diff --git a/kubernetes/README.md b/kubernetes/README.md
index 3097c61..3a2148e 100644
--- a/kubernetes/README.md
+++ b/kubernetes/README.md
@@ -510,7 +510,11 @@ qBittorrent and wireguard. For security, qBittorrent is not exposed outside the
 network via ingress. It is accessible locally via loadbalancer IP address.
 
 ```bash
-helm install qbittorrent qbittorrent-helm-chart/ --atomic
+source .env
+helm upgrade --install \
+  qbittorrent qbittorrent-helm-chart/ \
+  --set ingress.host=$QBITTORRENT_HOST \
+  --atomic
 ```
 
 After deployment, verify qBittorrent is accessible on the loadbalancer IP and
@@ -937,7 +941,7 @@ helm repo add woodpecker https://woodpecker-ci.org/
 helm repo update
 helm upgrade --install woodpecker woodpecker/woodpecker \
   -f woodpecker-ci/values.yaml \
-  --version 3.2.0 \
+  --version 3.2.1 \
   --namespace woodpecker \
   --create-namespace \
   --set server.ingress.hosts[0].host=$WOODPECKER_HOST \
diff --git a/kubernetes/qbittorrent-helm-chart/templates/ingress.yaml b/kubernetes/qbittorrent-helm-chart/templates/ingress.yaml
new file mode 100644
index 0000000..7590168
--- /dev/null
+++ b/kubernetes/qbittorrent-helm-chart/templates/ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Values.ingress.name }}
+  namespace: {{ .Values.namespace }}
+  annotations:
+{{- range $key, $value := .Values.ingress.annotations }}
+    {{ $key }}: {{ $value | quote }}
+{{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.ingressClassName }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.host }}
+      secretName: qbittorrent-tls
+  rules:
+    - host: {{ .Values.ingress.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Values.service.name }}
+                port:
+                  number: {{ .Values.service.port }}
diff --git a/kubernetes/qbittorrent-helm-chart/values.yaml b/kubernetes/qbittorrent-helm-chart/values.yaml
index 45af1af..57ee915 100644
--- a/kubernetes/qbittorrent-helm-chart/values.yaml
+++ b/kubernetes/qbittorrent-helm-chart/values.yaml
@@ -13,7 +13,7 @@ deployment:
 qbittorrentImage:
   repository: linuxserver/qbittorrent
   tag: latest
-  pullPolicy:   Always
+  pullPolicy: Always
 
 wireguardImage:
   repository: linuxserver/wireguard
@@ -22,10 +22,17 @@ wireguardImage:
 
 service:
   name: qbittorrent-service
-  type: LoadBalancer
+  type: ClusterIP
   port: 8080
   wireguardPort: 51820
 
+ingress:
+  name: qbittorrent-ingress
+  host: placeholder
+  ingressClassName: nginx
+  annotations:
+    cert-manager.io/cluster-issuer: "acme-issuer"
+
 persistence:
   config:
     enabled: true
@@ -57,4 +64,4 @@ wireguard:
   presharedKey: jSEf0xVUv/LwLmybp+LSM21Q2VOPbWPGcI/Dc4LLGkM=
   endpoint: europe3.vpn.airdns.org:1637
   allowedIPs: 0.0.0.0/0
-  persistentKeepalive: 15
\ No newline at end of file
+  persistentKeepalive: 15