diff --git a/devops/azure/README.md b/devops/azure/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..e053a04930fb01908010f2bd7793a06d94846a3d
--- /dev/null
+++ b/devops/azure/README.md
@@ -0,0 +1,21 @@
+# Pipeline Support Commands
+
+```bash
+AZURE_SERVICE="legal"
+REPO_BRANCH="master"
+TAG="latest"
+PARTIAL=${REPO_BRANCH/\//-}
+BRANCH=${PARTIAL/./-}
+
+echo "--set image.branch=$BRANCH --set image.tag=$TAG"
+
+# Remove the Service
+kubectl delete deployment osdu-gitlab-$AZURE_SERVICE
+kubectl delete service osdu-gitlab-$AZURE_SERVICE
+
+# Install the Service
+helm upgrade -i osdu-gitlab-$AZURE_SERVICE chart --set image.branch=$BRANCH --set image.tag=$TAG
+pod=$(kubectl get pod |grep $AZURE_SERVICE | tail -1 | awk '{print $1}')
+status=$(kubectl wait --for=condition=Ready pod/$pod --timeout=60s)
+if [[ "$status" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
+```
diff --git a/devops/azure/chart/Chart.yaml b/devops/azure/chart/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f4bfe007924a4ecb30a3094bce16319d0097ba09
--- /dev/null
+++ b/devops/azure/chart/Chart.yaml
@@ -0,0 +1,20 @@
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+name: legal
+appVersion: "latest"
+description: Helm Chart for installing legal service.
+version: 0.1.0
+type: application
diff --git a/devops/azure/chart/templates/deployment.yaml b/devops/azure/chart/templates/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e91ce1e02c67acc72b1183660b5bd52c9bc3aae5
--- /dev/null
+++ b/devops/azure/chart/templates/deployment.yaml
@@ -0,0 +1,120 @@
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ .Release.Name }}
+ namespace: osdu
+spec:
+ replicas: {{ .Values.global.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ .Chart.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Chart.Name }}
+ aadpodidbinding: osdu-identity
+ spec:
+ volumes:
+ - name: azure-keyvault
+ csi:
+ driver: secrets-store.csi.k8s.io
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: azure-keyvault
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ .Values.image.repository }}/{{ .Chart.Name }}-{{ .Values.image.branch }}:{{ .Values.image.tag | default .Chart.AppVersion }}
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 80
+ readinessProbe:
+ httpGet:
+ path: /api/legal/v1/swagger-ui.html
+ port: 80
+ volumeMounts:
+ - name: azure-keyvault
+ mountPath: "/mnt/azure-keyvault"
+ readOnly: true
+ env:
+ - name: spring_application_name
+ value: legal
+ - name: server.servlet.contextPath
+ value: /api/legal/v1/
+ - name: server_port
+ value: "80"
+ - name: ACCEPT_HTTP # TEMPORARY UNTIL HTTPS
+ value: "true"
+ - name: KEYVAULT_URI
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_KEYVAULT
+ - name: AZURE_CLIENT_ID
+ valueFrom:
+ secretKeyRef:
+ name: clientid
+ key: clientid
+ - name: AZURE_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: clientpassword
+ key: clientpassword
+ - name: AZURE_TENANT_ID
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_TENANT_ID
+ - name: aad_client_id
+ valueFrom:
+ secretKeyRef:
+ name: appid
+ key: appid
+ - name: appinsights_key
+ valueFrom:
+ secretKeyRef:
+ name: appinsights
+ key: appinsights
+ - name: servicebus_namespace_name
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_SERVICEBUS_NAMESPACE
+ - name: storage_account
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_STORAGE_ACCOUNT
+ - name: azure_activedirectory_session_stateless
+ value: "true"
+ - name: azure_activedirectory_AppIdUri
+ value: "api://$(aad_client_id)"
+ - name: cosmosdb_database
+ value: osdu-db
+ - name: LOG_PREFIX
+ value: legal
+ - name: azure_storage_container_name
+ value: legal-service-azure-configuration
+ - name: azure_storage_enable_https
+ value: "true"
+ - name: legal_service_region
+ value: us
+ - name: servicebus_topic_name
+ value: legaltags
+ - name: entitlements_service_endpoint
+ value: http://entitlements-azure/entitlements/v1
+ - name: entitlements_service_api_key
+ value: "OBSOLETE"
diff --git a/devops/azure/chart/templates/service.yaml b/devops/azure/chart/templates/service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..eb5d124b64e3fdc13f20c0c0480aa1fd13a7a173
--- /dev/null
+++ b/devops/azure/chart/templates/service.yaml
@@ -0,0 +1,27 @@
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Chart.Name }}
+ namespace: osdu
+spec:
+ type: ClusterIP
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 80
+ selector:
+ app: {{ .Chart.Name }}
diff --git a/devops/azure/chart/values.yaml b/devops/azure/chart/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..3567d0f15392658badcba18a9ee24fd7024baf11
--- /dev/null
+++ b/devops/azure/chart/values.yaml
@@ -0,0 +1,21 @@
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+global:
+ replicaCount: 1
+
+image:
+ repository: community.opengroup.org:5555/osdu/platform/security-and-compliance/legal
+ branch: master
+ tag: latest
diff --git a/devops/azure/release.yaml b/devops/azure/release.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..072fc703aa3a5aeafa81a32d8b77f22e8240220b
--- /dev/null
+++ b/devops/azure/release.yaml
@@ -0,0 +1,151 @@
+---
+# Source: legal/templates/service.yaml
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: osdu-gitlab-legal
+ namespace: osdu
+spec:
+ type: ClusterIP
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 80
+ selector:
+ app: osdu-gitlab-legal
+---
+# Source: legal/templates/deployment.yaml
+# Copyright © Microsoft Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: osdu-gitlab-legal
+ namespace: osdu
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: osdu-gitlab-legal
+ template:
+ metadata:
+ labels:
+ app: osdu-gitlab-legal
+ aadpodidbinding: osdu-identity
+ spec:
+ volumes:
+ - name: azure-keyvault
+ csi:
+ driver: secrets-store.csi.k8s.io
+ readOnly: true
+ volumeAttributes:
+ secretProviderClass: azure-keyvault
+ containers:
+ - name: osdu-gitlab-legal
+ image: community.opengroup.org:5555/osdu/platform/security-and-compliance/legal/legal-master:latest
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 80
+ readinessProbe:
+ httpGet:
+ path: /entitlements/v1/swagger-ui.html
+ port: 80
+ volumeMounts:
+ - name: azure-keyvault
+ mountPath: "/mnt/azure-keyvault"
+ readOnly: true
+ env:
+ - name: spring_application_name
+ value: legal
+ - name: server.servlet.contextPath
+ value: /api/legal/v1/
+ - name: server_port
+ value: "80"
+ - name: ACCEPT_HTTP # TEMPORARY UNTIL HTTPS
+ value: "true"
+ - name: KEYVAULT_URI
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_KEYVAULT
+ - name: AZURE_CLIENT_ID
+ valueFrom:
+ secretKeyRef:
+ name: clientid
+ key: clientid
+ - name: AZURE_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: clientpassword
+ key: clientpassword
+ - name: AZURE_TENANT_ID
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_TENANT_ID
+ - name: aad_client_id
+ valueFrom:
+ secretKeyRef:
+ name: appid
+ key: appid
+ - name: appinsights_key
+ valueFrom:
+ secretKeyRef:
+ name: appinsights
+ key: appinsights
+ - name: servicebus_namespace_name
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_SERVICEBUS_NAMESPACE
+ - name: storage_account
+ valueFrom:
+ configMapKeyRef:
+ name: osdu-svc-properties
+ key: ENV_STORAGE_ACCOUNT
+ - name: azure_activedirectory_session_stateless
+ value: "true"
+ - name: azure_activedirectory_AppIdUri
+ value: "api://$(aad_client_id)"
+ - name: cosmosdb_database
+ value: osdu-db
+ - name: LOG_PREFIX
+ value: legal
+ - name: azure_storage_container_name
+ value: legal-service-azure-configuration
+ - name: azure_storage_enable_https
+ value: "true"
+ - name: legal_service_region
+ value: us
+ - name: servicebus_topic_name
+ value: legaltags
+ - name: entitlements_service_endpoint
+ value: http://entitlements-azure/entitlements/v1
+ - name: entitlements_service_api_key
+ value: "OBSOLETE"