diff --git a/k8s/05-frontend.yaml b/k8s/05-frontend.yaml
index 345bfb3..eefd192 100755
--- a/k8s/05-frontend.yaml
+++ b/k8s/05-frontend.yaml
@@ -34,10 +34,9 @@ metadata:
   name: frontend-service
   namespace: web-portal
 spec:
-  type: NodePort
+  type: ClusterIP
   selector:
     app: frontend
   ports:
   - port: 80
     targetPort: 80
-    nodePort: 30090
diff --git a/k8s/07-clusterissuer.yaml b/k8s/07-clusterissuer.yaml
new file mode 100755
index 0000000..90d4e53
--- /dev/null
+++ b/k8s/07-clusterissuer.yaml
@@ -0,0 +1,14 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt-prod
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: cyanburu@gmail.com
+    privateKeySecretRef:
+      name: letsencrypt-prod-key
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
diff --git a/k8s/08-ingress.yaml b/k8s/08-ingress.yaml
new file mode 100755
index 0000000..d7461ad
--- /dev/null
+++ b/k8s/08-ingress.yaml
@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: web-portal-ingress
+  namespace: web-portal
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "10"
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - cyanburu.com
+    secretName: web-portal-tls
+  rules:
+  - host: cyanburu.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: frontend-service
+            port:
+              number: 80