diff --git a/deploy.sh b/deploy.sh
deleted file mode 100644
index 8606367..0000000
--- a/deploy.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-kubectl apply -n argocd -f deploy/applicationset.yaml
-
diff --git a/deploy/applicationset.yaml b/deploy/applicationset.yaml
index eb43ac6..f1f6af6 100644
--- a/deploy/applicationset.yaml
+++ b/deploy/applicationset.yaml
@@ -21,6 +21,8 @@ spec:
         overlay: test
       - app: argocd
         overlay: prod
+      - app: c12s
+        overlay: prod
   template:
     metadata:
       name: '{{app}}-{{overlay}}'
diff --git a/deploy/c12s/base/ingress-nginx-service.yaml b/deploy/c12s/base/ingress-nginx-service.yaml
new file mode 100644
index 0000000..0fec23d
--- /dev/null
+++ b/deploy/c12s/base/ingress-nginx-service.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ingress-nginx-controller
+  namespace: ingress-nginx
+spec:
+  type: LoadBalancer
+  externalTrafficPolicy: Local
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: http
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: https
+  selector:
+    app.kubernetes.io/name: ingress-nginx
diff --git a/deploy/c12s/base/k8s-dashboard-admin-user.yml b/deploy/c12s/base/k8s-dashboard-admin-user.yml
new file mode 100644
index 0000000..27b6bb8
--- /dev/null
+++ b/deploy/c12s/base/k8s-dashboard-admin-user.yml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: admin-user
+  namespace: kube-system
diff --git a/deploy/c12s/base/k8s-dashboard-cluster-role-binding.yml b/deploy/c12s/base/k8s-dashboard-cluster-role-binding.yml
new file mode 100644
index 0000000..f89ae5b
--- /dev/null
+++ b/deploy/c12s/base/k8s-dashboard-cluster-role-binding.yml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: admin-user
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+subjects:
+- kind: ServiceAccount
+  name: admin-user
+  namespace: kube-system
+
diff --git a/deploy/c12s/base/kustomization.yaml b/deploy/c12s/base/kustomization.yaml
new file mode 100644
index 0000000..6aefa7b
--- /dev/null
+++ b/deploy/c12s/base/kustomization.yaml
@@ -0,0 +1,6 @@
+resources:
+- ingress-nginx-service.yaml
+- k8s-dashboard-admin-user.yml
+- k8s-dashboard-cluster-role-binding.yml
+- letsencrypt-production-issuer.yaml
+- letsencrypt-staging-issuer.yaml
diff --git a/deploy/c12s/base/letsencrypt-production-issuer.yaml b/deploy/c12s/base/letsencrypt-production-issuer.yaml
new file mode 100644
index 0000000..d61fd70
--- /dev/null
+++ b/deploy/c12s/base/letsencrypt-production-issuer.yaml
@@ -0,0 +1,19 @@
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-prod
+  namespace: infra
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: contact@example.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-prod
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class: nginx
diff --git a/deploy/c12s/base/letsencrypt-staging-issuer.yaml b/deploy/c12s/base/letsencrypt-staging-issuer.yaml
new file mode 100644
index 0000000..3b4dd74
--- /dev/null
+++ b/deploy/c12s/base/letsencrypt-staging-issuer.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+  namespace: infra
+spec:
+  acme:
+    # The ACME server URL
+    server: https://acme-staging-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: contact@example.com
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt-staging
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    - http01:
+        ingress:
+          class:  nginx
diff --git a/deploy/c12s/prod/contact-email.yaml b/deploy/c12s/prod/contact-email.yaml
new file mode 100644
index 0000000..337c048
--- /dev/null
+++ b/deploy/c12s/prod/contact-email.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-staging
+spec:
+  acme:
+    # Email address used for ACME registration
+    email: contact@distrilab.fr
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-production
+spec:
+  acme:
+    # Email address used for ACME registration
+    email: contact@distrilab.fr
diff --git a/deploy/c12s/prod/kustomization.yaml b/deploy/c12s/prod/kustomization.yaml
new file mode 100644
index 0000000..587d1ef
--- /dev/null
+++ b/deploy/c12s/prod/kustomization.yaml
@@ -0,0 +1,5 @@
+bases:
+- ../base/
+patchesStrategicMerge:
+- load-balancer-ip.yaml
+- contact-email.yaml
diff --git a/deploy/c12s/prod/load-balancer-ip.yaml b/deploy/c12s/prod/load-balancer-ip.yaml
new file mode 100644
index 0000000..4d78f12
--- /dev/null
+++ b/deploy/c12s/prod/load-balancer-ip.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: ingress-nginx-controller
+spec:
+  loadBalancerIP: 192.168.30.212
diff --git a/k8s-dashboard-generate-token.sh b/k8s-dashboard-generate-token.sh
new file mode 100755
index 0000000..a084705
--- /dev/null
+++ b/k8s-dashboard-generate-token.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+kubectl create token admin-user --namespace kube-system