diff --git a/kek.yaml b/kek.yaml
deleted file mode 100644
index 88edb62e..00000000
--- a/kek.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: mysql.presslabs.org/v1alpha1
-kind: MysqlCluster
-metadata:
-  name: mysql-cluster
-spec:
-  mysqlVersion: "5.7"
-  replicas: 1
-  secretName: cluster-secret
-  mysqlConf:
-    # read_only: 0                          # mysql forms a single transaction for each sql statement, autocommit for each statement
-    # automatic_sp_privileges: "ON"         # automatically grants the EXECUTE and ALTER ROUTINE privileges to the creator of a stored routine
-    # auto_generate_certs: "ON"             # Auto Generation of Certificate
-    # auto_increment_increment: 1           # Auto Incrementing value from +1
-    # auto_increment_offset: 1              # Auto Increment Offset
-    # binlog-format: "STATEMENT"            # contains various options such ROW(SLOW,SAFE) STATEMENT(FAST,UNSAFE), MIXED(combination of both)
-    # wait_timeout: 31536000                # 28800 number of seconds the server waits for activity on a non-interactive connection before closing it, You might encounter MySQL server has gone away error, you then tweak this value acccordingly
-    # interactive_timeout: 28800            # The number of seconds the server waits for activity on an interactive connection before closing it.
-    # max_allowed_packet: "512M"            # Maximum size of MYSQL Network protocol packet that the server can create or read 4MB, 8MB, 16MB, 32MB
-    # max-binlog-size: 1073741824           # binary logs contains the events that describe database changes, this parameter describe size for the bin_log file.
-    # log_output: "TABLE"                   # Format in which the logout will be dumped
-    # master-info-repository: "TABLE"       # Format in which the master info will be dumped
-    # relay_log_info_repository: "TABLE"    # Format in which the relay info will be dumped
-  volumeSpec:
-    persistentVolumeClaim:
-      accessModes:
-      - ReadWriteOnce
-      resources:
-        requests:
-          storage: 10Gi
diff --git a/modules/kubernetes/authelia/main.tf b/modules/kubernetes/authelia/main.tf
index fb2fd118..89363b3f 100644
--- a/modules/kubernetes/authelia/main.tf
+++ b/modules/kubernetes/authelia/main.tf
@@ -15,14 +15,163 @@ module "tls_secret" {
   tls_secret_name = var.tls_secret_name
 }
 
-resource "helm_release" "authelia" {
-  namespace        = "authelia"
-  create_namespace = true
-  name             = "authelia"
-  atomic           = true
+# resource "helm_release" "authelia" {
+#   namespace        = "authelia"
+#   create_namespace = true
+#   name             = "authelia"
+#   atomic           = true
 
-  repository = "https://charts.authelia.com"
-  chart      = "authelia"
+#   repository = "https://charts.authelia.com"
+#   chart      = "authelia"
+#   version    = "4.38.9"
 
-  values = [templatefile("${path.module}/values.yaml", {})]
+#   values = [templatefile("${path.module}/values.yaml", {})]
+# }
+
+resource "kubernetes_config_map" "configuration" {
+  metadata {
+    name      = "configuration"
+    namespace = "authelia"
+
+    labels = {
+      app = "configuration"
+    }
+    annotations = {
+      "reloader.stakater.com/match" = "true"
+    }
+  }
+
+  data = {
+    # "configuration.yml" = yamldecode(file("${path.module}/configuration.yml"))
+    "configuration.yml"  = file("${path.module}/configuration.yml")
+    "users_database.yml" = file("${path.module}/users_database.yml")
+  }
+}
+
+
+resource "kubernetes_deployment" "authelia" {
+  metadata {
+    name      = "authelia"
+    namespace = "authelia"
+    labels = {
+      app = "authelia"
+    }
+    annotations = {
+      "reloader.stakater.com/search" = "true"
+    }
+  }
+  spec {
+    replicas = 1
+    selector {
+      match_labels = {
+        app = "authelia"
+      }
+    }
+    template {
+      metadata {
+        labels = {
+          app = "authelia"
+        }
+      }
+      spec {
+        container {
+          image = "authelia/authelia:4.38"
+          name  = "authelia"
+          # command = ["tail", "-f", "/etc/passwd"]
+
+          port {
+            container_port = 9091
+          }
+          port {
+            container_port = 8080
+          }
+          volume_mount {
+            name = "config"
+            # mount_path = "/etc/authelia/configuration.yml"
+            mount_path = "/config/configuration.yml"
+            sub_path   = "configuration.yml"
+          }
+          volume_mount {
+            name = "users-database"
+            # mount_path = "/etc/authelia/users_database.yml"
+            mount_path = "/config/users_database.yml"
+            sub_path   = "users_database.yml"
+          }
+        }
+        volume {
+          name = "config"
+          config_map {
+            name = "configuration"
+          }
+        }
+        volume {
+          name = "users-database"
+          config_map {
+            name = "configuration"
+          }
+        }
+      }
+    }
+  }
+}
+
+resource "kubernetes_service" "authelia" {
+  metadata {
+    name      = "authelia"
+    namespace = "authelia"
+    labels = {
+      "app" = "authelia"
+    }
+  }
+
+  spec {
+    selector = {
+      app = "authelia"
+    }
+    port {
+      name     = "http"
+      port     = 80
+      protocol = "TCP"
+      # target_port = 8080
+      target_port = 9091
+    }
+  }
+}
+
+resource "kubernetes_ingress_v1" "authelia" {
+  metadata {
+    name      = "authelia"
+    namespace = "authelia"
+    annotations = {
+      "kubernetes.io/ingress.class" = "nginx"
+      # "nginx.ingress.kubernetes.io/affinity" = "cookie"
+      # "nginx.ingress.kubernetes.io/auth-tls-verify-client" = "on"
+      # "nginx.ingress.kubernetes.io/auth-tls-secret"        = "default/ca-secret"
+      #   "nginx.ingress.kubernetes.io/auth-url" : "https://oauth2.viktorbarzin.me/oauth2/auth"
+      #   "nginx.ingress.kubernetes.io/auth-signin" : "https://oauth2.viktorbarzin.me/oauth2/start?rd=/redirect/$http_host$escaped_request_uri"
+    }
+  }
+
+  spec {
+    tls {
+      hosts       = ["auth.viktorbarzin.me"]
+      secret_name = var.tls_secret_name
+    }
+    rule {
+      host = "auth.viktorbarzin.me"
+      http {
+        path {
+          path = "/"
+          backend {
+            service {
+              name = "authelia"
+              port {
+                number = 80
+              }
+            }
+          }
+        }
+      }
+    }
+  }
 }
diff --git a/modules/kubernetes/authelia/users_database.yml b/modules/kubernetes/authelia/users_database.yml
new file mode 100644
index 00000000..9c311d0b
--- /dev/null
+++ b/modules/kubernetes/authelia/users_database.yml
@@ -0,0 +1,10 @@
+users:
+  authelia:
+    disabled: false
+    displayname: "Viktor"
+    # Password is authelia
+    password: "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/" # yamllint disable-line rule:line-length
+    email: me@viktorbarzin.me
+    groups:
+      - admins
+      - dev
diff --git a/modules/kubernetes/authelia/values.yaml b/modules/kubernetes/authelia/values.yaml
index 82477943..0394c383 100644
--- a/modules/kubernetes/authelia/values.yaml
+++ b/modules/kubernetes/authelia/values.yaml
@@ -86,11 +86,11 @@ service:
   #   myLabel: myValue
 
   port: 80
-  nodePort: 30091
+  #nodePort: 30091
   # clusterIP:
 
 ingress:
-  enabled: false
+  enabled: true
 
   annotations: {}
   # annotations: