diff --git a/internalproxy/templates/switch01 b/internalproxy/templates/switch01
new file mode 100644
index 0000000..e9f44fb
--- /dev/null
+++ b/internalproxy/templates/switch01
@@ -0,0 +1,62 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: switch01
+spec:
+  ports:
+  - name: app
+    port: 80
+    protocol: TCP
+    targetPort: 80
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: switch01
+subsets:
+- addresses:
+  - ip: 192.168.21.3
+  ports:
+  - name: app
+    port: 80
+    protocol: TCP
+
+---    
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: switch01-ingress
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-production 
+    nginx.ingress.kubernetes.io/whitelist-source-range: "192.168.0.0/16"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    nginx.ingress.kubernetes.io/auth-url: |-
+    http://ak-outpost-authentik-embedded-outpost.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
+    nginx.ingress.kubernetes.io/auth-signin: |-
+        https://switch01.internal.durp.info/outpost.goauthentik.io/start?rd=$escaped_request_uri
+    nginx.ingress.kubernetes.io/auth-response-headers: |-
+        Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email,X-authentik-name,X-authentik-uid
+    nginx.ingress.kubernetes.io/auth-snippet: |
+        proxy_set_header X-Forwarded-Host $http_host;
+spec:
+  rules:
+  - host: switch01.internal.durp.info
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: overlord
+            port: 
+              number: 8006         
+  tls:
+    - hosts: 
+      - overlord.internal.durp.info
+      secretName: overlord-tls