diff --git a/kube/clusters/biohazard/flux/kustomization.yaml b/kube/clusters/biohazard/flux/kustomization.yaml
index f7dbb32c..cb28ae22 100644
--- a/kube/clusters/biohazard/flux/kustomization.yaml
+++ b/kube/clusters/biohazard/flux/kustomization.yaml
@@ -31,6 +31,7 @@ resources:
   - ../../../deploy/core/storage/democratic-csi/local-hostpath/
   - ../../../deploy/core/storage/democratic-csi/manual/
   - ../../../deploy/core/storage/csi-driver-nfs/
+  - ../../../deploy/core/storage/snapscheduler/
   - ../../../deploy/core/storage/volsync/
   - ../../../deploy/core/tls/cert-manager/
   - ../../../deploy/core/dns/internal/_deps/
diff --git a/kube/deploy/core/storage/snapscheduler/app/hr.yaml b/kube/deploy/core/storage/snapscheduler/app/hr.yaml
new file mode 100644
index 00000000..6461dc07
--- /dev/null
+++ b/kube/deploy/core/storage/snapscheduler/app/hr.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: &app snapscheduler
+  namespace: *app
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: snapscheduler
+      version: 3.4.0
+      sourceRef:
+        name: backube
+        kind: HelmRepository
+        namespace: flux-system
+  values:
+    # netpols
+    podLabels:
+      egress.home.arpa/apiserver: allow
+    # misc
+    manageCRDs: true
+    metrics:
+      disableAuth: true
diff --git a/kube/deploy/core/storage/snapscheduler/ks.yaml b/kube/deploy/core/storage/snapscheduler/ks.yaml
new file mode 100644
index 00000000..f5eceb01
--- /dev/null
+++ b/kube/deploy/core/storage/snapscheduler/ks.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: 1-core-storage-snapscheduler-app
+  namespace: flux-system
+  labels: &l
+    app.kubernetes.io/name: "snapscheduler"
+spec:
+  commonMetadata:
+    labels: *l
+  path: ./kube/deploy/core/storage/snapscheduler/app
+  targetNamespace: "snapscheduler"
+  dependsOn: []
diff --git a/kube/deploy/core/storage/snapscheduler/kustomization.yaml b/kube/deploy/core/storage/snapscheduler/kustomization.yaml
new file mode 100644
index 00000000..5eeb2657
--- /dev/null
+++ b/kube/deploy/core/storage/snapscheduler/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ns.yaml
+  - ks.yaml
diff --git a/kube/deploy/core/storage/snapscheduler/ns.yaml b/kube/deploy/core/storage/snapscheduler/ns.yaml
new file mode 100644
index 00000000..9c76e6f9
--- /dev/null
+++ b/kube/deploy/core/storage/snapscheduler/ns.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: snapscheduler
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
+    pod-security.kubernetes.io/enforce: &ps restricted
+    pod-security.kubernetes.io/audit: *ps
+    pod-security.kubernetes.io/warn: *ps