diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b47b270..537ccb0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -34,5 +34,5 @@ kubernetes:
     - kubectl config set-cluster k8s --server="https://kubernetes.default.svc" --certificate-authority=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
     - kubectl config set-credentials sa --token="$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
     - kubectl config set-context local --cluster=k8s --user=sa --namespace=turniere
-    - gem install kubernetes-deploy
+    - gem install kubernetes-deploy --version '=0.29.0'
     - REVISION=$CI_COMMIT_SHA kubernetes-deploy --template-dir kubernetes turniere local
diff --git a/kubernetes/deployment.yml.erb b/kubernetes/deployment.yml.erb
index 38e665b..f475c53 100644
--- a/kubernetes/deployment.yml.erb
+++ b/kubernetes/deployment.yml.erb
@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: backend-deployment
-  namespace: turniere
+  namespace: turniere-backend
   labels:
     app: turniere-backend
 spec:
diff --git a/kubernetes/rolebinding.yml b/kubernetes/rolebinding.yml
new file mode 100644
index 0000000..40c9b72
--- /dev/null
+++ b/kubernetes/rolebinding.yml
@@ -0,0 +1,13 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: gitlab-deploy-rb
+  namespace: turniere-backend
+subjects:
+  - kind: ServiceAccount
+    name: gitlab-deploy
+    namespace: gitlab
+roleRef:
+  kind: ClusterRole
+  name: gitlab-deploy-role
+  apiGroup: rbac.authorization.k8s.io
diff --git a/kubernetes/service.yml b/kubernetes/service.yml
index a14665d..1a45bed 100644
--- a/kubernetes/service.yml
+++ b/kubernetes/service.yml
@@ -2,28 +2,45 @@ apiVersion: v1
 kind: Service
 metadata:
   name: backend-service
-  namespace: turniere
+  namespace: turniere-backend
 spec:
   selector:
     app: turniere-backend
   ports:
-  - name: http
-    port: 3000
-    targetPort: 3000
+    - name: http
+      port: 3000
+      targetPort: 3000
 ---
-apiVersion: extensions/v1beta1
-kind: Ingress
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
 metadata:
-  name: backend-ingress
-  namespace: turniere
-  annotations:
-    kubernetes.io/ingress.class: traefik
+  name: backend-ingress-http
+  namespace: turniere-backend
 spec:
-  rules:
-  - host: api01.turnie.re
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: backend-service
-          servicePort: http
+  entryPoints:
+    - http
+  routes:
+    - match: Host(`api01.turnie.re`)
+      kind: Rule
+      services:
+        - name: backend-service
+          port: 3000
+      middlewares:
+        - name: redirect
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: backend-ingress-https
+  namespace: turniere-backend
+spec:
+  entryPoints:
+    - https
+  routes:
+    - match: Host(`api01.turnie.re`)
+      kind: Rule
+      services:
+        - name: backend-service
+          port: 3000
+  tls:
+    certResolver: default