diff --git a/src/main/cljc/dda/c4k_nextcloud/core.cljc b/src/main/cljc/dda/c4k_nextcloud/core.cljc
index 27045f2..6353a10 100644
--- a/src/main/cljc/dda/c4k_nextcloud/core.cljc
+++ b/src/main/cljc/dda/c4k_nextcloud/core.cljc
@@ -21,15 +21,15 @@
          [(postgres/generate-config {:postgres-size :8gb})
           (postgres/generate-secret config)
           (postgres/generate-pvc {:pv-storage-size-gb 50
-                                                  :pvc-storage-class-name default-storage-class})
+                                  :pvc-storage-class-name default-storage-class})
           (postgres/generate-deployment)
           (postgres/generate-service)
           (nextcloud/generate-secret config)
           (nextcloud/generate-pvc (merge nextcloud-default-storage-config config))
           (nextcloud/generate-deployment config)
           (nextcloud/generate-service)
-          (nextcloud/generate-certificate config)
-          (nextcloud/generate-ingress config)]
+          (nextcloud/generate-certificate config)]
+         (nextcloud/generate-ingress config)
          (when (:contains? config :restic-repository)
            [(backup/generate-config config)
             (backup/generate-secret config)
diff --git a/src/main/cljc/dda/c4k_nextcloud/nextcloud.cljc b/src/main/cljc/dda/c4k_nextcloud/nextcloud.cljc
index 40d11ce..75a3951 100644
--- a/src/main/cljc/dda/c4k_nextcloud/nextcloud.cljc
+++ b/src/main/cljc/dda/c4k_nextcloud/nextcloud.cljc
@@ -5,6 +5,7 @@
   #?(:clj [orchestra.core :refer [defn-spec]]
      :cljs [orchestra.core :refer-macros [defn-spec]])
   [dda.c4k-common.yaml :as yaml]
+  [dda.c4k-common.ingress :as ing]
   [dda.c4k-common.base64 :as b64]
   [dda.c4k-common.predicate :as cp]
   [dda.c4k-common.postgres :as postgres]
@@ -62,13 +63,12 @@
 
 (defn-spec generate-ingress cp/map-or-seq?
   [config config?]
-  (let [{:keys [fqdn issuer]
-         :or {issuer "staging"}} config
-        letsencrypt-issuer issuer]
-    (->
-     (yaml/load-as-edn "nextcloud/ingress.yaml")
-     (assoc-in [:metadata :annotations :cert-manager.io/cluster-issuer] letsencrypt-issuer)
-     (cm/replace-all-matching-values-by-new-value "fqdn" fqdn))))
+  (ing/generate-ingress-and-cert
+   (merge
+    {:service-name "nextcloud"
+     :service-port 80
+     :fqdns [(:fqdn config)]}
+    config)))
 
 (defn-spec generate-pvc cp/map-or-seq?
   [config (s/keys :req-un [::pv-storage-size-gb ::pvc-storage-class-name])]
diff --git a/src/main/resources/nextcloud/certificate.yaml b/src/main/resources/nextcloud/certificate.yaml
deleted file mode 100644
index 461168d..0000000
--- a/src/main/resources/nextcloud/certificate.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: cloud-cert
-  namespace: default
-spec:
-  secretName: cloud-cert
-  duration: 2160h # 90d
-  renewBefore: 360h # 15d
-  commonName: fqdn
-  dnsNames:
-  - fqdn
-  issuerRef:
-    name: staging
-    kind: ClusterIssuer
\ No newline at end of file
diff --git a/src/main/resources/nextcloud/ingress.yaml b/src/main/resources/nextcloud/ingress.yaml
deleted file mode 100644
index 96671eb..0000000
--- a/src/main/resources/nextcloud/ingress.yaml
+++ /dev/null
@@ -1,29 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: ingress-cloud
-  annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging-issuer
-    ingress.kubernetes.io/ssl-redirect: "true"
-    ingress.kubernetes.io/rewrite-target: /
-    ingress.kubernetes.io/proxy-body-size: "256m"
-    ingress.kubernetes.io/proxy-connect-timeout: "300"
-    ingress.kubernetes.io/proxy-send-timeout: "300"
-    ingress.kubernetes.io/proxy-read-timeout: "300"
-  namespace: default
-spec:
-  tls:
-  - hosts:
-    - fqdn
-    secretName: cloud-cert
-  rules:
-    - host: fqdn
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: cloud-service
-                port:
-                  number: 80
diff --git a/src/test/cljc/dda/c4k_nextcloud/nextcloud_test.cljc b/src/test/cljc/dda/c4k_nextcloud/nextcloud_test.cljc
index 2cbd51c..83ea56d 100644
--- a/src/test/cljc/dda/c4k_nextcloud/nextcloud_test.cljc
+++ b/src/test/cljc/dda/c4k_nextcloud/nextcloud_test.cljc
@@ -36,45 +36,32 @@
                                :nextcloud-admin-user "cloudadmin"
                                :nextcloud-admin-password "cloudpassword"}))))
 
-(deftest should-generate-certificate
-  (is (= {:apiVersion "cert-manager.io/v1"
-          :kind "Certificate"
-          :metadata {:name "cloud-cert", :namespace "default"}
-          :spec
-          {:secretName "cloud-cert"
-           :duration "2160h"
-           :renewBefore "360h",
-           :commonName "somefqdn.de",
-           :dnsNames ["somefqdn.de"]
-           :issuerRef
-           {:name "prod", :kind "ClusterIssuer"}}}
-         (cut/generate-certificate {:fqdn "somefqdn.de" :issuer "prod"}))))
-
-(deftest should-generate-ingress
-  (is (= {:apiVersion "networking.k8s.io/v1"
-          :kind "Ingress"
-          :metadata
-          {:name "ingress-cloud"
-           :annotations
-           {:cert-manager.io/cluster-issuer "staging"
-            :ingress.kubernetes.io/proxy-body-size "256m"
-            :ingress.kubernetes.io/ssl-redirect "true"
-            :ingress.kubernetes.io/rewrite-target "/"
-            :ingress.kubernetes.io/proxy-connect-timeout "300"
-            :ingress.kubernetes.io/proxy-send-timeout "300"
-            :ingress.kubernetes.io/proxy-read-timeout "300"}
-           :namespace "default"}
-          :spec
-          {:tls [{:hosts ["somefqdn.de"], :secretName "cloud-cert"}]
-           :rules
-           [{:host "somefqdn.de"
-             :http
-             {:paths
-              [{:path "/"
-                :pathType "Prefix"
-                :backend
-                {:service
-                 {:name "cloud-service", :port {:number 80}}}}]}}]}}
+(deftest should-generate-ingress-and-cert
+  (is (= [{:apiVersion "cert-manager.io/v1",
+           :kind "Certificate",
+           :metadata {:name "nextcloud", :labels {:app.kubernetes.part-of "nextcloud"}, :namespace "default"},
+           :spec
+           {:secretName "nextcloud",
+            :commonName "somefqdn.de",
+            :duration "2160h",
+            :renewBefore "360h",
+            :dnsNames ["somefqdn.de"],
+            :issuerRef {:name "staging", :kind "ClusterIssuer"}}}
+          {:apiVersion "networking.k8s.io/v1",
+           :kind "Ingress",
+           :metadata
+           {:name "nextcloud",
+            :namespace "default",
+            :labels {:app.kubernetes.part-of "nextcloud"},
+            :annotations
+            {:traefik.ingress.kubernetes.io/router.entrypoints "web, websecure",
+             :traefik.ingress.kubernetes.io/router.middlewares "default-redirect-https@kubernetescrd",
+             :metallb.universe.tf/address-pool "public"}},
+           :spec
+           {:tls [{:hosts ["somefqdn.de"], :secretName "nextcloud"}],
+            :rules
+            [{:host "somefqdn.de",
+              :http {:paths [{:pathType "Prefix", :path "/", :backend {:service {:name "nextcloud", :port {:number 80}}}}]}}]}}]
          (cut/generate-ingress {:fqdn "somefqdn.de"}))))
 
 (deftest should-generate-pvc