONE_ADMIN_TOKEN
+        value: ADMINTOKEN
+      - name: BARBICAN_ADMIN_PASSWORD
+        value: kolla
+      image: kollaglue/fedora-rdo-barbican
+      name: barbican
+      ports:
+      - containerPort: 9311
+      - containerPort: 9312
+    id: barbican
+    version: v1beta1
+id: barbican
+labels:
+  name: barbican
diff --git a/k8s/service/barbican-admin-service.yaml b/k8s/service/barbican-admin-service.yaml
new file mode 100644
index 0000000000..b2a2a88aac
--- /dev/null
+++ b/k8s/service/barbican-admin-service.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1beta1
+containerPort: 9312
+id: barbican-admin
+kind: Service
+port: 9312
+selector:
+  name: barbican
diff --git a/k8s/service/barbican-public-service.yaml b/k8s/service/barbican-public-service.yaml
new file mode 100644
index 0000000000..c555dde3af
--- /dev/null
+++ b/k8s/service/barbican-public-service.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1beta1
+containerPort: 9311
+id: barbican-public
+kind: Service
+port: 9311
+selector:
+  name: barbican