diff --git a/kube/services/fence/fence-deploy.yaml b/kube/services/fence/fence-deploy.yaml
index 24ce68a3d..8395e6965 100644
--- a/kube/services/fence/fence-deploy.yaml
+++ b/kube/services/fence/fence-deploy.yaml
@@ -119,6 +119,8 @@ spec:
         - name: nginx-main-config
           configMap:
             name: sidecar-nginx-main 
+        - name: fence
+          emptyDir: {}    
       securityContext:
         # nginx group in current images
         fsGroup: 101
@@ -193,6 +195,8 @@ spec:
 # DEPRECATED! Remove when all commons are no longer using local_settings.py
 #             for fence.
 # -----------------------------------------------------------------------------
+          - mountPath: /var/www/fence
+            name: "fence"
           - name: "old-config-volume"
             readOnly: true
             mountPath: "/var/www/fence/local_settings.py"
@@ -267,7 +271,13 @@ spec:
           - |
             echo "${FENCE_PUBLIC_CONFIG:-""}" > "/var/www/fence/fence-config-public.yaml"
             python /var/www/fence/yaml_merge.py /var/www/fence/fence-config-public.yaml /var/www/fence/fence-config-secret.yaml > /var/www/fence/fence-config.yaml
-            bash /fence/dockerrun.bash && if [[ -f /dockerrun.sh ]]; then bash /dockerrun.sh; fi
+            cd /fence
+            tar xvf jwt-keys.tar
+            mkdir -p keys
+            mv jwt-keys/* keys/
+            rm -rf /fence/keys/key/
+            gunicorn -c deployment/wsgi/gunicorn.conf.py
+            #bash /fence/dockerrun.bash && if [[ -f /dockerrun.sh ]]; then bash /dockerrun.sh; fi
       - name: sidecar-nginx
         image: quay.io/cdis/nginx-sidecar:nginx-sidecar-feat_nginx-sidecar
         imagePullPolicy: IfNotPresent
@@ -315,6 +325,8 @@ spec:
             readOnly: true
             mountPath: "/var/www/fence/fence_google_storage_creds_secret.json"
             subPath: fence_google_storage_creds_secret.json
+          - mountPath: /var/www/fence
+            name: "fence"
         command: ["/bin/bash"]
         args:
           - "-c"
diff --git a/kube/services/fence/fence-gunicorn.yaml b/kube/services/fence/fence-gunicorn.yaml
index 43285e5ca..53cef593b 100644
--- a/kube/services/fence/fence-gunicorn.yaml
+++ b/kube/services/fence/fence-gunicorn.yaml
@@ -6,8 +6,10 @@ data:
   gunicorn.conf.py: |
     wsgi_app = "deployment.wsgi.wsgi:application"
     bind = "0.0.0.0:8000"
-    workers = 1
+    workers = 4
+    preload_app = True    
     user = 'gen3'
     group = 'gen3'
     timeout = 300
-    worker_class = "uvicorn.workers.UvicornWorker"
\ No newline at end of file
+    keepalive = 2
+    keepalive_timeout = 5    
diff --git a/kube/services/fence/fence-service.yaml b/kube/services/fence/fence-service.yaml
index 1bed0a043..4f0a2bb13 100644
--- a/kube/services/fence/fence-service.yaml
+++ b/kube/services/fence/fence-service.yaml
@@ -9,11 +9,11 @@ spec:
   ports:
     - protocol: TCP
       port: 80
-      targetPort: 80 
+      targetPort: 8080
       name: http
       nodePort: null
-    - protocol: TCP 
-      port: 443 
+    - protocol: TCP
+      port: 443
       targetPort: 443
       name: https
       nodePort: null