diff --git a/jupyter/base/jupyter-cert-issuer.yaml b/jupyter/base/jupyter-cert-issuer.yaml
new file mode 100644
index 0000000..03fed97
--- /dev/null
+++ b/jupyter/base/jupyter-cert-issuer.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+# kind: ClusterIssuer
+kind: Issuer
+metadata:
+  name: letsencrypt-jupyter
+spec:
+  acme:
+    email: drive@sunet.se
+    server: https://acme-v02.api.letsencrypt.org/directory
+    privateKeySecretRef:
+      name: letsencrypt-jupyter
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
diff --git a/jupyter/base/jupyter-ingress.yaml b/jupyter/base/jupyter-ingress.yaml
new file mode 100644
index 0000000..dd9b642
--- /dev/null
+++ b/jupyter/base/jupyter-ingress.yaml
@@ -0,0 +1,33 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: jupyter-ingress
+  namespace: jupyter
+  annotations:
+    # cert-manager.io/cluster-issuer: "letsencrypt-jupyter"
+    cert-manager.io/issuer: "letsencrypt"
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    nginx.ingress.kubernetes.io/proxy-body-size: 50m
+    nginx.ingress.kubernetes.io/proxy-buffering: "on"
+spec:
+  defaultBackend:
+    service:
+      name: argocd-server
+      port:
+        number: 80
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - jupyter.streams.sunet.se
+    secretName: jupyter-tls
+  rules:
+  - host: jupyter.streams.sunet.se
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: jupyter-service
+            port:
+              number: 80
diff --git a/jupyter/base/kustomization.yaml b/jupyter/base/kustomization.yaml
index 4daf1e1..212b4a5 100644
--- a/jupyter/base/kustomization.yaml
+++ b/jupyter/base/kustomization.yaml
@@ -4,3 +4,5 @@ resources:
 - jupyter-persistent-volume.yaml
 - jupyter-deployment.yaml
 - jupyter-service.yaml
+- jupyter-ingress.yaml
+- jupyter-cert-issuer.yaml