diff --git a/base-values/commons.yaml b/base-values/commons.yaml
index 490098a..aa8b0f0 100644
--- a/base-values/commons.yaml
+++ b/base-values/commons.yaml
@@ -9,6 +9,8 @@ commons:
         disableWait: true
         remediation:
           retries: -1
+  ingress:
+    domain: "wrenix.eu"
   grafana:
     dashboards:
       labels:
diff --git a/base-values/infra.yaml b/base-values/infra.yaml
index 61d7125..7d2c67a 100644
--- a/base-values/infra.yaml
+++ b/base-values/infra.yaml
@@ -8,3 +8,8 @@ components:
         dashboards:
           annotations:
             grafana.mon.local/dashboard-folder: "GitOps"
+
+  infra-ingress:
+    enabled: true
+    namespace: "ingress"
+  
diff --git a/infra-ingress/.helmignore b/infra-ingress/.helmignore
new file mode 100644
index 0000000..0e8a0eb
--- /dev/null
+++ b/infra-ingress/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/infra-ingress/Chart.yaml b/infra-ingress/Chart.yaml
new file mode 100644
index 0000000..e990ae5
--- /dev/null
+++ b/infra-ingress/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: infra-ingress
+description: Setup an ingress
+type: application
+
+version: 0.1.0
diff --git a/infra-ingress/templates/configmap_init_crd.yaml b/infra-ingress/templates/configmap_init_crd.yaml
new file mode 100644
index 0000000..2cf4834
--- /dev/null
+++ b/infra-ingress/templates/configmap_init_crd.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-init
+  namespace: "{{ .Values.init.namespace }}"
+data:
+  {{- $isMonitoring := and
+    (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor")
+  }}
+  monitoring: {{ $isMonitoring | quote }}
+  {{- $isTraefik := and
+    (.Capabilities.APIVersions.Has "traefik.io/v1alpha1/Middleware")
+    (.Capabilities.APIVersions.Has "traefik.io/v1alpha1/ServersTransport")
+  }}
+  traefik: {{ $isTraefik | quote }}
+  {{- if and
+    $isMonitoring
+    (eq (eq .Values.controller "traefik")  $isTraefik )
+  }}
+  init: "-1"
+  {{- else }}
+  init: "{{ add1 .Values.init.version }}"
+  {{- end }}
+
diff --git a/infra-ingress/templates/traefik/middleware-redirect-https.yaml b/infra-ingress/templates/traefik/middleware-redirect-https.yaml
new file mode 100644
index 0000000..5487232
--- /dev/null
+++ b/infra-ingress/templates/traefik/middleware-redirect-https.yaml
@@ -0,0 +1,14 @@
+{{- if and
+  (eq .Values.controller "traefik")
+  (.Capabilities.APIVersions.Has "traefik.io/v1alpha1/Middleware")
+}}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-https
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true
+{{- end }}
diff --git a/infra-ingress/templates/traefik/pvc.yaml b/infra-ingress/templates/traefik/pvc.yaml
new file mode 100644
index 0000000..382cfef
--- /dev/null
+++ b/infra-ingress/templates/traefik/pvc.yaml
@@ -0,0 +1,40 @@
+{{- if and
+  (eq .Values.controller "traefik")
+  (not .Values.external)
+  (.Values.traefik.hostPath)
+}}
+---
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: {{ .Release.Namespace }}-traefik-certs
+  labels:
+    type: local
+spec:
+  storageClassName: manual
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteOnce
+  claimRef:
+    apiVersion: v1
+    kind: PersistentVolumeClaim
+    name: traefik-certs
+    namespace: {{ .Release.Namespace }}
+  hostPath:
+    path: {{ .Values.traefik.hostPath | quote }}
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: traefik-certs
+spec:
+  storageClassName: manual
+  volumeName: {{ .Release.Namespace }}-traefik-certs
+  selector:
+  accessModes:
+   - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Mi
+{{- end }}
diff --git a/infra-ingress/templates/traefik/release.yaml b/infra-ingress/templates/traefik/release.yaml
new file mode 100644
index 0000000..b1f1229
--- /dev/null
+++ b/infra-ingress/templates/traefik/release.yaml
@@ -0,0 +1,83 @@
+{{- if (eq .Values.controller "traefik") }}
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: traefik
+spec:
+  chart:
+    spec:
+      sourceRef:
+        kind: HelmRepository
+        name: traefik
+      chart: traefik
+      interval: 30m
+  install:
+    {{- toYaml .Values.commons.helm.release.install | nindent 4 }}
+  test:
+    {{- toYaml .Values.commons.helm.release.test | nindent 4 }}
+  upgrade:
+    {{- toYaml .Values.commons.helm.release.upgrade | nindent 4 }}
+  interval: 10m
+  values:
+    deployment:
+      enabled: {{ toYaml (not .Values.external) }}
+      kind: DaemonSet
+
+    service:
+      enabled: {{ toYaml (not .Values.external) }}
+      ipFamilyPolicy: PreferDualStack
+      ipFamilies:
+        - IPv6
+        - IPv4
+
+    tolerations:
+      - key: "CriticalAddonsOnly"
+        operator: "Exists"
+      - key: "node-role.kubernetes.io/control-plane"
+        operator: "Exists"
+        effect: "NoSchedule"
+      - key: "node-role.kubernetes.io/master"
+        operator: "Exists"
+        effect: "NoSchedule"
+
+    priorityClassName: "system-cluster-critical"
+
+    ports:
+      websecure:
+        http3:
+          enabled: true
+
+    providers:
+      kubernetesIngress:
+        publishedService:
+          enabled: true
+
+    ingressRoute:
+      dashboard:
+        enabled: {{ toYaml (not .Values.external) }}
+        matchRule: Host(`lb.{{ .Values.commons.ingress.domain }}`) && (PathPrefix(`/api`, `/dashboard`))
+        entryPoints:
+          - "traefik"
+          - "websecure"
+
+    {{- if .Values.external }}
+    hub:
+      enabled: false
+    ingressClass:
+      enabled: false
+      isDefaultClass: true
+    rbac:
+      enabled: false
+    {{- end }}
+
+    metrics:
+      prometheus:
+        service:
+          enabled: 
+        {{- if (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1/ServiceMonitor") }}
+        serviceMonitor:
+          additionalLabels:
+            {{- toYaml $.Values.commons.prometheus.monitor.labels | nindent 12 }}
+        {{- end }}
+{{- end }}
diff --git a/infra-ingress/templates/traefik/repo.yaml b/infra-ingress/templates/traefik/repo.yaml
new file mode 100644
index 0000000..f61dc75
--- /dev/null
+++ b/infra-ingress/templates/traefik/repo.yaml
@@ -0,0 +1,10 @@
+{{- if (eq .Values.controller "traefik") }}
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: traefik
+spec:
+  url: https://helm.traefik.io/traefik
+  interval: 12h
+{{- end }}
diff --git a/infra-ingress/templates/traefik/services-insecure.yaml b/infra-ingress/templates/traefik/services-insecure.yaml
new file mode 100644
index 0000000..3e593c1
--- /dev/null
+++ b/infra-ingress/templates/traefik/services-insecure.yaml
@@ -0,0 +1,12 @@
+{{- if and
+  (eq .Values.controller "traefik")
+  (.Capabilities.APIVersions.Has "traefik.io/v1alpha1/ServersTransport")
+}}
+---
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: insecure
+spec:
+  insecureSkipVerify: true
+{{- end }}
diff --git a/infra-ingress/values.yaml b/infra-ingress/values.yaml
new file mode 100644
index 0000000..22c9b9c
--- /dev/null
+++ b/infra-ingress/values.yaml
@@ -0,0 +1,22 @@
+init:
+  version: 0
+  namespace: "bases"
+
+commons:
+  helm:
+    release:
+      install: {}
+      test: {}
+      upgrade: {}
+
+  ingress:
+    domain: "wrenix.eu"
+
+  prometheus:
+    monitor:
+      labels: {}
+
+controller: "traefik"
+external: true
+traefik:
+  hostPath: /srv/k8s/pv/pvc-traefik-certs