diff --git a/deploy/external-svc/base/kustomization.yaml b/deploy/external-svc/base/kustomization.yaml
new file mode 100644
index 0000000..b43febc
--- /dev/null
+++ b/deploy/external-svc/base/kustomization.yaml
@@ -0,0 +1,2 @@
+resources:
+- proxy-service.yaml
diff --git a/deploy/external-svc/base/proxy-service.yaml b/deploy/external-svc/base/proxy-service.yaml
new file mode 100644
index 0000000..fe9c509
--- /dev/null
+++ b/deploy/external-svc/base/proxy-service.yaml
@@ -0,0 +1,58 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: external-svc
+  namespace: infra
+spec:
+  type: ClusterIP
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 80
+---
+apiVersion: discovery.k8s.io/v1
+kind: EndpointSlice
+metadata:
+  name: external-svc-1 # by convention, use the name of the Service
+                       # as a prefix for the name of the EndpointSlice
+  namespace: infra
+  labels:
+    # You should set the "kubernetes.io/service-name" label.
+    # Set its value to match the name of the Service
+    kubernetes.io/service-name: external-svc
+    endpointslice.kubernetes.io/managed-by: gitops
+addressType: IPv4
+ports:
+  - name: ''
+    appProtocol: http
+    protocol: TCP
+    port: 80
+endpoints:
+  - addresses:
+      - "10.1.2.3"
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: external-svc
+  namespace: infra
+  annotations:
+    kubernetes.io/ingress.class: "nginx"
+    #cert-manager.io/issuer: "letsencrypt-staging"
+spec:
+  tls:
+  - hosts:
+    - my-svc.example.com
+    secretName: ts-my-app
+  rules:
+  - host: my-svc.example.com
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: external-svc
+            port:
+              number: 80
diff --git a/deploy/external-svc/tdc-aren/backend.yaml b/deploy/external-svc/tdc-aren/backend.yaml
new file mode 100644
index 0000000..64a3f21
--- /dev/null
+++ b/deploy/external-svc/tdc-aren/backend.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: external-svc
+  namespace: infra
+spec:
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
+---
+apiVersion: discovery.k8s.io/v1
+kind: EndpointSlice
+metadata:
+  name: external-svc-1
+  namespace: infra
+  labels:
+    kubernetes.io/service-name: tdc-aren-external-svc # Is there a way to have the `tdc-aren-` prefix automatically applied here?
+ports:
+  - port: 8080
+endpoints:
+  - addresses:
+      - "10.10.10.11"
diff --git a/deploy/external-svc/tdc-aren/ingress.yaml b/deploy/external-svc/tdc-aren/ingress.yaml
new file mode 100644
index 0000000..99f8a4d
--- /dev/null
+++ b/deploy/external-svc/tdc-aren/ingress.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: external-svc
+  namespace: infra
+  annotations:
+    cert-manager.io/issuer: "letsencrypt-staging"
+spec:
+  tls:
+  - hosts:
+    - debats.terre-de-convergence.org
+    secretName: ts-tdc-aren
+  rules:
+  - host: debats.terre-de-convergence.org
+    http:     # Is there a way take this part form the base overlay?
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: tdc-aren-external-svc # Is there a way to have the `tdc-aren-` prefix applied automatically?
+            port:
+              number: 80
diff --git a/deploy/external-svc/tdc-aren/kustomization.yaml b/deploy/external-svc/tdc-aren/kustomization.yaml
new file mode 100644
index 0000000..baa51cb
--- /dev/null
+++ b/deploy/external-svc/tdc-aren/kustomization.yaml
@@ -0,0 +1,6 @@
+bases:
+- ../base/
+namePrefix: tdc-aren-
+patchesStrategicMerge:
+- ingress.yaml
+- backend.yaml