diff --git a/kube-prometheus-stack/templates/ingress.yaml b/kube-prometheus-stack/templates/ingress.yaml
new file mode 100644
index 0000000..e529355
--- /dev/null
+++ b/kube-prometheus-stack/templates/ingress.yaml
@@ -0,0 +1,68 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: grafana-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`grafana.durp.info`) && PathPrefix(`/`) 
+    kind: Rule
+    services:
+    - name: grafana
+      port: 80
+  tls:
+    secretName: grafana-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: grafana-tls
+spec:
+  secretName: grafana-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "grafana.durp.info"
+  dnsNames:
+  - "grafana.durp.info"  
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: alertmanager-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`alertmanager.durp.info`) && PathPrefix(`/`) 
+    middlewares:
+    - name: whitelist
+      namespace: traefik
+    - name: authentik-proxy-provider
+      namespace: traefik    
+    kind: Rule
+    services:
+    - name: prometheus-alertmanager
+      port: 9093
+  tls:
+    secretName: alertmanager-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: alertmanager-tls
+spec:
+  secretName: alertmanager-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "alertmanager.durp.info"
+  dnsNames:
+  - "alertmanager.durp.info"  
\ No newline at end of file
diff --git a/kube-prometheus-stack/values.yaml b/kube-prometheus-stack/values.yaml
index 9b3663a..19436ac 100644
--- a/kube-prometheus-stack/values.yaml
+++ b/kube-prometheus-stack/values.yaml
@@ -34,19 +34,7 @@ kube-prometheus-stack:
     fullnameOverride: alertmanager
     enabled: true
     ingress:
-      enabled: true
-      annotations:
-        cert-manager.io/cluster-issuer: letsencrypt-production
-        kubernetes.io/ingress.class: traefik
-        nginx.ingress.kubernetes.io/auth-response-headers: Authorization     
-      hosts:
-        - alertmanager.durp.info
-      paths: 
-        - /
-      tls: 
-      - secretName: alertmanager-tls
-        hosts:
-        - alertmanager.durp.info
+      enabled: false
   grafana:
     enabled: true
     fullnameOverride: grafana
@@ -63,18 +51,7 @@ kube-prometheus-stack:
       userKey: admin-user
       passwordKey: admin-password
     ingress:
-      enabled: true
-      annotations:
-        cert-manager.io/cluster-issuer: letsencrypt-production
-        kubernetes.io/ingress.class: traefik
-      hosts:
-        - grafana.durp.info
-      paths: 
-        - /
-      tls: 
-      - secretName: grafana-tls
-        hosts:
-        - grafana.durp.info      
+      enabled: false   
     grafana.ini:
       server:
         root_url: https://grafana.durp.info