diff --git a/apps/kustomization.yaml b/apps/kustomization.yaml
index 513df92..0c6b3d9 100644
--- a/apps/kustomization.yaml
+++ b/apps/kustomization.yaml
@@ -4,7 +4,6 @@ resources:
   - ./lldap
   - ./authelia
   - ./grafana
-  - ./traefik-dashboard
 
   - ./whoami.yaml
   - ./akri-demo.yaml
diff --git a/apps/traefik-dashboard/ingress.yaml b/apps/traefik-dashboard/ingress.yaml
deleted file mode 100644
index e66b4be..0000000
--- a/apps/traefik-dashboard/ingress.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: traefik-dashboard
-  namespace: traefik
-spec:
-  entryPoints:
-    - websecure
-  routes:
-    - match: Host(`traefik.${domain}`)
-      kind: Rule
-      middlewares:
-        - name: forwardauth-authelia
-          namespace: authelia
-      services:
-        - name: api@internal
-          kind: TraefikService
-  tls:
-    secretName: ${domain//./-}-tls
diff --git a/clusters/titan.lan.huizinga.dev/apps.yaml b/clusters/titan.lan.huizinga.dev/apps.yaml
index c4f7ab2..e79a965 100644
--- a/clusters/titan.lan.huizinga.dev/apps.yaml
+++ b/clusters/titan.lan.huizinga.dev/apps.yaml
@@ -6,6 +6,7 @@ metadata:
 spec:
   dependsOn:
     - name: infra-configs
+    - name: traefik
   decryption:
     provider: sops
     secretRef:
diff --git a/clusters/titan.lan.huizinga.dev/infra/traefik-middleware.yaml b/clusters/titan.lan.huizinga.dev/infra/traefik-middleware.yaml
new file mode 100644
index 0000000..a8dc028
--- /dev/null
+++ b/clusters/titan.lan.huizinga.dev/infra/traefik-middleware.yaml
@@ -0,0 +1,16 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: traefik-middleware
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./infra/traefik-middleware
+  dependsOn:
+    - name: traefik
+  prune: true
+  timeout: 10m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
diff --git a/clusters/titan.lan.huizinga.dev/infra/traefik.yaml b/clusters/titan.lan.huizinga.dev/infra/traefik.yaml
new file mode 100644
index 0000000..9305d07
--- /dev/null
+++ b/clusters/titan.lan.huizinga.dev/infra/traefik.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: traefik
+  namespace: flux-system
+spec:
+  interval: 15m
+  path: ./infra/traefik
+  prune: true
+  timeout: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  postBuild:
+    substituteFrom:
+      - kind: ConfigMap
+        name: domain-vars
diff --git a/infrastructure/configs/middleware.yaml b/infra/traefik-middleware/default-headers.yaml
similarity index 54%
rename from infrastructure/configs/middleware.yaml
rename to infra/traefik-middleware/default-headers.yaml
index 986309d..f8b8578 100644
--- a/infrastructure/configs/middleware.yaml
+++ b/infra/traefik-middleware/default-headers.yaml
@@ -2,7 +2,6 @@ apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
   name: default-headers
-  namespace: default
 spec:
   headers:
     browserXssFilter: true
@@ -14,21 +13,3 @@ spec:
     customFrameOptionsValue: SAMEORIGIN
     customRequestHeaders:
       X-Forwarded-Proto: https
----
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: test-errors
-  namespace: default
-spec:
-  errors:
-    status:
-      - "403"
-      - "500"
-      - "501"
-      - "503"
-      - "505-599"
-    query: /{status}.html
-    service:
-      name: whoami
-      port: 80
diff --git a/apps/traefik-dashboard/kustomization.yaml b/infra/traefik-middleware/kustomization.yaml
similarity index 77%
rename from apps/traefik-dashboard/kustomization.yaml
rename to infra/traefik-middleware/kustomization.yaml
index b3b3c7d..8ee4654 100644
--- a/apps/traefik-dashboard/kustomization.yaml
+++ b/infra/traefik-middleware/kustomization.yaml
@@ -2,4 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: traefik
 resources:
-  - ingress.yaml
+  - ./default-headers.yaml
diff --git a/infrastructure/controllers/traefik.yaml b/infra/traefik/helm-release.yaml
similarity index 78%
rename from infrastructure/controllers/traefik.yaml
rename to infra/traefik/helm-release.yaml
index 3a7cdf5..99b17de 100644
--- a/infrastructure/controllers/traefik.yaml
+++ b/infra/traefik/helm-release.yaml
@@ -1,17 +1,3 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: traefik
----
-apiVersion: source.toolkit.fluxcd.io/v1
-kind: HelmRepository
-metadata:
-  name: traefik
-  namespace: traefik
-spec:
-  interval: 1m0s
-  url: https://traefik.github.io/charts
----
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
@@ -46,13 +32,24 @@ spec:
           port: websecure
       websecure:
         middlewares:
-          - default-default-headers@kubernetescrd
-          - default-test-errors@kubernetescrd
+          - traefik-default-headers@kubernetescrd
 
     providers:
       kubernetesCRD:
         allowCrossNamespace: true
 
+    ingressRoute:
+      dashboard:
+        enabled: true
+        entryPoints:
+          - websecure
+        matchRule: Host(`traefik.${domain}`)
+        middlewares:
+          - name: forwardauth-authelia
+            namespace: authelia
+        tls:
+          secretName: ${domain//./-}-tls
+
     # This is needed in order to properly forward the real ip to each service
     # There are likely better ways of handling that, but for now this works
     # TODO(Tim): Figure out how to properly forward the IP
diff --git a/infra/traefik/helm-repository.yaml b/infra/traefik/helm-repository.yaml
new file mode 100644
index 0000000..c1ac1bc
--- /dev/null
+++ b/infra/traefik/helm-repository.yaml
@@ -0,0 +1,7 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: traefik
+spec:
+  interval: 1m0s
+  url: https://traefik.github.io/charts
diff --git a/infra/traefik/kustomization.yaml b/infra/traefik/kustomization.yaml
new file mode 100644
index 0000000..a03a1df
--- /dev/null
+++ b/infra/traefik/kustomization.yaml
@@ -0,0 +1,7 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: traefik
+resources:
+  - ./namespace.yaml
+  - ./helm-repository.yaml
+  - ./helm-release.yaml
diff --git a/infra/traefik/namespace.yaml b/infra/traefik/namespace.yaml
new file mode 100644
index 0000000..c088a91
--- /dev/null
+++ b/infra/traefik/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: traefik
diff --git a/infrastructure/configs/kustomization.yaml b/infrastructure/configs/kustomization.yaml
index 4cf0fee..52e911f 100644
--- a/infrastructure/configs/kustomization.yaml
+++ b/infrastructure/configs/kustomization.yaml
@@ -1,6 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - ./middleware.yaml
-
   - ./intel-devices
diff --git a/infrastructure/controllers/kustomization.yaml b/infrastructure/controllers/kustomization.yaml
index fe8cbef..674341f 100644
--- a/infrastructure/controllers/kustomization.yaml
+++ b/infrastructure/controllers/kustomization.yaml
@@ -2,7 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - akri.yaml
-  - traefik.yaml
   - cloudnative-pg.yaml
   - ./rook
   - ./topolvm