diff --git a/README.md b/README.md
index 7d42b9d..93be6db 100644
--- a/README.md
+++ b/README.md
@@ -19,3 +19,147 @@ This container will loop up to 15 times, as many times as it can until vault is
 3. Optionally set `VAULT_SKIP_VERIFY` to 1. 
 4. Check the [vault docs](https://www.vaultproject.io/docs/commands/environment.html) on environment variables to see all of your options. 
 5. Run the container and watch it unseal your vault.
+
+## Example Kubernetes Config
+
+```yaml
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-secret-config-s3
+  namespace: default
+type: Opaque
+data:
+  access_key: <base64 encoded s3 access key>
+  secret_key: <base64 encoded s3 secret key>
+  unseal_key_1: <base64 encoded unseal key 1>
+  unseal_key_2: <base64 encoded unseal key 2>
+  unseal_key_3: <base64 encoded unseal key 3>
+  unseal_key_4: <base64 encoded unseal key 4>
+  unseal_key_5: <base64 encoded unseal key 5>
+  root_token: <base64 encoded root token>
+
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: vault-config-file
+data:
+  config.hcl: |-
+    backend "s3" {}
+    listener "tcp" {
+      address = "0.0.0.0:8200"
+      tls_disable = 1
+    }
+
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: vault
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: vault
+    spec:
+      volumes:
+      - name: configmap
+        configMap:
+          name: vault-config-file
+      containers:
+      - name: vault
+        image: vault:0.6.4
+        args: ["server"]
+        securityContext:
+          capabilities:
+            add:
+              - IPC_LOCK
+        ports:
+        - containerPort: 8200
+        imagePullPolicy: Always
+        volumeMounts:
+        - mountPath: /vault/config
+          name: configmap
+        env:
+          - name: VAULT_ADDR
+            value: http://127.0.0.1:8200
+          - name: VAULT_SKIP_VERIFY
+            value: "1"
+          - name: AWS_S3_BUCKET
+            value: <my bucket name>
+          - name: AWS_DEFAULT_REGION
+            value: <my region>
+          - name: AWS_ACCESS_KEY_ID
+            valueFrom:
+              secretKeyRef:
+                name: vault-secret-config-s3
+                key: access_key
+          - name: AWS_SECRET_ACCESS_KEY
+            valueFrom:
+              secretKeyRef:
+                name: vault-secret-config-s3
+                key: secret_key
+          - name: VAULT_TOKEN
+            valueFrom:
+              secretKeyRef:
+                name: vault-secret-config-s3
+                key: root_token
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    app: vault
+  name: vault
+spec:
+  ports:
+  - port: 8200
+    protocol: TCP
+    targetPort: 8200
+  selector:
+    app: vault
+  sessionAffinity: None
+  type: ClusterIP
+
+
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: vault-unseal
+spec:
+  template:
+    metadata:
+      name: vault-unseal
+    spec:
+      restartPolicy: OnFailure
+      containers:
+      - name: vault-unseal
+        image: blockloop/vault-unseal
+        env:
+          - name: VAULT_ADDR
+            value: http://vault:8200
+          - name: VAULT_SKIP_VERIFY
+            value: "1"
+          - name: VAULT_UNSEAL_KEY_1
+            valueFrom:
+              secretKeyRef:
+                name: vault-secret-config-s3
+                key: unseal_key_1
+          - name: VAULT_UNSEAL_KEY_2
+            valueFrom:
+              secretKeyRef:
+                name: vault-secret-config-s3
+                key: unseal_key_2
+          - name: VAULT_UNSEAL_KEY_3
+            valueFrom:
+              secretKeyRef:
+                name: vault-secret-config-s3
+                key: unseal_key_3
+
+```
\ No newline at end of file