diff --git a/docker/heat-api/Dockerfile.j2 b/docker/heat-api/Dockerfile.j2
new file mode 100644
index 0000000..3f5b894
--- /dev/null
+++ b/docker/heat-api/Dockerfile.j2
@@ -0,0 +1,9 @@
+FROM {{ namespace }}/heat-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+#mysql-client only for provisioning need to be removed later
+RUN apt-get install -y --no-install-recommends \
+        mysql-client \
+    && apt-get clean
+
+USER heat
diff --git a/docker/heat-base/Dockerfile.j2 b/docker/heat-base/Dockerfile.j2
new file mode 100644
index 0000000..136e378
--- /dev/null
+++ b/docker/heat-base/Dockerfile.j2
@@ -0,0 +1,14 @@
+FROM {{ namespace }}/openstack-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+RUN curl -o heat-{{ branch }}.tar.gz http://tarballs.openstack.org/heat/heat-{{ branch }}.tar.gz \
+    && tar -zxvf heat-{{ branch }}.tar.gz
+
+RUN mv heat*/ heat-{{ branch }}/ \
+    && ln -s heat-{{ branch }} /heat \
+    && useradd --user-group heat \
+    && /var/lib/microservices/venv/bin/pip --no-cache-dir install --upgrade -c /heat/requirements.txt /heat \
+    && mkdir -p /var/lib/heat /etc/heat \
+    && chown -R heat: /var/lib/heat /etc/heat \
+    && cp -r /heat/etc/heat/* /etc/heat \
+    && usermod -a -G microservices heat
diff --git a/docker/heat-engine/Dockerfile.j2 b/docker/heat-engine/Dockerfile.j2
new file mode 100644
index 0000000..edcc923
--- /dev/null
+++ b/docker/heat-engine/Dockerfile.j2
@@ -0,0 +1,4 @@
+FROM {{ namespace }}/heat-base:{{ tag }}
+MAINTAINER {{ maintainer }}
+
+USER heat
diff --git a/service/files/defaults.yaml b/service/files/defaults.yaml
new file mode 100644
index 0000000..117e422
--- /dev/null
+++ b/service/files/defaults.yaml
@@ -0,0 +1,13 @@
+configs:
+    heat_api_port: 8004
+
+    heat_db_username: heat
+    heat_db_password: password
+    heat_db_name: heat
+
+    heat_user: heat
+    heat_password: password
+
+    heat_memcache_secret_key: secret_key
+
+    heat_debug: false
diff --git a/service/files/heat.conf.j2 b/service/files/heat.conf.j2
new file mode 100644
index 0000000..4e5e89c
--- /dev/null
+++ b/service/files/heat.conf.j2
@@ -0,0 +1,51 @@
+[DEFAULT]
+debug = {{ heat_debug }}
+use_syslog = False
+use_stderr = True
+use_forwarded_for = True
+region_name_for_services = RegionOne
+rpc_backend = rabbit
+
+[database]
+connection = mysql+pymysql://{{ heat_db_username }}:{{ heat_db_password }}@mariadb/{{ heat_db_name }}
+
+[oslo_messaging_rabbit]
+rabbit_userid = {{ rabbitmq_user }}
+rabbit_password = {{ rabbitmq_password }}
+rabbit_ha_queues = true
+rabbit_hosts = rabbitmq
+
+[keystone_authtoken]
+auth_version = v3
+auth_uri = http://keystone:{{ keystone_public_port }}/v3
+auth_url = http://keystone:{{ keystone_admin_port }}/v3
+auth_type = password
+project_domain_id = default
+user_domain_id = default
+project_name = {{ openstack_project_name }}
+username = {{ heat_user }}
+password = {{ heat_password }}
+
+memcache_security_strategy = ENCRYPT
+memcache_secret_key = {{ heat_memcache_secret_key }}
+memcached_servers = memcached:{{ memcached_port }}
+
+[trustee]
+user_domain_id = default
+password = {{ heat_password }}
+username = {{ heat_user }}
+auth_uri = http://keystone:{{ keystone_public_port }}
+auth_url = http://keystone:{{ keystone_admin_port }}
+auth_type = password
+
+[clients_keystone]
+auth_uri = http://keystone:{{ keystone_public_port }}
+
+[heat_api]
+bind_host = {{ network_topology["private"]["address"] }}
+bind_port = {{ heat_api_port }}
+
+[cache]
+backend = oslo_cache.memcache_pool
+enabled = True
+memcache_servers = memcached:{{ memcached_port }}
diff --git a/service/heat-api.yaml b/service/heat-api.yaml
new file mode 100644
index 0000000..bed8f7a
--- /dev/null
+++ b/service/heat-api.yaml
@@ -0,0 +1,74 @@
+service:
+  name: heat-api
+  ports:
+    - heat_api_port
+  containers:
+    - name: heat-api
+      image: heat-api
+      # TODO(drusskikh): add probes
+      probes:
+        readiness: "true"
+        liveness: "true"
+      pre:
+        - name: heat-db-create
+          dependencies:
+            - mariadb
+          type: single
+          command:
+            mysql -u root -p{{ db_root_password }} -h mariadb -e "create database {{ heat_db_name }};
+            grant all privileges on {{ heat_db_name }}.* to '{{ heat_db_username }}'@'%' identified by '{{ heat_db_password }}';"
+        - name: heat-db-sync
+          files:
+            - heat-conf
+          dependencies:
+            - heat-db-create
+          type: single
+          command: heat-manage db_sync
+        - name: heat-user-create
+          dependencies:
+            - keystone-create-project
+          type: single
+          command:
+              openstack user create --domain default --password {{ heat_password }} {{ heat_user }}
+        - name: heat-role-add
+          dependencies:
+            - heat-user-create
+          type: single
+          command:
+              openstack role add --project {{ openstack_project_name }} --user {{ heat_user }} admin
+        - name: heat-service-create
+          dependencies:
+            - keystone-create-project
+          type: single
+          command:
+              openstack service create --name heat --description "OpenStack orchestration service" orchestration
+        - name: heat-public-endpoint-create
+          dependencies:
+            - heat-service-create
+          type: single
+          command:
+              openstack endpoint create --region RegionOne orchestration public http://heat-api:{{ heat_api_port }}/v1/%\(tenant_id\)s
+        - name: heat-internal-endpoint-create
+          dependencies:
+            - heat-service-create
+          type: single
+          command:
+              openstack endpoint create --region RegionOne orchestration internal http://heat-api:{{ heat_api_port }}/v1/%\(tenant_id\)s
+        - name: heat-admin-endpoint-create
+          dependencies:
+            - heat-service-create
+          type: single
+          command:
+              openstack endpoint create --region RegionOne orchestration admin http://heat-api:{{ heat_api_port }}/v1/%\(tenant_id\)s
+      daemon:
+        name: heat-api
+        dependencies:
+          - rabbitmq
+        files:
+          - heat-conf
+        command: heat-api --config-file /etc/heat/heat.conf
+
+files:
+  heat-conf:
+    path: /etc/heat/heat.conf
+    content: heat.conf.j2
diff --git a/service/heat-engine.yaml b/service/heat-engine.yaml
new file mode 100644
index 0000000..2db8f63
--- /dev/null
+++ b/service/heat-engine.yaml
@@ -0,0 +1,21 @@
+service:
+  name: heat-engine
+  containers:
+    - name: heat-engine
+      image: heat-engine
+      # TODO(drusskikh): add probes
+      probes:
+        readiness: "true"
+        liveness: "true"
+      daemon:
+        command: heat-engine --config-file /etc/heat/heat.conf
+        dependencies:
+          - heat-api
+          - rabbitmq
+        files:
+          - heat.conf
+files:
+  heat.conf:
+    path: /etc/heat/heat.conf
+    content: heat.conf.j2
+    perm: "0600"
diff --git a/tools/run-check-yaml-syntax.sh b/tools/run-check-yaml-syntax.sh
new file mode 100755
index 0000000..e393c54
--- /dev/null
+++ b/tools/run-check-yaml-syntax.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+### Temp yaml syntax checker script.
+set -e
+for file in $(find . -name '*.yaml'); do
+    yamllint -d relaxed $file
+done
diff --git a/tox.ini b/tox.ini
new file mode 100644
index 0000000..7efb0df
--- /dev/null
+++ b/tox.ini
@@ -0,0 +1,14 @@
+[tox]
+minversion = 1.6
+envlist = linters,bashate
+skipsdist = True
+
+[testenv:linters]
+deps = yamllint
+commands =
+    {toxinidir}/tools/run-check-yaml-syntax.sh
+
+[testenv:bashate]
+deps = bashate>=0.2
+whitelist_externals = bash
+commands = bash -c "find {toxinidir} -type f -name '*.sh' -not -path '*/.tox/*' -print0 | xargs -0 bashate -v"