diff --git a/infrastructure/addons/cert-manager/helmrelease-cert-manager.yaml b/infrastructure/addons/cert-manager/helmrelease-cert-manager.yaml
new file mode 100644
index 0000000..040b77d
--- /dev/null
+++ b/infrastructure/addons/cert-manager/helmrelease-cert-manager.yaml
@@ -0,0 +1,34 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: flux-system
+spec:
+  interval: 10m
+  targetNamespace: cert-manager
+  chart:
+    spec:
+      chart: cert-manager
+      version: "v1.17.2"
+      sourceRef:
+        kind: HelmRepository
+        name: jetstack
+        namespace: flux-system
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    crds:
+      enabled: true
+    replicaCount: 1
+    resources:
+      requests:
+        cpu: 50m
+        memory: 128Mi
+      limits:
+        cpu: 250m
+        memory: 256Mi
diff --git a/infrastructure/addons/cert-manager/helmrepository-cert-manager.yaml b/infrastructure/addons/cert-manager/helmrepository-cert-manager.yaml
new file mode 100644
index 0000000..e842402
--- /dev/null
+++ b/infrastructure/addons/cert-manager/helmrepository-cert-manager.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: jetstack
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://charts.jetstack.io
diff --git a/infrastructure/addons/cert-manager/kustomization.yaml b/infrastructure/addons/cert-manager/kustomization.yaml
new file mode 100644
index 0000000..8241aa2
--- /dev/null
+++ b/infrastructure/addons/cert-manager/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - namespace.yaml
+  - helmrepository-cert-manager.yaml
+  - helmrelease-cert-manager.yaml
diff --git a/infrastructure/addons/cert-manager/namespace.yaml b/infrastructure/addons/cert-manager/namespace.yaml
new file mode 100644
index 0000000..af4446e
--- /dev/null
+++ b/infrastructure/addons/cert-manager/namespace.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/infrastructure/addons/kustomization-cert-manager.yaml b/infrastructure/addons/kustomization-cert-manager.yaml
new file mode 100644
index 0000000..26784ee
--- /dev/null
+++ b/infrastructure/addons/kustomization-cert-manager.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: addon-cert-manager
+  namespace: flux-system
+spec:
+  interval: 10m
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: platform
+  path: ./infrastructure/addons/cert-manager
+  wait: true
+  timeout: 10m
+  suspend: false
diff --git a/infrastructure/addons/kustomization-rancher.yaml b/infrastructure/addons/kustomization-rancher.yaml
index e27a983..77e8911 100644
--- a/infrastructure/addons/kustomization-rancher.yaml
+++ b/infrastructure/addons/kustomization-rancher.yaml
@@ -17,3 +17,4 @@ spec:
     - name: addon-tailscale-operator
     - name: addon-tailscale-proxyclass
     - name: addon-external-secrets
+    - name: addon-cert-manager
diff --git a/infrastructure/addons/kustomization.yaml b/infrastructure/addons/kustomization.yaml
index 4e28573..5deb9b0 100644
--- a/infrastructure/addons/kustomization.yaml
+++ b/infrastructure/addons/kustomization.yaml
@@ -4,6 +4,7 @@ resources:
   - kustomization-ccm.yaml
   - kustomization-csi.yaml
   - kustomization-external-secrets.yaml
+  - kustomization-cert-manager.yaml
   - kustomization-tailscale-operator.yaml
   - kustomization-tailscale-proxyclass.yaml
   - traefik