diff --git a/.github/workflows/build-images-action.yml b/.github/workflows/build-images-action.yml
index 4408e8b..dd2e656 100644
--- a/.github/workflows/build-images-action.yml
+++ b/.github/workflows/build-images-action.yml
@@ -33,3 +33,15 @@ jobs:
       QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
       QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
       SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+  build_keepalived:
+    name: Build keepalived container image
+    if: github.repository == 'metal3-io/utility-images'
+    uses: metal3-io/project-infra/.github/workflows/container-image-build.yml@main
+    with:
+      image-name: 'keepalived'
+      dockerfile-directory: keepalived
+      pushImage: true
+    secrets:
+      QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
+      QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }}
+      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
diff --git a/README.md b/README.md
index bc1b7ac..d8b2e35 100644
--- a/README.md
+++ b/README.md
@@ -74,3 +74,21 @@ FakeIPA simulate the IPA by:
   a queue of fake agents.
 - Faking the sync/async commands needed by ironic to inspect,
   clean and provision a node.
+
+## Keepalived
+
+Keepalived container used in Ironic deployments. Keepalived is used to
+provide fix IP address for Ironic in such a manner that even after pivoting
+operations the IP of Ironic stays persistent.
+
+[Keeplaived documentation](https://www.keepalived.org/manpage.html)
+
+Deployment configuration options:
+
+- `CUSTOM_CONF_DIR` - when specified, the config files will be moved to the
+  specified directory and the variable substitution will happen there
+- 'PROVISIONING_IP' - the fix IP provided by keepalived
+- 'PROVISIONING_INTERFACE' - The name of the interface that will be used
+  to "host" the fixed IP (keepalived is used in a pod that is attached to
+  host network, thus the interface names are the same as the interface names
+  on the host)
diff --git a/keepalived/Dockerfile b/keepalived/Dockerfile
new file mode 100644
index 0000000..f7c752c
--- /dev/null
+++ b/keepalived/Dockerfile
@@ -0,0 +1,16 @@
+# Support FROM override
+ARG BASE_IMAGE=ubuntu:22.04
+
+FROM $BASE_IMAGE
+ARG DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get -y update && \
+    apt-get -y install keepalived && \
+    apt-get -y clean
+
+COPY sample.keepalived.conf /etc/keepalived/keepalived.conf
+COPY manage-keepalived.sh configure-nonroot.sh /bin/
+
+RUN /bin/configure-nonroot.sh && rm /bin/configure-nonroot.sh
+
+CMD ["/bin/bash", "/bin/manage-keepalived.sh"]
diff --git a/keepalived/configure-nonroot.sh b/keepalived/configure-nonroot.sh
new file mode 100755
index 0000000..6bebd78
--- /dev/null
+++ b/keepalived/configure-nonroot.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/bash
+
+set -eux
+
+# create nonroot image matching the keepalived manifest
+NONROOT_USER="nonroot"
+NONROOT_GROUP="nonroot"
+NONROOT_UID=65532
+NONROOT_GID=65532
+
+# run as non-root, allow editing the keepalived.conf during startup
+groupadd -g "${NONROOT_GID}" "${NONROOT_GROUP}"
+useradd -u "${NONROOT_UID}" -g "${NONROOT_GID}" -m "${NONROOT_USER}"
+
+mkdir -p /run/keepalived
+chown -R root:"${NONROOT_GROUP}" /etc/keepalived /run/keepalived
+chmod 2775 /etc/keepalived /run/keepalived
+chmod 664 /etc/keepalived/keepalived.conf
+
+setcap "cap_net_raw,cap_net_broadcast,cap_net_admin=+eip" /usr/sbin/keepalived
diff --git a/keepalived/manage-keepalived.sh b/keepalived/manage-keepalived.sh
new file mode 100644
index 0000000..ee0f714
--- /dev/null
+++ b/keepalived/manage-keepalived.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/bash
+
+set -eux
+CUSTOM_CONF_DIR="${CUSTOM_CONF_DIR:-}"
+KEEPALIVED_DEFAULT_CONF='/etc/keepalived/keepalived.conf'
+if [[ -z "${CUSTOM_CONF_DIR}" ]]; then
+    KEEAPLIVED_CONF="${KEEPALIVED_DEFAULT_CONF}"
+else
+    KEEAPLIVED_CONF="${KEEPALIVED_DEFAULT_CONF}/keepalived.conf"
+    cp "${KEEPALIVED_DEFAULT_CONF}" "${KEEAPLIVED_CONF}"
+
+fi
+export assignedIP="${PROVISIONING_IP}/32"
+export interface="${PROVISIONING_INTERFACE}"
+
+sed -i "s~INTERFACE~${interface}~g" "${KEEAPLIVED_CONF}"
+sed -i "s~CHANGEIP~${assignedIP}~g" "${KEEAPLIVED_CONF}"
+
+exec /usr/sbin/keepalived --dont-fork --log-console \
+    --pid='/run/keepalived/keepalived.pid' \
+    --vrrp_pid='/run/keepalived/vrrp.pid' \
+    --use-file="${KEEAPLIVED_CONF}"
diff --git a/keepalived/sample.keepalived.conf b/keepalived/sample.keepalived.conf
new file mode 100644
index 0000000..c1c4469
--- /dev/null
+++ b/keepalived/sample.keepalived.conf
@@ -0,0 +1,20 @@
+! Configuration File for keepalived
+global_defs {
+    notification_email {
+    sysadmin@example.com
+    support@example.com
+    }
+    notification_email_from lb@example.com
+    smtp_server localhost
+    smtp_connect_timeout 30
+}
+vrrp_instance VI_1 {
+    state MASTER
+    interface INTERFACE
+    virtual_router_id 1
+    priority 101
+    advert_int 1
+    virtual_ipaddress {
+        CHANGEIP
+    }
+}