diff --git a/.DS_Store b/.DS_Store
deleted file mode 100644
index 2ddac0d..0000000
Binary files a/.DS_Store and /dev/null differ
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e43b0f9
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.DS_Store
diff --git a/argocd/.DS_Store b/argocd/.DS_Store
deleted file mode 100644
index 71d98e9..0000000
Binary files a/argocd/.DS_Store and /dev/null differ
diff --git a/argocd/apps/.DS_Store b/argocd/apps/.DS_Store
deleted file mode 100644
index 1a2403d..0000000
Binary files a/argocd/apps/.DS_Store and /dev/null differ
diff --git a/argocd/apps/cert-manager/include/passbolt-certificate.yaml b/argocd/apps/cert-manager/include/passbolt-certificate.yaml
new file mode 100644
index 0000000..c5b8a67
--- /dev/null
+++ b/argocd/apps/cert-manager/include/passbolt-certificate.yaml
@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: passbolt-cert
+  namespace: kube-system
+spec:
+  secretName: passbolt-tls
+  issuerRef:
+    name: lets-encrypt
+    kind: ClusterIssuer
+  commonName: passbolt.innovation-hub-niedersachsen.de
+  dnsNames:
+    - passbolt.innovation-hub-niedersachsen.de
diff --git a/config/passbolt/passbolt-ingressroute.yaml b/config/passbolt/passbolt-ingressroute.yaml
new file mode 100644
index 0000000..0a9205b
--- /dev/null
+++ b/config/passbolt/passbolt-ingressroute.yaml
@@ -0,0 +1,53 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: passbolt-stripprefix
+  namespace: kube-system
+spec:
+  stripPrefix:
+    prefixes:
+      - /
+---
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: passbolt-transport
+  namespace: kube-system
+spec:
+  insecureSkipVerify: true
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: passbolt-external
+  namespace: kube-system
+  annotations:
+    cert-manager.io/cluster-issuer: "lets-encrypt"
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`passbolt.innovation-hub-niedersachsen.de`)
+      kind: Rule
+      services:
+        - name: passbolt-external-service
+          port: 3001
+          scheme: http
+          serversTransport: passbolt-transport
+      middlewares:
+        - name: passbolt-stripprefix
+  tls:
+    secretName: passbolt-tls
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: passbolt-external-service
+  namespace: kube-system
+spec:
+  type: ExternalName
+  externalName: 192-168-4-106.nip.io
+  ports:
+    - port: 3001
+      targetPort: 3001