diff --git a/weave-gitops/dns-endpoint-weave-gitops.yaml b/weave-gitops/dns-endpoint-weave-gitops.yaml
new file mode 100644
index 0000000..0f48e16
--- /dev/null
+++ b/weave-gitops/dns-endpoint-weave-gitops.yaml
@@ -0,0 +1,12 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: weave-gitops.michaelthomson.dev
+  namespace: weave-gitops
+spec:
+  endpoints:
+  - dnsName: weave-gitops.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+    - server.michaelthomson.dev
diff --git a/weave-gitops/helmrelease-weave-gitops.yaml b/weave-gitops/helmrelease-weave-gitops.yaml
index c36f454..839306f 100644
--- a/weave-gitops/helmrelease-weave-gitops.yaml
+++ b/weave-gitops/helmrelease-weave-gitops.yaml
@@ -19,3 +19,19 @@ spec:
       create: true
       passwordHash: $2a$10$UbI.iTSJlbmim9A/FYGcHOSWdWnSd0Wwzdv5YXW4eGsPupA1nVW/y
       username: admin
+    ingress:
+      enabled: true
+      className: traefik
+      annotations:
+        traefik.ingress.kubernetes.io/router.tls: "true"
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
+      hosts:
+        - host: weave-gitops.michaelthomson.dev
+          paths:
+            - path: "/"
+              pathType: ImplementationSpecific
+      tls:
+        - secretName: letsencrypt-wildcard-cert-michaelthomson.dev
+          hosts:
+            - weave-gitops.michaelthomson.dev