diff --git a/clusters/cl01tl/applications/koel/templates/ingress-route.yaml b/clusters/cl01tl/applications/koel/templates/ingress-route.yaml
deleted file mode 100644
index 771e85bac..000000000
--- a/clusters/cl01tl/applications/koel/templates/ingress-route.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: koel
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: koel
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: web
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - kind: Rule
-      match: Host(`koel.alexlebens.net`)
-      middlewares:
-        - name: authentik-koel
-          namespace: {{ .Release.Namespace }}
-      priority: 10
-      services:
-        - kind: Service
-          name: koel
-          port: 80
-    - kind: Rule
-      match: Host(`koel.alexlebens.net`) && PathPrefix(`/outpost.goauthentik.io/`)"
-      priority: 15
-      services:
-        - kind: Service
-          name: authentik-outpost-proxy
-          port: 9000
-          namespace: authentik
diff --git a/clusters/cl01tl/applications/koel/templates/middleware.yaml b/clusters/cl01tl/applications/koel/templates/middleware.yaml
deleted file mode 100644
index c26ff9410..000000000
--- a/clusters/cl01tl/applications/koel/templates/middleware.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: authentik-koel
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: authentik-koel
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    app.kubernetes.io/component: auth
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  forwardAuth:
-    address: http://authentik-outpost-proxy.authentik:9000/outpost.goauthentik.io/auth/traefik
-    trustForwardHeader: true
-    authResponseHeaders:
-      - X-authentik-username
-      - X-authentik-groups
-      - X-authentik-email
-      - X-authentik-name
-      - X-authentik-uid
-      - X-authentik-jwt
-      - X-authentik-meta-jwks
-      - X-authentik-meta-outpost
-      - X-authentik-meta-provider
-      - X-authentik-meta-app
-      - X-authentik-meta-version
diff --git a/clusters/cl01tl/applications/koel/values.yaml b/clusters/cl01tl/applications/koel/values.yaml
index 7a88d2550..93b62c396 100644
--- a/clusters/cl01tl/applications/koel/values.yaml
+++ b/clusters/cl01tl/applications/koel/values.yaml
@@ -97,6 +97,26 @@ koel:
           port: 80
           targetPort: 80
           protocol: HTTP
+  ingress:
+    main:
+      enabled: true
+      className: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        cert-manager.io/cluster-issuer: letsencrypt-issuer
+      hosts:
+        - host: koel.alexlebens.net
+          paths:
+            - path: /
+              pathType: Prefix
+              service:
+                name: koel
+                port: 80
+      tls:
+        - secretName: koel-secret-tls
+          hosts:
+            - koel.alexlebens.net
   persistence:
     covers:
       storageClass: ceph-block