diff --git a/README.md b/README.md
index a81f90f..3e85b18 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,13 @@ Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IM
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"stalwartlabs/mail-server"` |  |
 | image.tag | string | `""` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `""` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
+| ingress.tls | list | `[]` |  |
 | persistence.accessMode | string | `"ReadWriteOnce"` |  |
 | persistence.enabled | bool | `false` |  |
 | persistence.existingClaim | string | `""` |  |
@@ -33,6 +40,10 @@ Helm Chart for Stalwart Mail Server - Secure & Modern All-in-One Mail Server (IM
 | service.ports.smtps | int | `465` |  |
 | service.ports.submission | int | `587` |  |
 | service.type | string | `"NodePort"` |  |
+| traefik.enabled | bool | `false` |  |
+| traefik.ports.http | string | `"websecure"` |  |
+| traefik.ports.imaps | string | `"imaps"` |  |
+| traefik.ports.smtps | string | `"smtps"` |  |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
diff --git a/templates/ingress.yaml b/templates/ingress.yaml
new file mode 100644
index 0000000..a4d7162
--- /dev/null
+++ b/templates/ingress.yaml
@@ -0,0 +1,61 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "stalwart-mail.fullname" . -}}
+{{- $svcPort := .Values.service.ports.http -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "stalwart-mail.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
diff --git a/templates/traefik.yaml b/templates/traefik.yaml
new file mode 100644
index 0000000..1be77ef
--- /dev/null
+++ b/templates/traefik.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.traefik.enabled }}
+{{- range $port,$entryport := .Values.traefik.ports }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: {{ include "stalwart-mail.fullname" $ }}-{{ $port }}
+spec:
+  entryPoints:
+    - {{ $entryport }}
+  routes:
+    - match: HostSNI(`{{ $.Values.traefik.host }}`)
+      services:
+        - name: {{ include "stalwart-mail.fullname" $ }}
+          port: {{ $port }}
+          proxyProtocol:
+            version: 2
+  tls:
+    passthrough: true
+{{- end }}
+{{- end }}{{/* end-if .enabled */}}
diff --git a/values.yaml b/values.yaml
index c1d6d80..7ca8d22 100644
--- a/values.yaml
+++ b/values.yaml
@@ -15,6 +15,31 @@ service:
     imaps: 993
     sieve: 4190
 
+ingress:
+  enabled: false
+  className: ''
+  annotations:
+    {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+traefik:
+  enabled: false
+  #host: "mail.example.com"
+  ports:
+    http: websecure
+    imaps: imaps
+    smtps: smtps
+
 ## Persist configuration to a persistent volume
 persistence:
   # persistence.enabled - Should disk persistence be enabled