diff --git a/.editorconfig b/.editorconfig
new file mode 100644
index 0000000..db87e1f
--- /dev/null
+++ b/.editorconfig
@@ -0,0 +1,8 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 2
+charset = utf-8
+trim_trailing_whitespace = false
+insert_final_newline = false
\ No newline at end of file
diff --git a/k8s/README.md b/k8s/README.md
index 5fa5ad9..f982e9a 100644
--- a/k8s/README.md
+++ b/k8s/README.md
@@ -10,6 +10,7 @@ This folder holds all the services required for my private infrastructure. Follo
 
 ```yaml
 k create ns flux
+k create ns cert-manager
 k create ns infrapuzzle
 
 ```
diff --git a/k8s/busybox.yaml b/k8s/busybox.yaml
new file mode 100644
index 0000000..bfd81ae
--- /dev/null
+++ b/k8s/busybox.yaml
@@ -0,0 +1,28 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  labels:
+    app: busybox
+  name: busybox
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: busybox
+  strategy: {}
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: busybox
+    spec:
+      containers:
+      - image: busybox
+        name: busybox
+        resources: {}
+        command:
+                - "sleep"
+                - "3600"
+        stdin: true
+        tty: true
diff --git a/k8s/infrapuzzle/cert-manager.yaml b/k8s/cert-manager/cert-manager.yaml
similarity index 59%
rename from k8s/infrapuzzle/cert-manager.yaml
rename to k8s/cert-manager/cert-manager.yaml
index cf67c15..58a0fde 100644
--- a/k8s/infrapuzzle/cert-manager.yaml
+++ b/k8s/cert-manager/cert-manager.yaml
@@ -5,12 +5,16 @@ metadata:
   namespace: flux
 spec:
   releaseName: cert-manager
-  targetNamespace: infrapuzzle
+  targetNamespace: cert-manager
   chart:
     repository: https://charts.jetstack.io
     version: v0.14.1
     name: cert-manager
   values:
-    global:
-      rbac:
-        create: true
+    replicaCount: 1
+    webhook:
+      replicaCount: 1
+    podLabels:
+      app: cert-manager
+    prometheus:
+      enabled: false
diff --git a/k8s/cert-manager/production-issuer.yaml b/k8s/cert-manager/production-issuer.yaml
new file mode 100644
index 0000000..6466ea0
--- /dev/null
+++ b/k8s/cert-manager/production-issuer.yaml
@@ -0,0 +1,19 @@
+   apiVersion: cert-manager.io/v1alpha2
+   kind: Issuer
+   metadata:
+     name: letsencrypt-prod
+     namespace: cert-manager
+   spec:
+     acme:
+       # The ACME server URL
+       server: https://acme-v02.api.letsencrypt.org/directory
+       # Email address used for ACME registration
+       email: moritz@moritzgraf.de
+       # Name of a secret used to store the ACME account private key
+       privateKeySecretRef:
+         name: letsencrypt-prod
+       # Enable the HTTP-01 challenge provider
+       solvers:
+       - http01:
+           ingress:
+             class: nginx
diff --git a/k8s/cert-manager/staging-issuer.yaml b/k8s/cert-manager/staging-issuer.yaml
new file mode 100644
index 0000000..4eb535b
--- /dev/null
+++ b/k8s/cert-manager/staging-issuer.yaml
@@ -0,0 +1,19 @@
+   apiVersion: cert-manager.io/v1alpha2
+   kind: Issuer
+   metadata:
+     name: letsencrypt-staging
+     namespace: cert-manager
+   spec:
+     acme:
+       # The ACME server URL
+       server: https://acme-staging-v02.api.letsencrypt.org/directory
+       # Email address used for ACME registration
+       email: moritz@moritzgraf.de
+       # Name of a secret used to store the ACME account private key
+       privateKeySecretRef:
+         name: letsencrypt-staging
+       # Enable the HTTP-01 challenge provider
+       solvers:
+       - http01:
+           ingress:
+             class:  nginx
diff --git a/k8s/default/deployment.yaml b/k8s/default/deployment.yaml
new file mode 100644
index 0000000..f97bc72
--- /dev/null
+++ b/k8s/default/deployment.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kuard
+  namespace: default
+spec:
+  selector:
+    matchLabels:
+      app: kuard
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: kuard
+    spec:
+      containers:
+      - image: gcr.io/kuar-demo/kuard-amd64:1
+        imagePullPolicy: Always
+        name: kuard
+        ports:
+        - containerPort: 8080
diff --git a/k8s/default/ingress.yaml b/k8s/default/ingress.yaml
new file mode 100644
index 0000000..4d49925
--- /dev/null
+++ b/k8s/default/ingress.yaml
@@ -0,0 +1,22 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: kuard
+  namespace: default
+  annotations:
+    kubernetes.io/ingress.class: "nginx"    
+    cert-manager.io/issuer: "letsencrypt-staging"
+
+spec:
+  tls:
+  - hosts:
+    - kuard.haumdaucher.de
+    secretName: kuard-haumdaucher
+  rules:
+  - host: kuard.haumdaucher.de
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: kuard
+          servicePort: 80
diff --git a/k8s/default/service.yaml b/k8s/default/service.yaml
new file mode 100644
index 0000000..f110b09
--- /dev/null
+++ b/k8s/default/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kuard
+  namespace: default
+spec:
+  ports:
+  - port: 80
+    targetPort: 8080
+    protocol: TCP
+  selector:
+    app: kuard