diff --git a/global/andromeda/templates/configmap-liquid-server.yaml b/global/andromeda/templates/configmap-liquid-server.yaml
new file mode 100644
index 0000000000..16a0ae19a7
--- /dev/null
+++ b/global/andromeda/templates/configmap-liquid-server.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: andromeda-liquid-server-etc
+  labels:
+    app.kubernetes.io/name: {{ include "andromeda.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  liquid-policy.json: |
+{{ include (print .Template.BasePath "/etc/_liquid-policy.json.tpl") . | indent 4 }}
diff --git a/global/andromeda/templates/deployment-liquid-server.yaml b/global/andromeda/templates/deployment-liquid-server.yaml
new file mode 100644
index 0000000000..8caaeb6143
--- /dev/null
+++ b/global/andromeda/templates/deployment-liquid-server.yaml
@@ -0,0 +1,108 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "andromeda.fullname" . }}-liquid-server
+  labels:
+{{ include "andromeda.labels" . | indent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "andromeda.name" . }}-liquid-server
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "andromeda.name" . }}-liquid-server
+        app.kubernetes.io/instance: {{ .Release.Name }}
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/targets: openstack
+        checksum/etc: {{ include (print $.Template.BasePath  "/configmap.yaml") . | sha256sum }}
+    spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "andromeda.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}-liquid-server
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          command: ["/usr/bin/andromeda-liquid-server", "--port", "{{ .Values.liquidServerService.port }}"]
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: HOST
+              value: 0.0.0.0
+            - name: GOMEMLIMIT
+              valueFrom:
+                resourceFieldRef:
+                  containerName: {{ .Chart.Name }}-liquid-server
+                  resource: limits.memory
+            - name: GOMAXPROCS
+              valueFrom:
+                resourceFieldRef:
+                  containerName: {{ .Chart.Name }}-liquid-server
+                  resource: limits.cpu
+            - name: LIQUID_POLICY_PATH
+              value: /etc/andromeda/liquid-policy.json
+            - name: SENTRY_DSN
+              valueFrom:
+                secretKeyRef:
+                  name: sentry
+                  key: {{ include "andromeda.fullname" . }}.DSN
+            - name: OS_AUTH_URL
+              {{- if eq .Values.global.region "global" }}
+              value: {{.Values.global.keystone_api_endpoint_protocol_internal | default "http"}}://{{include "andromeda_keystone_global_api_endpoint_internal" .}}:{{ .Values.global.keystone_api_port_internal | default 5000}}/v3
+              {{- else }}
+              value: {{ .Values.global.keystone_api_endpoint_protocol_public | default "https"}}://{{include "keystone_api_endpoint_host_public" .}}/v3
+              {{- end }}
+            - name: OS_USERNAME
+              value: {{ .Release.Name }}{{ .Values.global.user_suffix }}
+            - name: OS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: andromeda-secret
+                  key: service_user_password
+            - name: OS_PROJECT_NAME
+              value: service
+            - name: OS_PROJECT_DOMAIN_ID
+              value: default
+            - name: OS_USER_DOMAIN_ID
+              value: default
+            - name: OS_ALLOW_REAUTH
+              value: "true"
+          ports:
+            - name: http
+              containerPort: 8000
+              protocol: TCP
+            - containerPort: 9090
+              name: metrics
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /healthcheck
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /healthcheck
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: etc-andromeda
+              mountPath: /etc/andromeda
+              readOnly: true
+      volumes:
+        - name: etc-andromeda
+          projected:
+            defaultMode: 420
+            sources:
+              - configMap:
+                  name: andromeda-liquid-server-etc
+                  items:
+                    - key: liquid-policy.json
+                      path: liquid-policy.json
diff --git a/global/andromeda/templates/etc/_liquid-policy.json.tpl b/global/andromeda/templates/etc/_liquid-policy.json.tpl
new file mode 100644
index 0000000000..d9985beae7
--- /dev/null
+++ b/global/andromeda/templates/etc/_liquid-policy.json.tpl
@@ -0,0 +1,6 @@
+{
+  "liquid:get_info": "",
+  "liquid:get_capacity": "",
+  "liquid:get_usage": "",
+  "liquid:set_quota": ""
+}