diff --git a/k8s/core/prom-stack/ingress.yaml b/k8s/core/prom-stack/ingress.yaml
new file mode 100644
index 0000000..c7941cb
--- /dev/null
+++ b/k8s/core/prom-stack/ingress.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: auth-proxy
+spec:
+  forwardAuth:
+    address: http://auth-proxy.auth-proxy.svc:80/auth
+    trustForwardHeader: true
+    authResponseHeaders:
+      - X-Auth-Request-User
+      - X-Auth-Request-Email
+      - X-Auth-Request-Groups
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: prometheus
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`prom.hexor.cy`)
+      kind: Rule
+      middlewares:
+        - name: auth-proxy
+      services:
+        - name: prometheus-kube-prometheus-prometheus
+          port: 9090
+  tls:
+    secretName: prometheus-tls
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: prometheus-tls
+spec:
+  secretName: prometheus-tls
+  issuerRef:
+    name: letsencrypt
+    kind: ClusterIssuer
+  dnsNames:
+    - prom.hexor.cy
diff --git a/k8s/core/prom-stack/kustomization.yaml b/k8s/core/prom-stack/kustomization.yaml
index 40253e2..0d6d35c 100644
--- a/k8s/core/prom-stack/kustomization.yaml
+++ b/k8s/core/prom-stack/kustomization.yaml
@@ -4,6 +4,7 @@ kind: Kustomization
 resources:
   - persistentVolume.yaml
   - external-secrets.yaml
+  - ingress.yaml
   - grafana-alerting-configmap.yaml
   - alertmanager-config.yaml
   - dashboards/telemt-dashboard-cm.yaml
diff --git a/k8s/core/prom-stack/prom-values.yaml b/k8s/core/prom-stack/prom-values.yaml
index cc83db2..c934422 100644
--- a/k8s/core/prom-stack/prom-values.yaml
+++ b/k8s/core/prom-stack/prom-values.yaml
@@ -45,7 +45,7 @@ alertmanager:
 
 prometheus:
   ingress:
-    enabled: true
+    enabled: false
     ingressClassName: traefik
     annotations:
       cert-manager.io/cluster-issuer: letsencrypt