diff --git a/netmaker/ingress.yaml b/netmaker/ingress.yaml
new file mode 100644
index 0000000..70d0101
--- /dev/null
+++ b/netmaker/ingress.yaml
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: netmaker-api-ingress
+spec:
+  rules:
+  - host: api.netmaker-test.infra.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: netmaker-rest
+            port: 
+              number: 8081
\ No newline at end of file
diff --git a/netmaker/mosquitto/config.yaml b/netmaker/mosquitto/config.yaml
index 923b781..52ecad4 100644
--- a/netmaker/mosquitto/config.yaml
+++ b/netmaker/mosquitto/config.yaml
@@ -8,8 +8,27 @@ data:
     listener 1883
     protocol websockets
     allow_anonymous false
-    plugin /usr/lib/mosquitto_dynamic_security.so
-    plugin_opt_config_file /mosquitto/data/dynamic-security.json
+    password_file /mosquitto/temp/password.txt
+  wait.sh: |
+    #!/bin/ash
+
+    encrypt_password() {
+      echo "${MQ_USERNAME}:${MQ_PASSWORD}" > /mosquitto/temp/password.txt
+      mosquitto_passwd -U /mosquitto/temp/password.txt
+      chmod 0700 /mosquitto/temp/password.txt
+    }
+
+    main(){
+
+     encrypt_password
+     echo "Starting MQ..."
+     # Run the main container command.
+     /docker-entrypoint.sh
+     /usr/sbin/mosquitto -c /mosquitto/config/mosquitto.conf
+
+    }
+
+    main "${@}"
 kind: ConfigMap
 metadata:
   labels:
diff --git a/netmaker/mosquitto/deployment.yaml b/netmaker/mosquitto/deployment.yaml
index 994a36d..40a996d 100644
--- a/netmaker/mosquitto/deployment.yaml
+++ b/netmaker/mosquitto/deployment.yaml
@@ -20,6 +20,7 @@ spec:
       containers:
       - image: eclipse-mosquitto:2.0.22-openssl
         imagePullPolicy: IfNotPresent
+        command: ["/mosquitto/config/wait.sh"]
         livenessProbe:
           failureThreshold: 3
           periodSeconds: 10
@@ -28,6 +29,14 @@ spec:
             port: 8883
           timeoutSeconds: 1
         name: mosquitto
+        env:
+          - name: MQ_USERNAME
+            value: netmaker
+          - name: MQ_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                key: mq_password
+                name: netmaker-secrets
         ports:
         - containerPort: 1883        
           name: mqtt
@@ -53,18 +62,22 @@ spec:
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File
         volumeMounts:
-        - mountPath: /mosquitto/config/mosquitto.conf
+        - mountPath: /mosquitto/config
           name: mosquitto-config
-          subPath: mosquitto.conf
         - mountPath: /mosquitto/certs
           name: shared-certs
+        - mountPath: /mosquitto/temp
+          name: mosquitto-temp
       dnsPolicy: ClusterFirst
       restartPolicy: Always
       terminationGracePeriodSeconds: 30
       volumes:
       - configMap:
           name: mosquitto-config
+          defaultMode: 0755
         name: mosquitto-config
+      - name: mosquitto-temp
+        emptyDir:
       - name: shared-certs
         persistentVolumeClaim:
           claimName: shared-certs-pvc
\ No newline at end of file
diff --git a/netmaker/postgres-auth.yaml b/netmaker/postgres-auth.yaml
new file mode 100644
index 0000000..cca6eeb
--- /dev/null
+++ b/netmaker/postgres-auth.yaml
@@ -0,0 +1,21 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: postgres-pw
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: cloudnativepg
+      metadataPolicy: None
+      property: netmaker_pw
+    secretKey: password
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: postgres-pw
\ No newline at end of file
diff --git a/netmaker/secrets.yaml b/netmaker/secrets.yaml
new file mode 100644
index 0000000..793d445
--- /dev/null
+++ b/netmaker/secrets.yaml
@@ -0,0 +1,35 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: netmaker-secrets
+spec:
+  data:
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: netmaker
+      metadataPolicy: None
+      property: master_key
+    secretKey: master_key
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: netmaker
+      metadataPolicy: None
+      property: mq_password
+    secretKey: mq_password
+  - remoteRef:
+      conversionStrategy: Default
+      decodingStrategy: None
+      key: netmaker
+      metadataPolicy: None
+      property: turn_password
+    secretKey: turn_password
+  refreshInterval: 1h
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: weyma-vault
+  target:
+    creationPolicy: Owner
+    deletionPolicy: Retain
+    name: netmaker-secrets
\ No newline at end of file
diff --git a/netmaker/statefulset.yaml b/netmaker/statefulset.yaml
index 1995d7d..391936d 100644
--- a/netmaker/statefulset.yaml
+++ b/netmaker/statefulset.yaml
@@ -48,23 +48,36 @@ spec:
         - name: DATABASE
           value: postgres
         - name: SQL_HOST
-          value: "DB_NAME-postgresql" 
+          value: "weyma-pgsql-rw.cloudnativepg.svc.cluster.local" 
         - name: SQL_PORT
           value: "5432"
         - name: SQL_DB
-          value: "postgres"
+          value: "netmaker"
         - name: SQL_USER
-          value: "postgres"
+          value: "netmaker"
         - name: SQL_PASS
-          value: "DB_PASS"
+          valueFrom:
+            secretKeyRef:
+              key: password
+              name: postgres-pw
         - name: MASTER_KEY
-          value: REPLACE_MASTER_KEY
+          valueFrom:
+            secretKeyRef:
+              key: master_key
+              name: netmaker-secrets
+        - name: MQ_USERNAME
+          value: netmaker
+        - name: MQ_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: mq_password
+              name: netmaker-secrets
         - name: CORS_ALLOWED_ORIGIN
           value: '*'
         - name: SERVER_BROKER_ENDPOINT
           value: "ws://mq:1883"
         - name: BROKER_ENDPOINT
-          value: "wss://broker.NETMAKER_BASE_DOMAIN"
+          value: "wss://broker.netmaker-test.infra.dubyatp.xyz"
         - name: PLATFORM
           value: "Kubernetes"
         - name: VERBOSITY
@@ -101,7 +114,6 @@ spec:
             add:
             - NET_ADMIN
             - NET_RAW
-            - SYS_MODULE
         volumeMounts:
         - mountPath: /etc/netmaker/
           name: shared-certs
diff --git a/netmaker/svc.yaml b/netmaker/svc.yaml
index 97bd080..58640c8 100644
--- a/netmaker/svc.yaml
+++ b/netmaker/svc.yaml
@@ -11,66 +11,4 @@ spec:
   selector:
     app: 'netmaker'
   sessionAffinity: None
-  type: ClusterIP
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    name: 'netmaker-wireguard'
-spec:
-  externalTrafficPolicy: Local
-  type: NodePort
-  ports:
-  - port: 31821
-    nodePort: 31821
-    protocol: UDP
-    targetPort: 31821
-    name: wg-iface-31821
-  - port: 31822
-    nodePort: 31822
-    protocol: UDP
-    targetPort: 31822
-    name: wg-iface-31822
-  - port: 31823
-    nodePort: 31823
-    protocol: UDP
-    targetPort: 31823
-    name: wg-iface-31823
-  - port: 31824
-    nodePort: 31824
-    protocol: UDP
-    targetPort: 31824
-    name: wg-iface-31824
-  - port: 31825
-    nodePort: 31825
-    protocol: UDP
-    targetPort: 31825
-    name: wg-iface-31825
-  - port: 31826
-    nodePort: 31826
-    protocol: UDP
-    targetPort: 31826
-    name: wg-iface-31826
-  - port: 31827
-    nodePort: 31827
-    protocol: UDP
-    targetPort: 31827
-    name: wg-iface-31827
-  - port: 31828
-    nodePort: 31828
-    protocol: UDP
-    targetPort: 31828
-    name: wg-iface-31828
-  - port: 31829
-    nodePort: 31829
-    protocol: UDP
-    targetPort: 31829
-    name: wg-iface-31829
-  - port: 31830
-    nodePort: 31830
-    protocol: UDP
-    targetPort: 31830
-    name: wg-iface-31830
-  selector:
-    app: 'netmaker'
\ No newline at end of file
+  type: ClusterIP
\ No newline at end of file
diff --git a/netmaker/ui/deployment.yaml b/netmaker/ui/deployment.yaml
new file mode 100644
index 0000000..7f25b2d
--- /dev/null
+++ b/netmaker/ui/deployment.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: netmaker-ui
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: netmaker-ui
+  template:
+    metadata:
+      labels:
+        app: netmaker-ui
+    spec:
+      containers:
+      - name: netmaker-ui
+        image: gravitl/netmaker-ui:v1.1.0
+        env:
+        - name: BACKEND_URL
+          value: 'https://api.netmaker-test.infra.dubyatp.xyz'
+      terminationGracePeriodSeconds: 15
\ No newline at end of file
diff --git a/netmaker/ui/ingress.yaml b/netmaker/ui/ingress.yaml
new file mode 100644
index 0000000..72cff1b
--- /dev/null
+++ b/netmaker/ui/ingress.yaml
@@ -0,0 +1,16 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: netmaker-ui-ingress
+spec:
+  rules:
+  - host: dashboard.netmaker-test.infra.dubyatp.xyz
+    http:
+      paths:
+      - pathType: Prefix
+        path: "/"
+        backend:
+          service:
+            name: netmaker-ui
+            port: 
+              number: 80
\ No newline at end of file
diff --git a/netmaker/ui/svc.yaml b/netmaker/ui/svc.yaml
new file mode 100644
index 0000000..f786ec9
--- /dev/null
+++ b/netmaker/ui/svc.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: 'netmaker-ui'
+spec:
+  ports:
+  - port: 80
+    protocol: TCP
+    targetPort: 80
+  selector:
+    app: 'netmaker-ui'
+  sessionAffinity: None
+  type: 'ClusterIP'
\ No newline at end of file