diff --git a/demo/intelsgx-job.yaml b/deployments/sgx_enclave_apps/base/intelsgx-job.yaml
similarity index 77%
rename from demo/intelsgx-job.yaml
rename to deployments/sgx_enclave_apps/base/intelsgx-job.yaml
index 195b74a6..0ff0245c 100644
--- a/demo/intelsgx-job.yaml
+++ b/deployments/sgx_enclave_apps/base/intelsgx-job.yaml
@@ -16,11 +16,12 @@ spec:
           name: intelsgx-demo-job-1
           image: intel/sgx-sdk-demo:devel
           imagePullPolicy: IfNotPresent
+          workingDir: "/opt/intel/sgx-sample-app/"
+          command: ["/opt/intel/sgx-sample-app/sgx-sample-app"]
           securityContext:
             readOnlyRootFilesystem: true
             capabilities:
               add: ["IPC_LOCK"]
           resources:
             limits:
-              sgx.intel.com/enclave: 1
-              sgx.intel.com/epc: 1234 # TODO: update
+              sgx.intel.com/epc: "512Ki"
diff --git a/deployments/sgx_enclave_apps/base/kustomization.yaml b/deployments/sgx_enclave_apps/base/kustomization.yaml
new file mode 100644
index 00000000..0b8a5675
--- /dev/null
+++ b/deployments/sgx_enclave_apps/base/kustomization.yaml
@@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - intelsgx-job.yaml
diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/change_workingdir_and_command.json b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/change_workingdir_and_command.json
new file mode 100644
index 00000000..60550f5f
--- /dev/null
+++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/change_workingdir_and_command.json
@@ -0,0 +1,4 @@
+[
+  {"op": "replace", "path": "/spec/template/spec/containers/0/workingDir", "value": "/opt/intel/sgx-quote-generation/"},
+  {"op": "replace", "path": "/spec/template/spec/containers/0/command", "value": ["/opt/intel/sgx-quote-generation/sgx-quote-generation"]}
+]
diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml
new file mode 100644
index 00000000..b46e1c76
--- /dev/null
+++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namePrefix: "ecdsa-quote-"
+bases:
+  - ../../base
+commonAnnotations:
+  sgx.intel.com/quote-provider: "aesmd"
+patchesJson6902:
+- target:
+    group: batch
+    version: v1
+    kind: Job
+    name: intelsgx-demo-job
+  path: change_workingdir_and_command.json
diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/add_hostnetwork.yaml b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/add_hostnetwork.yaml
new file mode 100644
index 00000000..d8accbb0
--- /dev/null
+++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/add_hostnetwork.yaml
@@ -0,0 +1,11 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: intelsgx-demo-job
+spec:
+  template:
+    spec:
+      hostNetwork: true
+      containers:
+      - name: intelsgx-demo-job-1
+        image: intel/sgx-sdk-demo:devel
diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/add_sgx_default_qcnl_conf.yaml b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/add_sgx_default_qcnl_conf.yaml
new file mode 100644
index 00000000..3b46b80b
--- /dev/null
+++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/add_sgx_default_qcnl_conf.yaml
@@ -0,0 +1,21 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: intelsgx-demo-job
+spec:
+  template:
+    spec:
+      containers:
+      - name: intelsgx-demo-job-1
+        image: intel/sgx-sdk-demo:devel
+        volumeMounts:
+        - name: qplconf
+          mountPath: /etc/sgx_default_qcnl.conf
+          subPath: sgx_default_qcnl.conf
+      volumes:
+      - name: qplconf
+        configMap:
+          name: sgx-attestation-conf
+          items:
+          - key: sgx_default_qcnl.conf
+            path: sgx_default_qcnl.conf
diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml
new file mode 100644
index 00000000..858efc7e
--- /dev/null
+++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namePrefix: "inproc-"
+bases:
+- ../sgx_ecdsa_aesmd_quote
+commonAnnotations:
+  sgx.intel.com/quote-provider: "intelsgx-demo-job-1"
+configMapGenerator:
+- name: sgx-attestation-conf
+  files:
+  - sgx_default_qcnl.conf
+patchesStrategicMerge:
+- add_hostnetwork.yaml
+- add_sgx_default_qcnl_conf.yaml
diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf
new file mode 100644
index 00000000..ca2acda3
--- /dev/null
+++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/sgx_default_qcnl.conf
@@ -0,0 +1,2 @@
+PCCS_URL=https://localhost:8081/sgx/certification/v2/
+USE_SECURE_CERT=FALSE