diff --git a/bootstrap/kustomizations/kustomization-rook-ceph-cluster.yaml b/bootstrap/kustomizations/kustomization-rook-ceph-cluster.yaml
new file mode 100644
index 0000000..503c2f3
--- /dev/null
+++ b/bootstrap/kustomizations/kustomization-rook-ceph-cluster.yaml
@@ -0,0 +1,20 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: rook-ceph-cluster
+  namespace: flux-system
+spec:
+  dependsOn:
+  - name: "rook-ceph"
+  interval: 15m
+  path: ./rook-ceph-cluster
+  prune: true # remove any elements later removed from the above path
+  timeout: 2m # if not set, this defaults to interval duration, which is 1h
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta2
+      kind: HelmRelease
+      name: rook-ceph-cluster
+      namespace: rook-ceph
diff --git a/rook-ceph-cluster/dns-endpoint.yaml b/rook-ceph-cluster/dns-endpoint.yaml
new file mode 100644
index 0000000..5cd7f0d
--- /dev/null
+++ b/rook-ceph-cluster/dns-endpoint.yaml
@@ -0,0 +1,12 @@
+apiVersion: externaldns.k8s.io/v1alpha1
+kind: DNSEndpoint
+metadata:
+  name: rook.michaelthomson.dev
+  namespace: rook-ceph
+spec:
+  endpoints:
+  - dnsName: rook.michaelthomson.dev
+    recordTTL: 180
+    recordType: CNAME
+    targets:
+    - server.michaelthomson.dev
diff --git a/rook-ceph-cluster/helmrelease-rook-ceph-cluster.yaml b/rook-ceph-cluster/helmrelease-rook-ceph-cluster.yaml
new file mode 100644
index 0000000..ec885d1
--- /dev/null
+++ b/rook-ceph-cluster/helmrelease-rook-ceph-cluster.yaml
@@ -0,0 +1,48 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta2
+kind: HelmRelease
+metadata:
+  name: rook-ceph-cluster
+  namespace: rook-ceph
+spec:
+  chart:
+    spec:
+      chart: rook-ceph-cluster
+      version: 1.15.x
+      sourceRef:
+        kind: HelmRepository
+        name: rook-release
+        namespace: flux-system
+  interval: 30m
+  timeout: 10m
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: -1 # keep trying to remediate
+    crds: CreateReplace # Upgrade CRDs on package update
+  releaseName: rook-ceph-cluster
+  values:
+    toolbox:
+      enabled: true
+
+    cephClusterSpec:
+      storage:
+        useAllNodes: true
+        useAllDevices: false
+        deviceFilter: sda
+
+    ingress:
+      dashboard:
+        annotations:
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+          traefik.ingress.kubernetes.io/router.tls: "true"
+        hosts:
+          - host: rook.michaelthomson.dev
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - rook.michaelthomson.dev
+            secretName: letsencrypt-wildcard-cert-michaelthomson.dev