diff --git a/apps/apps-namespace.yaml b/apps/apps-namespace.yaml
new file mode 100644
index 0000000..01113b9
--- /dev/null
+++ b/apps/apps-namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: apps
\ No newline at end of file
diff --git a/apps/whoami.yaml b/apps/whoami.yaml
new file mode 100644
index 0000000..b0b2d7e
--- /dev/null
+++ b/apps/whoami.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- apps-namespace.yaml
+- ./whoami
\ No newline at end of file
diff --git a/apps/whoami/deployment.yaml b/apps/whoami/deployment.yaml
new file mode 100644
index 0000000..bc47eae
--- /dev/null
+++ b/apps/whoami/deployment.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: whoami
+  namespace: apps
+spec:
+  selector:
+    matchLabels:
+      app: whoami
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: whoami
+    spec:
+      containers:
+        - name: whoami
+          image: traefik/whoami
+          ports:
+            - containerPort: 80
\ No newline at end of file
diff --git a/apps/whoami/ingress.yaml b/apps/whoami/ingress.yaml
new file mode 100644
index 0000000..9ca58cb
--- /dev/null
+++ b/apps/whoami/ingress.yaml
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: whoami-ingress
+  namespace: apps
+spec:
+  rules:
+  - http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: whoami
+            port:
+              name: web
\ No newline at end of file
diff --git a/apps/whoami/kustomization.yaml b/apps/whoami/kustomization.yaml
new file mode 100644
index 0000000..f553eb8
--- /dev/null
+++ b/apps/whoami/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: apps
+resources:
+- deployment.yaml
\ No newline at end of file
diff --git a/apps/whoami/service.yaml b/apps/whoami/service.yaml
new file mode 100644
index 0000000..21dfb58
--- /dev/null
+++ b/apps/whoami/service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: whoami
+  namespace: apps
+
+spec:
+  ports:
+    - name: web
+      port: 80
+      targetPort: web
+
+  selector:
+    app: whoami
\ No newline at end of file
diff --git a/clusters/talos/apps.yaml b/clusters/talos/apps.yaml
new file mode 100644
index 0000000..b423764
--- /dev/null
+++ b/clusters/talos/apps.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: apps
+  namespace: flux-system
+spec:
+  interval: 1h
+  retryInterval: 1m
+  timeout: 5m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./apps
+  prune: true
\ No newline at end of file
diff --git a/clusters/talos/infrastructure.yaml b/clusters/talos/infrastructure.yaml
new file mode 100644
index 0000000..19bcb7f
--- /dev/null
+++ b/clusters/talos/infrastructure.yaml
@@ -0,0 +1,14 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: infrastructure
+  namespace: flux-system
+spec:
+  interval: 1h
+  retryInterval: 1m
+  timeout: 5m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  path: ./infrastructure
+  prune: true
\ No newline at end of file
diff --git a/clusters/talos/kustomization.yaml b/clusters/talos/kustomization.yaml
new file mode 100644
index 0000000..c3eeac1
--- /dev/null
+++ b/clusters/talos/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- infrastructure.yaml
+- apps.yaml
\ No newline at end of file
diff --git a/infrastructure/ingress-namespace.yaml b/infrastructure/ingress-namespace.yaml
new file mode 100644
index 0000000..9011a7f
--- /dev/null
+++ b/infrastructure/ingress-namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ingress
\ No newline at end of file
diff --git a/infrastructure/traefik.yaml b/infrastructure/traefik.yaml
new file mode 100644
index 0000000..b0b2d7e
--- /dev/null
+++ b/infrastructure/traefik.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- apps-namespace.yaml
+- ./whoami
\ No newline at end of file
diff --git a/infrastructure/traefik/kustomization.yaml b/infrastructure/traefik/kustomization.yaml
new file mode 100644
index 0000000..97368c6
--- /dev/null
+++ b/infrastructure/traefik/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- traefik-repository.yaml
+- traefik-helm-release.yaml
diff --git a/infrastructure/traefik/traefik-helm-release.yaml b/infrastructure/traefik/traefik-helm-release.yaml
new file mode 100644
index 0000000..8fc3720
--- /dev/null
+++ b/infrastructure/traefik/traefik-helm-release.yaml
@@ -0,0 +1,18 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: traefik
+  namespace: ingress
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: traefik
+      version: '26.0.0'
+      sourceRef:
+        kind: HelmRepository
+        name: traefik
+        namespace: ingress
+      interval: 15m
+      valuesFiles:
+        - values.yaml
\ No newline at end of file
diff --git a/infrastructure/traefik/traefik-repository.yaml b/infrastructure/traefik/traefik-repository.yaml
new file mode 100644
index 0000000..eeb88f3
--- /dev/null
+++ b/infrastructure/traefik/traefik-repository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: traefik
+  namespace: ingress
+spec:
+  interval: 15m
+  url: https://traefik.github.io/charts
\ No newline at end of file
diff --git a/infrastructure/traefik/values.yaml b/infrastructure/traefik/values.yaml
new file mode 100644
index 0000000..e69de29
diff --git a/talos/readme.md b/talos/readme.md
index 6f12f93..5aa7b71 100644
--- a/talos/readme.md
+++ b/talos/readme.md
@@ -65,3 +65,22 @@ And apply that control plane yaml with
 
 `helm repo add cilium https://helm.cilium.io/`
 `helm repo update`
+
+```sh
+helm install \
+    cilium \
+    cilium/cilium \
+    --version 1.15.0 \
+    --namespace kube-system \
+    --set ipam.mode=kubernetes \
+    --set=kubeProxyReplacement=disabled \
+    --set=securityContext.capabilities.ciliumAgent="{CHOWN,KILL,NET_ADMIN,NET_RAW,IPC_LOCK,SYS_ADMIN,SYS_RESOURCE,DAC_OVERRIDE,FOWNER,SETGID,SETUID}" \
+    --set=securityContext.capabilities.cleanCiliumState="{NET_ADMIN,SYS_ADMIN,SYS_RESOURCE}" \
+    --set=cgroup.autoMount.enabled=false \
+    --set=cgroup.hostRoot=/sys/fs/cgroup
+```
+
+## Flux
+
+`flux bootstrap git --private-key-file=/config/.ssh/gitea --url ssh://git@gitea.home.joemonk.co.uk:2222/joe/gitops.git --branch ma
+in --path=clusters/talos`
\ No newline at end of file