diff --git a/clusters/cl01tl/applications/element-web/Chart.yaml b/clusters/cl01tl/applications/element-web/Chart.yaml
new file mode 100644
index 000000000..94074e034
--- /dev/null
+++ b/clusters/cl01tl/applications/element-web/Chart.yaml
@@ -0,0 +1,15 @@
+apiVersion: v2
+name: element-web
+version: 1.0.0
+sources:
+  - https://github.com/element-hq/element-web
+  - https://gitlab.com/ananace/charts/-/tree/master/charts/element-web
+dependencies:
+  - name: element-web
+    version: 1.3.21
+    repository: https://ananace.gitlab.io/charts
+  - name: app-template
+    alias: cloudflared
+    repository: https://bjw-s.github.io/helm-charts/
+    version: 3.1.0
+appVersion: "1.11.63"
diff --git a/clusters/cl01tl/applications/element-web/templates/external-secret.yaml b/clusters/cl01tl/applications/element-web/templates/external-secret.yaml
new file mode 100644
index 000000000..3e65c22ac
--- /dev/null
+++ b/clusters/cl01tl/applications/element-web/templates/external-secret.yaml
@@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: element-web-cloudflared-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: element-web-cloudflared-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: cf-tunnel-token
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cloudflare/tunnels/element
+        metadataPolicy: None
+        property: token
diff --git a/clusters/cl01tl/applications/element-web/values.yaml b/clusters/cl01tl/applications/element-web/values.yaml
new file mode 100644
index 000000000..f65a2cf70
--- /dev/null
+++ b/clusters/cl01tl/applications/element-web/values.yaml
@@ -0,0 +1,51 @@
+element-web:
+  replicaCount: 1
+  defaultServer:
+    url: https://matrix.alexlebens.dev
+    name: alexlebens.dev
+    identity_url: https://alexlebens.dev
+  config:
+    disable_3pid_login: true
+    brand: "Alex Lebens"
+    branding:
+      welcome_background_url: https://alexlebens-dev.nyc3.digitaloceanspaces.com/cl02do/assets/background.jpg
+      auth_header_logo_url: https://alexlebens-dev.nyc3.digitaloceanspaces.com/cl02do/assets/icon_white.png
+    sso_redirect_options:
+      immediate: true
+    default_theme: dark
+    default_country_code: US
+  ingress:
+    enabled: false
+  resources:
+    requests:
+      cpu: 100m
+      memory: 128Mi
+cloudflared:
+  global:
+    nameOverride: cloudflared
+  controllers:
+    main:
+      type: deployment
+      strategy: Recreate
+      containers:
+        main:
+          image:
+            repository: cloudflare/cloudflared
+            tag: "2024.5.0"
+            pullPolicy: IfNotPresent
+          args:
+            - tunnel
+            - --no-autoupdate
+            - run
+            - --token
+            - $(CF_MANAGED_TUNNEL_TOKEN)
+          env:
+            - name: CF_MANAGED_TUNNEL_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: element-web-cloudflared-secret
+                  key: cf-tunnel-token
+          resources:
+            requests:
+              cpu: 100m
+              memory: 128Mi