diff --git a/infra/k9s/deployment.yaml b/infra/k9s/deployment.yaml
new file mode 100755
index 0000000..6987d25
--- /dev/null
+++ b/infra/k9s/deployment.yaml
@@ -0,0 +1,23 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: k9s
+  namespace: k9s
+  labels:
+    app: k9s
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: k9s
+  template:
+    metadata:
+      labels:
+        app: k9s
+    spec:
+      serviceAccountName: k9s-sa
+      containers:
+      - name: k9s
+        image: ghcr.io/lordmathis/k9s-web:latest
+        ports:
+        - containerPort: 7681
diff --git a/infra/k9s/ingress.yaml b/infra/k9s/ingress.yaml
new file mode 100644
index 0000000..3adc5e5
--- /dev/null
+++ b/infra/k9s/ingress.yaml
@@ -0,0 +1,16 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: k9s-ingress
+  namespace: k9s
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`k9s.namesny.com`)
+    kind: Rule
+    middlewares:
+    - name: "auth-authelia@kubernetescrd"
+    services:
+    - name: k9s-svc
+      port: 7681
diff --git a/infra/k9s/kustomization.yaml b/infra/k9s/kustomization.yaml
new file mode 100644
index 0000000..79bffea
--- /dev/null
+++ b/infra/k9s/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: k9s
+
+resources:
+- namespace.yaml
+- rbac.yaml
+- deployment.yaml
+- service.yaml
+- ingress.yaml
+
diff --git a/infra/k9s/namespace.yaml b/infra/k9s/namespace.yaml
new file mode 100644
index 0000000..d4d7b26
--- /dev/null
+++ b/infra/k9s/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: k9s
diff --git a/infra/k9s/rbac.yaml b/infra/k9s/rbac.yaml
new file mode 100644
index 0000000..2c1aa38
--- /dev/null
+++ b/infra/k9s/rbac.yaml
@@ -0,0 +1,35 @@
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: k9s-reader
+rules:
+  - apiGroups: [""]
+    resources: ["*"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["*"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["batch"]
+    resources: ["*"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: k9s
+subjects:
+  - kind: ServiceAccount
+    name: k9s-sa
+    namespace: k9s
+roleRef:
+  kind: ClusterRole
+  name: k9s-reader
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: k9s-sa
+  namespace: k9s
diff --git a/infra/k9s/service.yaml b/infra/k9s/service.yaml
new file mode 100644
index 0000000..b609d8d
--- /dev/null
+++ b/infra/k9s/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: k9s-svc
+  namespace: k9s
+spec:
+  selector:
+    app: k9s
+  type: ClusterIP
+  ports:
+  - protocol: TCP
+    port: 7681
+    targetPort: 7681