diff --git a/apps/payment/requirements.txt b/apps/payment/requirements.txt
index b15bdc7..b4bb4e2 100644
--- a/apps/payment/requirements.txt
+++ b/apps/payment/requirements.txt
@@ -9,6 +9,7 @@ beanie==1.21.0
 jieba==0.42.1
 sendgrid
 stripe==8.1.0
+prometheus_fastapi_instrumentator==7.0.2
 aio-pika
 httpx
 pydantic-settings
diff --git a/apps/payment/webapi/bootstrap/application.py b/apps/payment/webapi/bootstrap/application.py
index fd9f1b1..891fde5 100644
--- a/apps/payment/webapi/bootstrap/application.py
+++ b/apps/payment/webapi/bootstrap/application.py
@@ -11,6 +11,9 @@ from webapi.providers import database
 from webapi.providers import exception_handler
 from .freeleaps_app import FreeleapsApp
 
+# prometheus
+from prometheus_fastapi_instrumentator import Instrumentator
+
 
 def create_app() -> FastAPI:
     logging.info("App initializing")
@@ -26,6 +29,8 @@ def create_app() -> FastAPI:
 
     # Call the custom_openapi function to change the OpenAPI version
     customize_openapi_security(app)
+    # expose prometheus metrics
+    Instrumentator().instrument(app).expose(app)
     return app
 
 
diff --git a/sites/payment/deploy/k8s/alpha.yaml b/sites/payment/deploy/k8s/alpha.yaml
new file mode 100644
index 0000000..8127f2e
--- /dev/null
+++ b/sites/payment/deploy/k8s/alpha.yaml
@@ -0,0 +1,38 @@
+appEnv:
+  APP_NAME: payment
+  CONTAINER_APP_ROOT: /app
+  SERVICE_API_ACCESS_HOST: 0.0.0.0
+  SERVICE_API_ACCESS_PORT: 80
+
+  JWT_SECRET_KEY: {JWT_SECRET_KEY}
+  JWT_ALGORITHM: HS256
+
+  STRIPE_API_KEY: {STRIPE_API_KEY}
+  STRIPE_WEBHOOK_SECRET: {STRIPE_WEBHOOK_SECRET}
+
+  MONGODB_NAME: freeleaps2
+  MONGODB_PORT: 27017
+  MONGODB_URI: mongodb://freeleaps2-mongodb:27017/
+
+  LOG_BASE_PATH: $CONTAINER_APP_ROOT/log/$APP_NAME
+  BACKEND_LOG_FILE_NAME: $APP_NAME
+  APPLICATION_ACTIVITY_LOG: $APP_NAME-activity
+
+appK8sConfig:
+    replicaCount: 2
+    limits:
+        cpu: "1"
+        memory: "1Gi"
+    requests:
+        cpu: "0.5"
+        memory: "0.5Gi"
+    startupProbe:
+        command: to_add_startup_check.sh
+        initialDelaySeconds: 50
+        timeoutSeconds: 125
+        periodSeconds: 125
+    livenessProbe:
+        command: to_add_healthcheck.sh
+    readinessProbe:
+        command: to_add_healthcheck.sh
+
diff --git a/sites/payment/deploy/k8s/prod.yaml b/sites/payment/deploy/k8s/prod.yaml
new file mode 100644
index 0000000..e9ac616
--- /dev/null
+++ b/sites/payment/deploy/k8s/prod.yaml
@@ -0,0 +1,38 @@
+appEnv:
+  APP_NAME: payment
+  CONTAINER_APP_ROOT: /app
+  SERVICE_API_ACCESS_HOST: 0.0.0.0
+  SERVICE_API_ACCESS_PORT: 80
+
+  JWT_SECRET_KEY: {JWT_SECRET_KEY}
+  JWT_ALGORITHM: HS256
+
+  STRIPE_API_KEY: {STRIPE_API_KEY}
+  STRIPE_WEBHOOK_SECRET: {STRIPE_WEBHOOK_SECRET}
+
+  MONGODB_NAME: freeleaps2
+  MONGODB_PORT: 27017
+  MONGODB_URI: mongodb://freeleaps2-mongodb:27017/
+
+  LOG_BASE_PATH: $CONTAINER_APP_ROOT/log/$APP_NAME
+  BACKEND_LOG_FILE_NAME: $APP_NAME
+  APPLICATION_ACTIVITY_LOG: $APP_NAME-activity
+
+appK8sConfig:
+    replicaCount: 2
+    limits:
+        cpu: "1"
+        memory: "1Gi"
+    requests:
+        cpu: "0.5"
+        memory: "0.5Gi"
+    startupProbe:
+        command: to_add_startup_check.sh
+        initialDelaySeconds: 60
+        timeoutSeconds: 120
+        periodSeconds: 30
+    livenessProbe:
+        command: to_add_healthcheck.sh
+    readinessProbe:
+        command: to_add_healthcheck.sh
+
diff --git a/sites/payment/deploy/k8s/readme.md b/sites/payment/deploy/k8s/readme.md
new file mode 100644
index 0000000..868b410
--- /dev/null
+++ b/sites/payment/deploy/k8s/readme.md
@@ -0,0 +1,11 @@
+- K8s namespace should be the same as the code repository name(project name), e.g. **freeleaps-service-hub** 
+  - All apps within the repository should be deployed under the same namespace
+- For each app, the K8s pod name must be the same as appEnv.APP_NAME
+- When loading deployment yaml file under k8s folder (alpha.yaml, prod.yaml):
+  - Replace the secret values that are in format of {SECRET_NAME}, e.g. **{STRIPE_API_KEY}**
+  - Secret value should be stored in {REPO_NAME}/{APP_NAME}/{ENV}/{SECRET_NAME}, e.g. **freeleaps-service-hub/payment/alpha/STRIPE_API_KEY**
+  - Resolve appEnv references in the yaml file, e.g. **LOG_BASE_PATH: \$CONTAINER_APP_ROOT/log/\$APP_NAME**,  **\$CONTAINER_APP_ROOT** and **$APP_NAME** should be replaced by the appEnv with the same name. And we should do the  same for a SECRET referrence
+  - NOTE: only appEnvs are allowed to have references in the yaml file
+  - When reference can not be resolved, terminate the CI/CD
+- For each app, the related k8s resource should be named as {APP_NAME}-{RESOURCE_NAME}, e.g. **payment-deployment**, **payment-service**
+- For each app's k8s pod, we should deploy the resources defined in **appK8sConfig** as long as it doesn't conflict with the resource quota.
\ No newline at end of file