diff --git a/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/K3s.kt b/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/K3s.kt
index 1a6dd4c..28d9aeb 100644
--- a/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/K3s.kt
+++ b/src/main/kotlin/org/domaindrivenarchitecture/provs/server/infrastructure/K3s.kt
@@ -13,10 +13,12 @@ private const val k3sManualManifestsDir = "/etc/rancher/k3s/manifests/"
 private const val k8sCredentialsPath = "/etc/kubernetes/"
 private const val k3sAutomatedManifestsDir = "/var/lib/rancher/k3s/server/manifests/"
 private const val k3sConfigFile = "/etc/rancher/k3s/config.yaml"
-private const val k3sTraeficWorkaround = k3sManualManifestsDir + "traefik.yaml"
+private const val k3sTraefikWorkaround = k3sManualManifestsDir + "traefik.yaml"
 private const val certManagerDeployment = k3sManualManifestsDir + "certmanager.yaml"
 private const val certManagerIssuer = k3sManualManifestsDir + "issuer.yaml"
+private const val selfsignedCertificate = k3sManualManifestsDir + "selfsigned-certificate.yaml"
 private const val k3sApple = k3sManualManifestsDir + "apple.yaml"
+private const val k3sEcho = k3sManualManifestsDir + "echo.yaml"
 private const val k3sInstall = "/usr/local/bin/k3s-install.sh"
 
 
@@ -80,13 +82,13 @@ fun Prov.configureK3s(k3sConfig: K3sConfig) = task {
     if (k3sConfig.isDualStack()) {
         // see https://github.com/k3s-io/k3s/discussions/5003
         createFileFromResource(
-            k3sTraeficWorkaround,
-            "traefic.yaml",
+            k3sTraefikWorkaround,
+            "traefik.yaml",
             k3sResourcePath,
             "644",
             sudo = true
         )
-        cmd("kubectl apply -f $k3sTraeficWorkaround", sudo = true)
+        cmd("kubectl apply -f $k3sTraefikWorkaround", sudo = true)
     } else {
         ProvResult(true)
     }
@@ -120,14 +122,14 @@ fun Prov.provisionK3sCertManager(certmanager: Certmanager) = task {
     }
 }
 
-fun Prov.provisionK3sApple(fqdn: String, endpoint: CertmanagerEndpoint?) = task {
+fun Prov.provisionK3sApple(fqdn: String, endpoint: CertmanagerEndpoint? = null) = task {
     val endpointName = endpoint?.name?.lowercase()
 
     val issuer = if (endpointName != null)
         endpointName
     else {
         createFileFromResourceTemplate(
-            k3sApple,
+            selfsignedCertificate,
             "selfsigned-certificate.template.yaml",
             k3sResourcePath,
             mapOf("host" to fqdn),
@@ -147,3 +149,31 @@ fun Prov.provisionK3sApple(fqdn: String, endpoint: CertmanagerEndpoint?) = task
     )
     cmd("kubectl apply -f $k3sApple", sudo = true)
 }
+
+fun Prov.provisionK3sEcho(fqdn: String, endpoint: CertmanagerEndpoint? = null) = task {
+    val endpointName = endpoint?.name?.lowercase()
+
+    val issuer = if (endpointName != null)
+        endpointName
+    else {
+        createFileFromResourceTemplate(
+            selfsignedCertificate,
+            "selfsigned-certificate.template.yaml",
+            k3sResourcePath,
+            mapOf("host" to fqdn),
+            "644",
+            sudo = true
+        )
+        "selfsigned-issuer"
+    }
+
+    createFileFromResourceTemplate(
+        k3sEcho,
+        "echo.template.yaml",
+        k3sResourcePath,
+        mapOf("fqdn" to fqdn, "issuer_name" to issuer),
+        "644",
+        sudo = true
+    )
+    cmd("kubectl apply -f $k3sEcho", sudo = true)
+}
diff --git a/src/main/resources/org/domaindrivenarchitecture/provs/server/infrastructure/k3s/echo.template.yaml b/src/main/resources/org/domaindrivenarchitecture/provs/server/infrastructure/k3s/echo.template.yaml
new file mode 100644
index 0000000..77ee98f
--- /dev/null
+++ b/src/main/resources/org/domaindrivenarchitecture/provs/server/infrastructure/k3s/echo.template.yaml
@@ -0,0 +1,46 @@
+kind: Ingress
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: echo-ingress
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    cert-manager.io/cluster-issuer: ${issuer_name}
+spec:
+  rules:
+    - host: ${fqdn}
+      http:
+        paths:
+          - pathType: Prefix
+            path: /echo
+            backend:
+              service:
+                name: echo-service
+                port:
+                  number: 80
+  tls:
+    - hosts:
+      - ${fqdn}
+      secretName: echo-cert
+---
+
+kind: Pod
+apiVersion: v1
+metadata:
+  name: echo-app
+  labels:
+    app: echo
+spec:
+  containers:
+    - name: echo-app
+      image: traefik/whoami
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: echo-service
+spec:
+  selector:
+    app: echo
+  ports:
+    - port: 80 # Default port for image
\ No newline at end of file
diff --git a/src/main/resources/org/domaindrivenarchitecture/provs/server/infrastructure/k3s/traefic.yaml b/src/main/resources/org/domaindrivenarchitecture/provs/server/infrastructure/k3s/traefik.yaml
similarity index 100%
rename from src/main/resources/org/domaindrivenarchitecture/provs/server/infrastructure/k3s/traefic.yaml
rename to src/main/resources/org/domaindrivenarchitecture/provs/server/infrastructure/k3s/traefik.yaml