diff --git a/charts/portainer/values.yaml.gotmpl b/charts/portainer/values.yaml.gotmpl
new file mode 100644
index 00000000..e89f2457
--- /dev/null
+++ b/charts/portainer/values.yaml.gotmpl
@@ -0,0 +1,68 @@
+# Default values for adminer.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: portainer/portainer-ce
+  pullPolicy: IfNotPresent
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: portainer-sa-clusteradmin
+
+podAnnotations: {}
+podLabels: {}
+
+podSecurityContext:
+  {}
+
+securityContext:
+  {}
+
+service:
+  type: "ClusterIP"
+  port: 9000
+
+ingress:
+  enabled: true
+  className: ""
+  annotations:
+    namespace: {{ .Release.Namespace }}
+    cert-manager.io/cluster-issuer: "cert-issuer"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.middlewares: traefik-traefik-basic-auth@kubernetescrd,traefik-portainer-strip-prefix@kubernetescrd  # namespace + middleware name
+  tls:
+    - hosts:
+        - {{ requiredEnv "K8S_MONITORING_FQDN" }}
+      secretName: monitoring-tls
+  hosts:
+    - host: {{ requiredEnv "K8S_MONITORING_FQDN" }}
+      paths:
+        - path: /portainer
+          pathType: Prefix
+          backend:
+            service:
+              name: portainer
+              port:
+                number: 9000
+
+
+resources:
+  limits:
+    cpu: 2
+    memory: 1024Mi
+  requests:
+    cpu: 0.1
+    memory: 128Mi
+
+nodeSelector:
+  ops: "true"
diff --git a/charts/traefik/values.insecure.yaml.gotmpl b/charts/traefik/values.insecure.yaml.gotmpl
index d63d52c5..2b60aae2 100644
--- a/charts/traefik/values.insecure.yaml.gotmpl
+++ b/charts/traefik/values.insecure.yaml.gotmpl
@@ -29,6 +29,15 @@ extraObjects:
   spec:
     basicAuth:
       secret: traefik-authorized-users  # https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
+- apiVersion: traefik.io/v1alpha1
+  kind: Middleware
+  metadata:
+    name: portainer-strip-prefix
+    namespace: {{.Release.Namespace}}
+  spec:
+    stripPrefix:
+      prefixes:
+      - /portainer
 - apiVersion: networking.k8s.io/v1
   kind: Ingress
   metadata:
diff --git a/charts/traefik/values.secure.yaml.gotmpl b/charts/traefik/values.secure.yaml.gotmpl
index bf6e46bf..55cfb1ed 100644
--- a/charts/traefik/values.secure.yaml.gotmpl
+++ b/charts/traefik/values.secure.yaml.gotmpl
@@ -35,10 +35,19 @@ extraObjects:
   kind: Middleware
   metadata:
     name: traefik-basic-auth
+    namespace: {{.Release.Namespace}}
   spec:
     basicAuth:
       secret: traefik-authorized-users  # https://doc.traefik.io/traefik/middlewares/http/basicauth/#users
-
+- apiVersion: traefik.io/v1alpha1
+  kind: Middleware
+  metadata:
+    name: portainer-strip-prefix
+    namespace: {{.Release.Namespace}}
+  spec:
+    stripPrefix:
+      prefixes:
+      - /portainer
 - apiVersion: traefik.io/v1alpha1
   kind: Middleware
   metadata: