diff --git a/ohmyform/templates/deployment.yaml b/ohmyform/templates/deployment.yaml
index 20b8ae2..e9166b0 100644
--- a/ohmyform/templates/deployment.yaml
+++ b/ohmyform/templates/deployment.yaml
@@ -11,6 +11,9 @@ spec:
   strategy:
     type: Recreate
   template:
+    metadata:
+      labels:
+        app: ohmyform
     spec:
       containers:
         - env:
diff --git a/ohmyform/templates/ingress.yaml b/ohmyform/templates/ingress.yaml
new file mode 100644
index 0000000..0f217c2
--- /dev/null
+++ b/ohmyform/templates/ingress.yaml
@@ -0,0 +1,47 @@
+---
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "ohmyform.fullname" . -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    app.kubernetes.io/name: {{ include "ohmyform.name" . }}
+    helm.sh/chart: {{ include "ohmyform.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+  {{- if or (.Capabilities.APIVersions.Has "networking.k8s.io/v1/IngressClass") (.Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/IngressClass") }}
+  {{- if .Values.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.ingress.ingressClassName }}
+  {{- end }}
+  {{- end }}
+{{- if .Values.ingress.tls }}
+  tls:
+  {{- range .Values.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . | quote }}
+      http:
+        paths:
+          - pathType: Prefix
+            path: {{ $ingressPath }}
+            backend:
+              service:
+                name: {{ $fullName }}
+                port:
+                  name: http
+  {{- end }}
+{{- end }}
diff --git a/ohmyform/values.yaml b/ohmyform/values.yaml
index d92e07d..a3e047a 100644
--- a/ohmyform/values.yaml
+++ b/ohmyform/values.yaml
@@ -3,3 +3,33 @@ image:
   repository: ohmyform/ohmyform
   pullPolicy: IfNotPresent
   tag: ""
+
+nameOverride: ""
+fullnameOverride: ""
+
+service:
+  type: ClusterIP
+  port: 8080
+
+ingress:
+  enabled: true
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    kubernetes.io/tls-acme: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: 10G
+    cert-manager.io/cluster-issuer: "letsencrypt-prod"
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      more_clear_headers "X-Powered-By";
+      more_set_headers "X-XSS-Protection: 1";
+      more_set_headers "X-Frame-Options: SAMEORIGIN";
+      more_set_headers "X-Content-Type-Options: nosniff";
+      more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
+      more_set_headers "Permissions-Policy: geolocation=(none);midi=(self);notifications=(self);push=(self);sync-xhr=();microphone=(none);camera=(none);magnetometer=(none);gyroscope=(none);speaker=(self);vibrate=(self);fullscreen=(self);payment=(none);";
+      more_set_headers "Content-Security-Policy: base-uri 'none'; manifest-src 'self'; connect-src 'self' wss: ws: https://mb3admin.com; font-src 'self' data: ; form-action 'self'; frame-ancestors 'self'; worker-src 'self' blob:; frame-src 'self'; img-src data: https: http:; media-src 'self' blob: data:; object-src 'none'; script-src 'self' https://www.gstatic.com; style-src 'self' 'unsafe-inline'";
+  path: /
+  hosts:
+    - etcd.jamma.dev
+  tls:
+   - secretName: tls-jamma-ohmyform
+     hosts:
+       - etcd.jamma.dev