diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d398e4581c33b5750f34c50121dcf609c83d1bbf..c19f46fb1ff442fe715c6bb744ac6b8fee81d7f1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -175,15 +175,11 @@ release_version:
   stage: release
   script:
     - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN gitlab-registry.mpcdf.mpg.de
-    - docker pull $TEST_IMAGE
-    - docker tag $TEST_IMAGE $LATEST_IMAGE
-    - docker push $LATEST_IMAGE
-    - docker tag $TEST_IMAGE $RELEASE_IMAGE
+    - docker pull $LATEST_IMAGE
+    - docker tag $LATEST_IMAGE $RELEASE_IMAGE
     - docker push $RELEASE_IMAGE
-    - docker pull $FRONTEND_TEST_IMAGE
-    - docker tag $FRONTEND_TEST_IMAGE $FRONTEND_LATEST_IMAGE
-    - docker push $FRONTEND_LATEST_IMAGE
-    - docker tag $FRONTEND_TEST_IMAGE $FRONTEND_RELEASE_IMAGE
+    - docker pull $FRONTEND_LATEST_IMAGE
+    - docker tag $FRONTEND_LATEST_IMAGE $FRONTEND_RELEASE_IMAGE
     - docker push $FRONTEND_RELEASE_IMAGE
   only:
     - tags
diff --git a/ops/scripts/kubernetes_install_master.sh b/ops/scripts/kubernetes_install_master.sh
new file mode 100644
index 0000000000000000000000000000000000000000..c0e89781ef6874af66e28433e6e8c970bbc7f583
--- /dev/null
+++ b/ops/scripts/kubernetes_install_master.sh
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# add yum repo
+cat <<EOF > /etc/yum.repos.d/kubernetes.repo
+[kubernetes]
+name=Kubernetes
+baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
+enabled=1
+gpgcheck=1
+repo_gpgcheck=1
+gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
+exclude=kube*
+EOF
+
+# delete old
+yum erase -y kubelet kubeadm kubectl --disableexcludes=kubernetes
+
+# Set SELinux in permissive mode (effectively disabling it)
+setenforce 0
+sed -i 's/^SELINUX=enforcing$/SELINUX=permissive/' /etc/selinux/config
+
+yum install -y kubelet kubeadm kubectl --disableexcludes=kubernetes
+
+systemctl enable --now kubelet
+
+# firewall
+firewall-cmd --permanent --add-port=6443/tcp
+firewall-cmd --permanent --add-port=2379-2380/tcp
+firewall-cmd --permanent --add-port=10250/tcp
+firewall-cmd --permanent --add-port=10251/tcp
+firewall-cmd --permanent --add-port=10252/tcp
+firewall-cmd --permanent --add-port=10255/tcp
+firewall-cmd --permanent --add-port=8285/udp
+firewall-cmd --permanent --add-port=8472/udp
+firewall-cmd --reload
+modprobe br_netfilter
+
+# routing
+cat <<EOF >  /etc/sysctl.d/k8s.conf
+net.bridge.bridge-nf-call-ip6tables = 1
+net.bridge.bridge-nf-call-iptables = 1
+EOF
+sysctl --system
+
+# start it up
+systemctl daemon-reload
+systemctl restart kubelet
+
+echo "Still have to use kubeadm init/join"
\ No newline at end of file
diff --git a/ops/scripts/services_firewall.sh b/ops/scripts/services_firewall.sh
new file mode 100644
index 0000000000000000000000000000000000000000..63f7ce90224384c2ed3419caecbc7add090d9055
--- /dev/null
+++ b/ops/scripts/services_firewall.sh
@@ -0,0 +1,22 @@
+# rabbit
+firewall-cmd --permanent --add-port=5672/tcp
+
+# mongo
+firewall-cmd --permanent --add-port=27017/tcp
+firewall-cmd --permanent --add-port=37017/tcp
+
+# raw api
+firewall-cmd --permanent --add-port=18001/tcp
+
+# es
+firewall-cmd --permanent --add-port=19200/tcp
+
+# postgres
+firewall-cmd --permanent --add-port=5432/tcp
+
+# elk
+firewall-cmd --permanent --add-port=29200/tcp
+firewall-cmd --permanent --add-port=15601/tcp
+firewall-cmd --permanent --add-port=15000/tcp
+
+firewall-cmd --reload
\ No newline at end of file