diff --git a/README.md b/README.md
index 6302e37..9ee081e 100644
--- a/README.md
+++ b/README.md
@@ -51,7 +51,11 @@ kubectl label namespace metallb-system pod-security.kubernetes.io/warn=privilege
 ```sh
 helm repo add traefik https://traefik.github.io/charts
 kubectl create secret generic digitalocean-api-key --from-literal=token=$DIGITAL_OCEAN_API_TOKEN
-helm install --create-namespace --namespace traefik traefik traefik/traefik --values traefik/values.yaml
+helm install --create-namespace --namespace traefik traefik traefik/traefik\
+             --values traefik/values.yaml \
+             --set certificatesResolvers.letsencrypt.acme.email=$ACME_EMAIL \
+             --set 'extraObjects[0].stringData.password'=$TRAEFIK_ADMIN_PASSWORD
+
 ```
 
 ### Postgres
diff --git a/traefik/values.yaml b/traefik/values.yaml
new file mode 100644
index 0000000..dc94e0d
--- /dev/null
+++ b/traefik/values.yaml
@@ -0,0 +1,61 @@
+image:
+  tag: v3.3.2
+
+deployment:
+  initContainers:
+    - name: volume-permissions
+      image: busybox:latest
+      command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
+      volumeMounts:
+        - name: data
+          mountPath: /data
+
+env:
+ - name: DO_AUTH_TOKEN
+   valueFrom:
+     secretKeyRef:
+       name: digitalocean-api-key
+       key: token
+ # TODO: add once v3.3 is released
+ # - name: TRAEFIK_API_BASEPATH
+ #   value: /fog/traefik
+
+persistence:
+  enabled: true
+
+ingressRoute:
+  dashboard:
+    enabled: true
+    matchRule: Host(`fog.goatchat.ca`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
+    entryPoints: ["websecure"]
+    middlewares:
+      - name: traefik-dashboard-auth
+    tls:
+      certResolver: letsencrypt
+
+extraObjects:
+  - apiVersion: v1
+    kind: Secret
+    metadata:
+      name: traefik-dashboard-auth-secret
+    type: kubernetes.io/basic-auth
+    stringData:
+      username: admin
+      password: # set through cli args
+
+  - apiVersion: traefik.io/v1alpha1
+    kind: Middleware
+    metadata:
+      name: traefik-dashboard-auth
+    spec:
+      basicAuth:
+        secret: traefik-dashboard-auth-secret
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      dnschallenge:
+        provider: digitalocean
+        delaybeforecheck: 30
+      email: # set through cli args
+      storage: /data/acme.json