diff --git a/clusters/cl01tl/platform/authentik/templates/gateway.yaml b/clusters/cl01tl/platform/authentik/templates/gateway.yaml
new file mode 100644
index 000000000..c2376e89b
--- /dev/null
+++ b/clusters/cl01tl/platform/authentik/templates/gateway.yaml
@@ -0,0 +1,22 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: authentik-tls-gateway
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: authentik-tls-gateway
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: network
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  gatewayClassName: cilium
+  listeners:
+    - name: https
+      protocol: HTTPS
+      port: 443
+      hostname: auth.alexlebens.net
+      tls:
+        certificateRefs:
+          - kind: Secret
+            name: authentik-tls-gateway
diff --git a/clusters/cl01tl/platform/authentik/templates/http-route.yaml b/clusters/cl01tl/platform/authentik/templates/http-route.yaml
new file mode 100644
index 000000000..db3adfc9f
--- /dev/null
+++ b/clusters/cl01tl/platform/authentik/templates/http-route.yaml
@@ -0,0 +1,24 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: authentik-https-app-route
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: authentik-https-app-route
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: network
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - name: authentik-tls-gateway
+  hostnames:
+    - auth.alexlebens.net
+  rules:
+    - matches:
+        - path:
+            type: Prefix
+            value: /
+      backendRefs:
+        - name: authentik-server
+          port: 80