diff --git a/template/edfbuilder.yaml b/template/edfbuilder.yaml
index 60d71ea..4e9fabd 100644
--- a/template/edfbuilder.yaml
+++ b/template/edfbuilder.yaml
@@ -13,7 +13,7 @@ spec:
     namespace: argocd
   source:
     path: registry
-    repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder'
+    repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder'
     targetRevision: HEAD
   project: default
   syncPolicy:
diff --git a/template/forgejo-runner/.helmignore b/template/forgejo-runner/.helmignore
deleted file mode 100644
index 0e8a0eb..0000000
--- a/template/forgejo-runner/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/template/forgejo-runner/Chart.yaml b/template/forgejo-runner/Chart.yaml
deleted file mode 100644
index 49a663c..0000000
--- a/template/forgejo-runner/Chart.yaml
+++ /dev/null
@@ -1,24 +0,0 @@
-apiVersion: v2
-name: forgejo-runner
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.16.0"
diff --git a/template/forgejo-runner/templates/NOTES.txt b/template/forgejo-runner/templates/NOTES.txt
deleted file mode 100644
index e2dcc06..0000000
--- a/template/forgejo-runner/templates/NOTES.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-{{- if not .Values.registration.enabled}}
-You will have to manually create a secret with the registration token, since you have not specified the registration token in the values.yaml file.
-
-To create a secret with the registration token, run the following command:
-
-  kubectl create secret generic {{ include "forgejo-runner.fullname" . }}-token --from-literal=token=<token>
-{{- end}}
diff --git a/template/forgejo-runner/templates/_helpers.tpl b/template/forgejo-runner/templates/_helpers.tpl
deleted file mode 100644
index 7af352b..0000000
--- a/template/forgejo-runner/templates/_helpers.tpl
+++ /dev/null
@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "forgejo-runner.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "forgejo-runner.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "forgejo-runner.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "forgejo-runner.labels" -}}
-helm.sh/chart: {{ include "forgejo-runner.chart" . }}
-{{ include "forgejo-runner.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "forgejo-runner.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "forgejo-runner.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "forgejo-runner.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "forgejo-runner.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
diff --git a/template/forgejo-runner/templates/deployment.yaml b/template/forgejo-runner/templates/deployment.yaml
deleted file mode 100644
index 0134e8f..0000000
--- a/template/forgejo-runner/templates/deployment.yaml
+++ /dev/null
@@ -1,82 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    {{- include "forgejo-runner.labels" . | nindent 4 }}
-  name: {{ include "forgejo-runner.fullname" . }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      {{- include "forgejo-runner.selectorLabels" . | nindent 6 }}
-  strategy: {}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "forgejo-runner.labels" . | nindent 8 }}
-	{{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      volumes:
-      - name: docker-certs
-        emptyDir: {}
-      - name: runner-data
-        emptyDir: {}
-      initContainers:
-        - name: runner-register
-          image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-          command: ["forgejo-runner", "register", "--no-interactive", "--token", $(RUNNER_SECRET), "--name", $(RUNNER_NAME), "--instance", $(FORGEJO_INSTANCE_URL)]
-          env:
-            - name: RUNNER_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: RUNNER_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: {{ include "forgejo-runner.fullname" . }}-token
-                  key: token
-            - name: FORGEJO_INSTANCE_URL
-              value: {{ .Values.forgejoUrl }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          volumeMounts:
-            - name: runner-data
-              mountPath: /data
-      containers:
-      - name: runner
-        image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-        command: ["sh", "-c", "while ! nc -z localhost 2376 </dev/null; do echo 'waiting for docker daemon...'; sleep 5; done; forgejo-runner daemon"]
-        env:
-        - name: DOCKER_HOST
-          value: tcp://localhost:2376
-        - name: DOCKER_CERT_PATH
-          value: /certs/client
-        - name: DOCKER_TLS_VERIFY
-          value: "1"
-        volumeMounts:
-        - name: docker-certs
-          mountPath: /certs
-        - name: runner-data
-          mountPath: /data
-      - name: daemon
-        image: docker:23.0.6-dind
-        env:
-        - name: DOCKER_TLS_CERTDIR
-          value: /certs
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - name: docker-certs
-          mountPath: /certs
diff --git a/template/forgejo-runner/templates/secret.yaml b/template/forgejo-runner/templates/secret.yaml
deleted file mode 100644
index 00ca56e..0000000
--- a/template/forgejo-runner/templates/secret.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-{{- if .Values.registration.enabled }}
-# Secret data.
-# You will need to retrive this from the web UI, and your Forgejo instance must be running v1.21+
-# Alternatively, create this with
-# kubectl create secret generic runner-secret --from-literal=token=your_offline_token_here
-apiVersion: v1
-stringData:
-  token: {{ .Values.registration.token }}
-kind: Secret
-metadata:
-  name: {{ include "forgejo-runner.fullname" . }}-token
-  namespace: {{ .Release.Namespace }}
-{{- end }}
diff --git a/template/forgejo-runner/values.yaml b/template/forgejo-runner/values.yaml
deleted file mode 100644
index 4204092..0000000
--- a/template/forgejo-runner/values.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
-replicaCount: 2
-
-image:
-  repository: code.forgejo.org/forgejo/runner
-  pullPolicy: IfNotPresent
-  tag: "3.5.1"
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-podAnnotations: {}
-podLabels: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-
-resources:
-  limits:
-    cpu: 500m
-    memory: 128Mi
-  requests:
-    cpu: 100m
-    memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-registration:
-  enabled: false
-  token: ""
-
-forgejoUrl: https://forgejo-domain
diff --git a/template/registry/core.yaml b/template/registry/core.yaml
index 1dcd61d..3a722ac 100644
--- a/template/registry/core.yaml
+++ b/template/registry/core.yaml
@@ -13,7 +13,7 @@ spec:
     namespace: argocd
   source:
     path: stacks/core
-    repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder'
+    repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder'
     targetRevision: HEAD
   project: default
   syncPolicy:
diff --git a/template/registry/local-backup.yaml b/template/registry/local-backup.yaml
new file mode 100644
index 0000000..a2ac46d
--- /dev/null
+++ b/template/registry/local-backup.yaml
@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: local-backup
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    name: in-cluster
+    namespace: argocd
+  source:
+    path: stacks/local-backup
+    repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder'
+    targetRevision: HEAD
+  project: default
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/template/registry/monitoring.yaml b/template/registry/monitoring.yaml
index c3622f8..c9826bc 100644
--- a/template/registry/monitoring.yaml
+++ b/template/registry/monitoring.yaml
@@ -13,7 +13,7 @@ spec:
     namespace: argocd
   source:
     path: stacks/monitoring
-    repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder'
+    repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder'
     targetRevision: HEAD
   project: default
   syncPolicy:
diff --git a/template/registry/ref-implementation.yaml b/template/registry/ref-implementation.yaml
index 3ed97c2..3a6cf1a 100644
--- a/template/registry/ref-implementation.yaml
+++ b/template/registry/ref-implementation.yaml
@@ -13,7 +13,7 @@ spec:
     namespace: argocd
   source:
     path: stacks/ref-implementation
-    repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder'
+    repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder'
     targetRevision: HEAD
   project: default
   syncPolicy:
diff --git a/template/registry/second-cluster.yaml b/template/registry/second-cluster.yaml
index 9d93dc8..98ddd40 100644
--- a/template/registry/second-cluster.yaml
+++ b/template/registry/second-cluster.yaml
@@ -13,7 +13,7 @@ spec:
     namespace: argocd
   source:
     path: stacks/second-cluster
-    repoURL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder'
+    repoURL: 'https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder'
     targetRevision: HEAD
   project: default
   syncPolicy:
diff --git a/template/stacks/core/argocd.yaml b/template/stacks/core/argocd.yaml
index aafa998..a79ef6c 100644
--- a/template/stacks/core/argocd.yaml
+++ b/template/stacks/core/argocd.yaml
@@ -22,6 +22,6 @@ spec:
       helm:
         valueFiles:
           - $values/stacks/core/argocd/values.yaml
-    - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
diff --git a/template/stacks/core/argocd/values.kind.yaml b/template/stacks/core/argocd/values.kind.yaml
deleted file mode 100644
index 8df9df4..0000000
--- a/template/stacks/core/argocd/values.kind.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-global:
-  domain: {{ .Values.edfbuilderTargetDomain }}
-
-configs:
-  params:
-    server.insecure: true
-    server.basehref: /argocd
-  cm:
-    application.resourceTrackingMethod: annotation
-    timeout.reconciliation: 60s
-    resource.exclusions: |
-      - apiGroups:
-        - "*"
-        kinds:
-        - ProviderConfigUsage
-    accounts.provider-argocd: apiKey
-  rbac:
-    policy.csv: 'g, provider-argocd, role:admin'
-
-  tls:
-    certificates:
-
-notifications:
-  enabled: false
-
-dex:
-  enabled: false
-
-server:
-  ingress:
-    enabled: true
-    ingressClassName: nginx
-    annotations:
-      nginx.ingress.kubernetes.io/backend-protocol: HTTP
-      nginx.ingress.kubernetes.io/rewrite-target: /$2
-      nginx.ingress.kubernetes.io/use-regex: "true"
-      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    path: /argocd(/|$)(.*)
-    pathType: ImplementationSpecific
-    extraTls:
-      - hosts:
-        - {{ .Values.edfbuilderTargetDomain }}
-        secretName: argocd-net-tls
-
diff --git a/template/stacks/core/argocd/values.osc.yaml b/template/stacks/core/argocd/values.osc.yaml
deleted file mode 100644
index 122234c..0000000
--- a/template/stacks/core/argocd/values.osc.yaml
+++ /dev/null
@@ -1,53 +0,0 @@
-global:
-  domain: {{ .Values.edfbuilderTargetDomain }}
-
-configs:
-  params:
-    server.insecure: true
-    server.basehref: /argocd
-  cm:
-    application.resourceTrackingMethod: annotation
-    timeout.reconciliation: 60s
-    resource.exclusions: |
-      - apiGroups:
-        - "*"
-        kinds:
-        - ProviderConfigUsage
-      - apiGroups:
-        - cilium.io
-        kinds:
-        - CiliumIdentity
-        clusters:
-        - "*"
-    accounts.provider-argocd: apiKey
-  rbac:
-    policy.csv: 'g, provider-argocd, role:admin'
-
-  tls:
-    certificates:
-
-notifications:
-  enabled: false
-
-dex:
-  enabled: false
-
-server:
-  ingress:
-    enabled: true
-    ingressClassName: nginx
-    annotations:
-      dns.gardener.cloud/class: garden
-      dns.gardener.cloud/dnsnames: {{ .Values.edfbuilderTargetDomain }}
-      dns.gardener.cloud/ttl: "600"
-      nginx.ingress.kubernetes.io/backend-protocol: HTTP
-      nginx.ingress.kubernetes.io/rewrite-target: /$2
-      nginx.ingress.kubernetes.io/use-regex: "true"
-      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-    path: /argocd(/|$)(.*)
-    pathType: ImplementationSpecific
-    extraTls:
-      - hosts:
-        - {{ .Values.edfbuilderTargetDomain }}
-        secretName: argocd-net-tls
-
diff --git a/template/stacks/core/argocd/values.yaml b/template/stacks/core/argocd/values.yaml
new file mode 100644
index 0000000..3fb3ddf
--- /dev/null
+++ b/template/stacks/core/argocd/values.yaml
@@ -0,0 +1,33 @@
+global:
+  domain: {{{ .Env.DOMAIN }}}
+
+configs:
+  params:
+    server.insecure: true
+    server.basehref: /argocd
+  cm:
+    application.resourceTrackingMethod: annotation
+    timeout.reconciliation: 60s
+    resource.exclusions: |
+      - apiGroups:
+        - "*"
+        kinds:
+        - ProviderConfigUsage
+      - apiGroups:
+        - cilium.io
+        kinds:
+        - CiliumIdentity
+        clusters:
+        - "*"
+    accounts.provider-argocd: apiKey
+  rbac:
+    policy.csv: 'g, provider-argocd, role:admin'
+
+  tls:
+    certificates:
+
+notifications:
+  enabled: false
+
+dex:
+  enabled: false
diff --git a/template/stacks/core/crossplane-compositions.yaml b/template/stacks/core/crossplane-compositions.yaml
index b92effb..f6a6bc0 100644
--- a/template/stacks/core/crossplane-compositions.yaml
+++ b/template/stacks/core/crossplane-compositions.yaml
@@ -17,7 +17,7 @@ spec:
     namespace: crossplane-system
   source:
     path: stacks/core/crossplane-compositions
-    repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     directory:
       recurse: true
diff --git a/template/stacks/core/crossplane-providers.yaml b/template/stacks/core/crossplane-providers.yaml
index 1935b8d..760c33e 100644
--- a/template/stacks/core/crossplane-providers.yaml
+++ b/template/stacks/core/crossplane-providers.yaml
@@ -1,3 +1,4 @@
+{{{ if eq .Env.CLUSTER_TYPE "kind" }}}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -17,5 +18,6 @@ spec:
     namespace: crossplane-system
   source:
     path: stacks/core/crossplane-providers
-    repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
+{{{ end }}}
diff --git a/template/stacks/core/crossplane-providers/provider-kind.yaml b/template/stacks/core/crossplane-providers/provider-kind.yaml
index a3b8aba..36014f7 100644
--- a/template/stacks/core/crossplane-providers/provider-kind.yaml
+++ b/template/stacks/core/crossplane-providers/provider-kind.yaml
@@ -1,9 +1,9 @@
 apiVersion: pkg.crossplane.io/v1
 kind: Provider
 metadata:
-  name: richardrobertreitz-provider-kind
+  name: provider-kind
 spec:
-  package: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/richardrobertreitz/provider-kind:v0.1.0
+  package: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/provider-kind:v0.1.0
   packagePullPolicy: IfNotPresent # Only download the package if it isn’t in the cache.
   revisionActivationPolicy: Automatic # Otherwise our Provider never gets activate & healthy
   revisionHistoryLimit: 1
diff --git a/template/stacks/core/crossplane-providers/provider-shell.yaml b/template/stacks/core/crossplane-providers/provider-shell.yaml
index de54980..4080668 100644
--- a/template/stacks/core/crossplane-providers/provider-shell.yaml
+++ b/template/stacks/core/crossplane-providers/provider-shell.yaml
@@ -1,9 +1,9 @@
 apiVersion: pkg.crossplane.io/v1
 kind: Provider
 metadata:
-  name: richardrobertreitz-provider-shell
+  name: provider-shell
 spec:
-  package: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/richardrobertreitz/provider-shell:v0.1.0
+  package: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/devfw-cicd/provider-shell:v0.1.1
   packagePullPolicy: IfNotPresent # Only download the package if it isn’t in the cache.
   revisionActivationPolicy: Automatic # Otherwise our Provider never gets activate & healthy
   revisionHistoryLimit: 1
diff --git a/template/stacks/core/forgejo-runner/values.yaml b/template/stacks/core/forgejo-runner/values.yaml
deleted file mode 100644
index e737636..0000000
--- a/template/stacks/core/forgejo-runner/values.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-replicaCount: 1
-
-forgejoUrl: http://forgejo-http.gitea.svc.cluster.local:3000
diff --git a/template/stacks/core/forgejo.yaml b/template/stacks/core/forgejo.yaml
index fdc5792..c8328c0 100644
--- a/template/stacks/core/forgejo.yaml
+++ b/template/stacks/core/forgejo.yaml
@@ -22,6 +22,6 @@ spec:
       helm:
         valueFiles:
           - $values/stacks/core/forgejo/values.yaml
-    - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
diff --git a/template/stacks/core/forgejo/values.osc.yaml b/template/stacks/core/forgejo/values.osc.yaml
deleted file mode 100644
index 9ff2a9f..0000000
--- a/template/stacks/core/forgejo/values.osc.yaml
+++ /dev/null
@@ -1,75 +0,0 @@
-redis-cluster:
-  enabled: false
-postgresql:
-  enabled: false
-postgresql-ha:
-  enabled: false
-
-persistence:
-  enabled: true
-  size: 5Gi
-
-test:
-  enabled: false
-
-gitea:
-  admin:
-    existingSecret: gitea-credential
-  config:
-    database:
-      DB_TYPE: sqlite3
-    session:
-      PROVIDER: memory
-    cache:
-      ADAPTER: memory
-    queue:
-      TYPE: level
-    server:
-      DOMAIN: 'gitea.{{ .Values.edfbuilderTargetDomain }}'
-      ROOT_URL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}:443'
-
-service:
-  ssh:
-    type: NodePort
-    nodePort: 32222
-    externalTrafficPolicy: Local
-
-ingress:
-  # NOTE: The ingress is generated in a later step for path based routing feature See: hack/argo-cd/generate-manifests.sh
-  enabled: true
-  className: nginx
-  annotations:
-    dns.gardener.cloud/class: garden
-    dns.gardener.cloud/dnsnames: gitea.{{ .Values.edfbuilderTargetDomain }}
-    dns.gardener.cloud/ttl: "600"
-    nginx.ingress.kubernetes.io/proxy-body-size: 512m
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-  hosts:
-    - host: gitea.{{ .Values.edfbuilderTargetDomain }}
-      paths:
-      - path: /
-        pathType: Prefix
-  tls:
-    - hosts:
-      - gitea.{{ .Values.edfbuilderTargetDomain }}
-      secretName: forgejo-net-tls
-
-image:
-  pullPolicy: "IfNotPresent"
-  # Overrides the image tag whose default is the chart appVersion.
-  #tag: "8.0.3"
-  # Adds -rootless suffix to image name
-  rootless: true
-
-forgejo:
-  runner:
-    enabled: true
-    image:
-      tag: latest
-    # replicas: 3
-    config:
-      runner:
-        labels:
-          - docker:docker://node:16-bullseye
-          - self-hosted:docker://ghcr.io/catthehacker/ubuntu:act-22.04
-          - ubuntu-22.04:docker://ghcr.io/catthehacker/ubuntu:act-22.04
diff --git a/template/stacks/core/forgejo/values.kind.yaml b/template/stacks/core/forgejo/values.yaml
similarity index 59%
rename from template/stacks/core/forgejo/values.kind.yaml
rename to template/stacks/core/forgejo/values.yaml
index 210f6ca..bfcd384 100644
--- a/template/stacks/core/forgejo/values.kind.yaml
+++ b/template/stacks/core/forgejo/values.yaml
@@ -25,8 +25,8 @@ gitea:
     queue:
       TYPE: level
     server:
-      DOMAIN: 'gitea.{{ .Values.edfbuilderTargetDomain }}'
-      ROOT_URL: 'https://gitea.{{ .Values.edfbuilderTargetDomain }}:443'
+      DOMAIN: 'gitea.{{{ .Env.DOMAIN }}}'
+      ROOT_URL: 'https://gitea.{{{ .Env.DOMAIN }}}:443'
 
 service:
   ssh:
@@ -34,23 +34,6 @@ service:
     nodePort: 32222
     externalTrafficPolicy: Local
 
-ingress:
-  # NOTE: The ingress is generated in a later step for path based routing feature See: hack/argo-cd/generate-manifests.sh
-  enabled: true
-  className: nginx
-  annotations: 
-    nginx.ingress.kubernetes.io/proxy-body-size: 512m
-    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-  hosts:
-    - host: gitea.{{ .Values.edfbuilderTargetDomain }}
-      paths:
-      - path: /
-        pathType: Prefix
-  tls:
-    - hosts:
-      - gitea.{{ .Values.edfbuilderTargetDomain }}
-      secretName: forgejo-net-tls
-
 image:
   pullPolicy: "IfNotPresent"
   # Overrides the image tag whose default is the chart appVersion.
diff --git a/template/stacks/core/ingress-apps.yaml b/template/stacks/core/ingress-apps.yaml
new file mode 100644
index 0000000..ae66d9f
--- /dev/null
+++ b/template/stacks/core/ingress-apps.yaml
@@ -0,0 +1,22 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: ingress-apps
+  namespace: argocd
+  labels:
+    example: ref-implementation
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  destination:
+    server: "https://kubernetes.default.svc"
+  source:
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
+    targetRevision: HEAD
+    path: "stacks/core/ingress-apps"
+  project: default
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/template/stacks/core/ingress-apps/argo-workflows-ingress.yaml b/template/stacks/core/ingress-apps/argo-workflows-ingress.yaml
new file mode 100644
index 0000000..6b63a55
--- /dev/null
+++ b/template/stacks/core/ingress-apps/argo-workflows-ingress.yaml
@@ -0,0 +1,31 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+    nginx.ingress.kubernetes.io/use-regex: "true"
+  name: argo-workflows-ingress
+  namespace: argo
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: localhost
+    http:
+      paths:
+      - backend:
+          service:
+            name: argo-server
+            port:
+              name: web
+        path: /argo-workflows(/|$)(.*)
+        pathType: ImplementationSpecific
+  - host: {{{ .Env.DOMAIN }}}
+    http:
+      paths:
+      - backend:
+          service:
+            name: argo-server
+            port:
+              name: web
+        path: /argo-workflows(/|$)(.*)
+        pathType: ImplementationSpecific
diff --git a/template/stacks/core/ingress-apps/argocd-server.yaml b/template/stacks/core/ingress-apps/argocd-server.yaml
new file mode 100644
index 0000000..0446b6c
--- /dev/null
+++ b/template/stacks/core/ingress-apps/argocd-server.yaml
@@ -0,0 +1,32 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/backend-protocol: HTTP
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/rewrite-target: /$2
+    nginx.ingress.kubernetes.io/use-regex: "true"
+{{{ if eq .Env.CLUSTER_TYPE "osc" }}}
+    dns.gardener.cloud/class: garden
+    dns.gardener.cloud/dnsnames: {{{ .Env.DOMAIN }}}
+    dns.gardener.cloud/ttl: "600"
+{{{ end }}}
+  name: argocd-server
+  namespace: argocd
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: {{{ .Env.DOMAIN }}}
+    http:
+      paths:
+      - backend:
+          service:
+            name: argocd-server
+            port:
+              number: 80
+        path: /argocd(/|$)(.*)
+        pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    - {{{ .Env.DOMAIN }}}
+    secretName: argocd-net-tls
diff --git a/template/stacks/core/ingress-apps/backstage.yaml b/template/stacks/core/ingress-apps/backstage.yaml
new file mode 100644
index 0000000..4eef936
--- /dev/null
+++ b/template/stacks/core/ingress-apps/backstage.yaml
@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: backstage
+  namespace: backstage
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: localhost
+    http:
+      paths:
+      - backend:
+          service:
+            name: backstage
+            port:
+              name: http
+        path: /
+        pathType: Prefix
+  - host: {{{ .Env.DOMAIN }}}
+    http:
+      paths:
+      - backend:
+          service:
+            name: backstage
+            port:
+              name: http
+        path: /
+        pathType: Prefix
diff --git a/template/stacks/core/ingress-apps/fibonacci-service.yaml b/template/stacks/core/ingress-apps/fibonacci-service.yaml
new file mode 100644
index 0000000..622cceb
--- /dev/null
+++ b/template/stacks/core/ingress-apps/fibonacci-service.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: fibonacci-service
+  namespace: fibonacci-app
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: {{{ .Env.DOMAIN }}}
+    http:
+      paths:
+      - backend:
+          service:
+            name: fibonacci-service
+            port:
+              number: 9090
+        path: /fibonacci
+        pathType: Prefix
diff --git a/template/stacks/core/ingress-apps/forgejo.yaml b/template/stacks/core/ingress-apps/forgejo.yaml
new file mode 100644
index 0000000..3143875
--- /dev/null
+++ b/template/stacks/core/ingress-apps/forgejo.yaml
@@ -0,0 +1,30 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: 512m
+{{{ if eq .Env.CLUSTER_TYPE "osc" }}}
+    dns.gardener.cloud/class: garden
+    dns.gardener.cloud/dnsnames: gitea.{{{ .Env.DOMAIN }}}
+    dns.gardener.cloud/ttl: "600"
+{{{ end }}}
+  name: forgejo
+  namespace: gitea
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: gitea.{{{ .Env.DOMAIN }}}
+    http:
+      paths:
+      - backend:
+          service:
+            name: forgejo-http
+            port:
+              number: 3000
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - gitea.{{{ .Env.DOMAIN }}}
+    secretName: forgejo-net-tls
diff --git a/template/stacks/core/ingress-apps/keycloak-ingress-localhost.yaml b/template/stacks/core/ingress-apps/keycloak-ingress-localhost.yaml
new file mode 100644
index 0000000..4dcc41c
--- /dev/null
+++ b/template/stacks/core/ingress-apps/keycloak-ingress-localhost.yaml
@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: keycloak-ingress-localhost
+  namespace: keycloak
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: localhost
+    http:
+      paths:
+      - backend:
+          service:
+            name: keycloak
+            port:
+              name: http
+        path: /keycloak
+        pathType: ImplementationSpecific
+  - host: {{{ .Env.DOMAIN }}}
+    http:
+      paths:
+      - backend:
+          service:
+            name: keycloak
+            port:
+              name: http
+        path: /keycloak
+        pathType: ImplementationSpecific
diff --git a/template/stacks/core/ingress-apps/kube-prometheus-stack-grafana.yaml b/template/stacks/core/ingress-apps/kube-prometheus-stack-grafana.yaml
new file mode 100644
index 0000000..e60ebe7
--- /dev/null
+++ b/template/stacks/core/ingress-apps/kube-prometheus-stack-grafana.yaml
@@ -0,0 +1,18 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: kube-prometheus-stack-grafana
+  namespace: monitoring
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: {{{ .Env.DOMAIN }}}
+    http:
+      paths:
+      - backend:
+          service:
+            name: kube-prometheus-stack-grafana
+            port:
+              number: 80
+        path: /grafana
+        pathType: Prefix
diff --git a/template/stacks/core/ingress-apps/minio-console.yaml b/template/stacks/core/ingress-apps/minio-console.yaml
new file mode 100644
index 0000000..19e2452
--- /dev/null
+++ b/template/stacks/core/ingress-apps/minio-console.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: minio-console
+  namespace: minio-backup
+{{{ if eq .Env.CLUSTER_TYPE "osc" }}}
+  annotations:
+    dns.gardener.cloud/class: garden
+    dns.gardener.cloud/dnsnames: minio-backup.{{{ .Env.DOMAIN }}}
+    dns.gardener.cloud/ttl: "600"
+{{{ end }}}
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: minio-backup.{{{ .Env.DOMAIN }}}
+    http:
+      paths:
+      - backend:
+          service:
+            name: minio-console
+            port:
+              number: 9001
+        path: /
+        pathType: Prefix
diff --git a/template/stacks/core/ingress-apps/openbao.yaml b/template/stacks/core/ingress-apps/openbao.yaml
new file mode 100644
index 0000000..26b379f
--- /dev/null
+++ b/template/stacks/core/ingress-apps/openbao.yaml
@@ -0,0 +1,24 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: openbao
+  namespace: openbao
+{{{ if eq .Env.CLUSTER_TYPE "osc" }}}
+  annotations:
+    dns.gardener.cloud/class: garden
+    dns.gardener.cloud/dnsnames: openbao.{{{ .Env.DOMAIN }}}
+    dns.gardener.cloud/ttl: "600"
+{{{ end }}}
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: openbao.{{{ .Env.DOMAIN }}}
+    http:
+      paths:
+      - backend:
+          service:
+            name: openbao
+            port:
+              number: 8200
+        path: /
+        pathType: Prefix
diff --git a/template/stacks/core/ingress-nginx.yaml b/template/stacks/core/ingress-nginx.yaml
index 0774a2c..4e1f1a8 100644
--- a/template/stacks/core/ingress-nginx.yaml
+++ b/template/stacks/core/ingress-nginx.yaml
@@ -22,6 +22,6 @@ spec:
       helm:
         valueFiles:
           - $values/stacks/core/ingress-nginx/values.yaml
-    - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
diff --git a/template/stacks/core/ingress-nginx/values.osc.yaml b/template/stacks/core/ingress-nginx/values.osc.yaml
deleted file mode 100644
index 872c826..0000000
--- a/template/stacks/core/ingress-nginx/values.osc.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-controller:
-  updateStrategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxUnavailable: 1
-
-  ingressClassResource:
-    name: nginx
-
-  # added for idpbuilder
-  allowSnippetAnnotations: true
-
-  # added for idpbuilder
-  config: 
-    proxy-buffer-size: 32k
-    use-forwarded-headers: "true"
diff --git a/template/stacks/core/ingress-nginx/values.kind.yaml b/template/stacks/core/ingress-nginx/values.yaml
similarity index 74%
rename from template/stacks/core/ingress-nginx/values.kind.yaml
rename to template/stacks/core/ingress-nginx/values.yaml
index 7930bc9..7bb7aa2 100644
--- a/template/stacks/core/ingress-nginx/values.kind.yaml
+++ b/template/stacks/core/ingress-nginx/values.yaml
@@ -3,12 +3,32 @@ controller:
     type: RollingUpdate
     rollingUpdate:
       maxUnavailable: 1
+
+  ingressClassResource:
+    name: nginx
+
+  # added for idpbuilder
+  allowSnippetAnnotations: true
+
+  # added for idpbuilder
+  config:
+    proxy-buffer-size: 32k
+    use-forwarded-headers: "true"
+
+  # monitoring nginx
+  metrics:
+    enabled: true
+    serviceMonitor:
+      additionalLabels: 
+        release: "ingress-nginx"  
+      enabled: true
+
+{{{ if eq .Env.CLUSTER_TYPE "kind" }}}
   hostPort:
     enabled: true
   terminationGracePeriodSeconds: 0
   service:
     type: NodePort
-  watchIngressWithoutClass: true
 
   nodeSelector:
     ingress-ready: "true"
@@ -26,11 +46,4 @@ controller:
     publish-status-address: localhost
     # added for idpbuilder
     enable-ssl-passthrough: ""
-
-  # added for idpbuilder
-  allowSnippetAnnotations: true
-
-  # added for idpbuilder
-  config: 
-    proxy-buffer-size: 32k
-    use-forwarded-headers: "true"
+{{{ end }}}
diff --git a/template/stacks/local-backup/README.md b/template/stacks/local-backup/README.md
new file mode 100644
index 0000000..3ded63d
--- /dev/null
+++ b/template/stacks/local-backup/README.md
@@ -0,0 +1,126 @@
+# Local Backup with Velero and Minio
+
+This is example is adapted from the original icpbuilder stack.
+
+The two significant changes from the original were made:
+
+* disabled `hostPath` mount to persist backups within kind, since backups do not work sufficiently in this example due to PVC issues, see below.
+* renamed `minio` namespace to `minio-backup` so it does not collide with other minio examples.
+
+Within kind, it can only backup kubernetes objects. Data from PVC's is skipped, see below why.
+
+[Velero](https://velero.io/) requires some compatible storage providers as its backup target. This local installation uses [MinIO](https://min.io/) as an example.
+However, MinIO is not officially supported by Velero but works due to S3 compatibility.
+
+The current setup does NOT persist backups but stores them in MinIO's PVCs. Proper backups should configure external storage, see [Supported Providers](https://velero.io/docs/main/supported-providers/).
+
+## Installation
+
+The stack is installed as part of the `./example.sh` run.
+
+In order to persist a local backup you have to mount a local directory within `main.go`:
+
+```yaml
+nodes:
+  - role: control-plane
+    extraMounts:
+      - hostPath: /some/path/backup # replace with your own path
+        containerPath: /backup
+```
+
+Kind creates the directory on the host but you might have to adjust the permissions, otherwise the minio pod fails to start.
+
+## Using it
+
+After the installation velero and minio should be visible in ArgoCD.
+
+During the installation credentials for minio are generated and shared with velero. You can access them manually:
+
+```bash
+kubectl -n minio-backup get secret root-creds -o go-template='{{ range $key, $value := .data }}{{ printf "%s: %s\n" $key ($value | base64decode) }}{{ end }}'
+# example output
+# rootPassword: aKKZzLnyry6OYZts17vMTf32H5ghFL4WYgu6bHujm
+# rootUser: ge8019yksArb7BICt3MLY9
+```
+
+A bucket in minio was created and velero uses it for its backups by default, see helm `values.yaml` files.
+
+
+### Backup and Restore
+
+Backups and subsequent restores can be scheduled by either using the velero cli or by creating CRD objects.
+
+Check the `./demo` directory for equivalent CRD manifests.
+
+Create a backup of the backstage namespace, see `schedule` task for more permanent setups:
+
+```shell
+velero backup create backstage-backup --include-namespaces backstage
+```
+
+There are more options to create a fine granular backup and to set the backup storage.
+See velero's docs for details.
+
+Check the backup with:
+```shell
+velero backup get
+```
+
+To get more details on the backup you need to be able to connect to velero's backup storage, i.e. minio.
+Using `kubefwd` here helps a lot (this is not necessary for restore).
+
+```shell
+kubefwd services -n minio-backup
+```
+
+More details with `describe` and `logs`:
+
+```shell
+velero backup describe backstage-backup --details
+velero backup logs backstage-backup
+```
+
+Restore the backup into the original namespace, you might want to delete the existing namespace beforehand:
+
+```shell
+kubectl delete namespace backstage
+velero restore create --from-backup backstage-backup
+```
+
+When restoring, velero does not replace existing objects in the backup target.
+
+ArgoCD does pickup on the changes and also validates that the backup is in sync.
+
+
+## Issues with Persistent Volumes
+
+Velero has no issue to backup kubernetes objects like Deployments, ConfigMaps, etc. since they are just yaml/json definitions.
+Volumes containing data are, however, more complex. The preferred type of backup are kubernetes' VolumeSnapshots as they consistently store the state
+of a volume at a given point in time in an atomic action. Those snapshots live within the cluster and are subsequently downloaded into one of velero's
+storage backends for safekeeping.
+
+However, VolumeSnapshots are only possible on storage backends that support them via CSI drivers.
+Backends like `nfs` or `hostPath` do NOT support them. Here, velero uses an alternative method
+called [File System Backups](https://velero.io/docs/main/file-system-backup/).
+In essence, this a simple copy operation based on the file system. Even though
+this uses more sophisticated tooling under the hood, i.e. kopia, it is not
+possible to create a backup in an atomic transaction. Thus, the resulting backup
+might be inconsistent.
+
+Furthermore, for file system backups to work velero installs a node-agent as a
+DaemonSet on each Kubernetes node. The agent is aware of the node's internal
+storage and accesses the directories on the host directly to copy the files.
+This is not supported for hostPath volumes as they mount an arbitrary path
+on the host. In theory, a backup is possible but due extra config and security
+considerations intentionally skipped. Kind's local-path provider storage uses
+a hostPath and is thus not supported for any kind of backup.
+
+## TODOs
+
+* The MinIO -backup installation is only intended as an example and must either
+be configured properly or replaced.
+
+* The current example does not automatically schedule backups.
+
+* velero chart must be properly parameterized
+
diff --git a/template/stacks/local-backup/demo/backup.yaml b/template/stacks/local-backup/demo/backup.yaml
new file mode 100644
index 0000000..e335141
--- /dev/null
+++ b/template/stacks/local-backup/demo/backup.yaml
@@ -0,0 +1,9 @@
+# velero backup create backstage-backup --include-namespaces backstage
+apiVersion: velero.io/v1
+kind: Backup
+metadata:
+  name: backstage-backup
+  namespace: velero
+spec:
+  includedNamespaces:
+    - 'backstage'
diff --git a/template/stacks/local-backup/demo/restore.yaml b/template/stacks/local-backup/demo/restore.yaml
new file mode 100644
index 0000000..b0fd5b5
--- /dev/null
+++ b/template/stacks/local-backup/demo/restore.yaml
@@ -0,0 +1,10 @@
+# velero restore create --from-backup backstage-backup
+apiVersion: velero.io/v1
+kind: Restore
+metadata:
+  name: backstage-backup
+  namespace: velero
+spec:
+  backupName: backstage-backup
+  includedNamespaces:
+    - 'backstage'
diff --git a/template/stacks/local-backup/minio.yaml b/template/stacks/local-backup/minio.yaml
new file mode 100644
index 0000000..5163ef0
--- /dev/null
+++ b/template/stacks/local-backup/minio.yaml
@@ -0,0 +1,33 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: minio
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  sources:
+    - repoURL: 'https://charts.min.io'
+      targetRevision: 5.0.15
+      helm:
+        releaseName: minio
+        valueFiles:
+          - $values/stacks/local-backup/minio/helm/values.yaml
+      chart: minio
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
+      targetRevision: HEAD
+      ref: values
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
+      targetRevision: HEAD
+      path: "stacks/local-backup/minio/manifests"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: minio-backup
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      selfHeal: true
diff --git a/template/stacks/local-backup/minio/helm/values.yaml b/template/stacks/local-backup/minio/helm/values.yaml
new file mode 100644
index 0000000..eff14f0
--- /dev/null
+++ b/template/stacks/local-backup/minio/helm/values.yaml
@@ -0,0 +1,17 @@
+replicas: 1
+mode: standalone
+
+resources:
+  requests:
+    memory: 128Mi
+
+persistence:
+  enabled: true
+  storageClass: standard
+  size: 512Mi
+  # volumeName: backup # re-enable this to mount a local host path, see minio-pv.yaml
+
+buckets:
+  - name: edfbuilder-backups
+
+existingSecret: root-creds
diff --git a/template/stacks/local-backup/minio/manifests/minio-pv.yaml b/template/stacks/local-backup/minio/manifests/minio-pv.yaml
new file mode 100644
index 0000000..8f2c88c
--- /dev/null
+++ b/template/stacks/local-backup/minio/manifests/minio-pv.yaml
@@ -0,0 +1,13 @@
+# re-enable this config to mount a local host path, see `../helm/values.yaml`
+# apiVersion: v1
+# kind: PersistentVolume
+# metadata:
+#   name: backup
+# spec:
+#   storageClassName: standard
+#   accessModes:
+#     - ReadWriteOnce
+#   capacity:
+#     storage: 512Mi
+#   hostPath:
+#     path: /backup
diff --git a/template/stacks/local-backup/minio/manifests/secret-sync.yaml b/template/stacks/local-backup/minio/manifests/secret-sync.yaml
new file mode 100644
index 0000000..c4c7032
--- /dev/null
+++ b/template/stacks/local-backup/minio/manifests/secret-sync.yaml
@@ -0,0 +1,154 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: secret-sync
+  namespace: minio-backup
+  annotations:
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/sync-wave: "-20"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: secret-sync
+  namespace: minio-backup
+  annotations:
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/sync-wave: "-20"
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create", "update", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: secret-sync
+  namespace: minio-backup
+  annotations:
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/sync-wave: "-20"
+subjects:
+  - kind: ServiceAccount
+    name: secret-sync
+    namespace: minio-backup
+roleRef:
+  kind: Role
+  name: secret-sync
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: secret-sync
+  namespace: velero
+  annotations:
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/sync-wave: "-20"
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create", "update", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: secret-sync
+  namespace: velero
+  annotations:
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/sync-wave: "-20"
+subjects:
+  - kind: ServiceAccount
+    name: secret-sync
+    namespace: minio-backup
+roleRef:
+  kind: Role
+  name: secret-sync
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: secret-sync
+  namespace: minio-backup
+  annotations:
+    argocd.argoproj.io/hook: PostSync
+spec:
+  template:
+    metadata:
+      generateName: secret-sync
+    spec:
+      serviceAccountName: secret-sync
+      restartPolicy: Never
+      containers:
+        - name: kubectl
+          image: docker.io/bitnami/kubectl
+          command: ["/bin/bash", "-c"]
+          args:
+            - |
+              set -e
+              kubectl get secrets -n minio-backup root-creds -o json > /tmp/secret
+              ACCESS=$(jq -r '.data.rootUser | @base64d'  /tmp/secret)
+              SECRET=$(jq -r '.data.rootPassword | @base64d'  /tmp/secret)
+              
+              echo \
+              "apiVersion: v1
+              kind: Secret
+              metadata:
+                name: secret-key
+                namespace: velero
+              type: Opaque
+              stringData:
+                aws: |
+                  [default]
+                    aws_access_key_id=${ACCESS}
+                    aws_secret_access_key=${SECRET}
+              " > /tmp/secret.yaml
+              
+              kubectl apply -f /tmp/secret.yaml
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: minio-root-creds
+  namespace: minio-backup
+  annotations:
+    argocd.argoproj.io/hook: Sync
+    argocd.argoproj.io/sync-wave: "-10"
+spec:
+  template:
+    metadata:
+      generateName: minio-root-creds
+    spec:
+      serviceAccountName: secret-sync
+      restartPolicy: Never
+      containers:
+        - name: kubectl
+          image: docker.io/bitnami/kubectl
+          command: ["/bin/bash", "-c"]
+          args:
+            - |
+              kubectl get secrets -n minio-backup root-creds
+              if [ $? -eq 0 ]; then
+                exit 0
+              fi
+              
+              set -e
+              
+              NAME=$(openssl rand -base64 24)
+              PASS=$(openssl rand -base64 36)
+              
+              echo \
+              "apiVersion: v1
+              kind: Secret
+              metadata:
+                name: root-creds
+                namespace: minio-backup
+              type: Opaque
+              stringData:
+                rootUser: "${NAME}"
+                rootPassword: "${PASS}"
+              " > /tmp/secret.yaml
+              
+              kubectl apply -f /tmp/secret.yaml
diff --git a/template/stacks/local-backup/velero.yaml b/template/stacks/local-backup/velero.yaml
new file mode 100644
index 0000000..a798f63
--- /dev/null
+++ b/template/stacks/local-backup/velero.yaml
@@ -0,0 +1,31 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: velero
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  sources:
+    - repoURL: 'https://vmware-tanzu.github.io/helm-charts'
+      targetRevision: 8.0.0
+      helm:
+        releaseName: velero
+        valueFiles:
+          - $values/stacks/local-backup/velero/helm/values.yaml
+      chart: velero
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
+      targetRevision: HEAD
+      ref: values
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: velero
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/template/stacks/local-backup/velero/helm/values.yaml b/template/stacks/local-backup/velero/helm/values.yaml
new file mode 100644
index 0000000..5b7d8d7
--- /dev/null
+++ b/template/stacks/local-backup/velero/helm/values.yaml
@@ -0,0 +1,25 @@
+resources:
+  requests:
+    memory: 128Mi
+initContainers:
+  - name: velero-plugin-for-aws
+    image: velero/velero-plugin-for-aws:v1.11.0
+    imagePullPolicy: IfNotPresent
+    volumeMounts:
+      - mountPath: /target
+        name: plugins
+# snapshotsEnabled: false # create snapshot crd?
+# deployNodeAgent: true # install node agent as daemonset for file system backups?
+configuration:
+  # defaultVolumesToFsBackup: true # backup pod volumes via fsb without explicit annotation?
+  backupStorageLocation:
+    - name: default
+      provider: aws
+      bucket: edfbuilder-backups
+      credential:
+        name: secret-key # this key is created within the minio-backup/secret-sync and injected into the velero namespace
+        key: aws
+      config:
+        region: minio
+        s3Url: http://minio.minio-backup.svc.cluster.local:9000 # internal resolution, external access for velero cli via fwd
+        s3ForcePathStyle: "true"
diff --git a/template/stacks/monitoring/grafana-dashboards.yaml b/template/stacks/monitoring/grafana-dashboards.yaml
new file mode 100644
index 0000000..f27e669
--- /dev/null
+++ b/template/stacks/monitoring/grafana-dashboards.yaml
@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: grafana-dashboards
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
+    targetRevision: HEAD
+    path: "stacks/monitoring/kube-prometheus/dashboards"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: monitoring
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      selfHeal: true
+    retry:
+      limit: -1
\ No newline at end of file
diff --git a/template/stacks/monitoring/kube-prometheus.yaml b/template/stacks/monitoring/kube-prometheus.yaml
index c0d1347..f4f6ea5 100644
--- a/template/stacks/monitoring/kube-prometheus.yaml
+++ b/template/stacks/monitoring/kube-prometheus.yaml
@@ -14,7 +14,7 @@ spec:
       selfHeal: true
     syncOptions:
       - CreateNamespace=true
-      - ServerSideApply=true
+      - ServerSideApply=true  # do not copy metdata, since (because of its large size) it can lead to sync failure
   destination:
     name: in-cluster
     namespace: monitoring
@@ -25,6 +25,6 @@ spec:
       helm:
         valueFiles:
           - $values/stacks/monitoring/kube-prometheus/values.yaml
-    - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
-      ref: values
\ No newline at end of file
+      ref: values
diff --git a/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_apps.yaml b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_apps.yaml
new file mode 100644
index 0000000..9e84526
--- /dev/null
+++ b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_apps.yaml
@@ -0,0 +1,268 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-dashboard-1
+  labels:
+    grafana_dashboard: "1"
+data:
+  k8s-dashboard-01.json: |
+    {
+        "annotations": {
+            "list": [
+                {
+                    "builtIn": 1,
+                    "datasource": {
+                        "type": "grafana",
+                        "uid": "-- Grafana --"
+                    },
+                    "enable": true,
+                    "hide": true,
+                    "iconColor": "rgba(0, 211, 255, 1)",
+                    "name": "Annotations & Alerts",
+                    "type": "dashboard"
+                }
+            ]
+        },
+        "editable": true,
+        "fiscalYearStartMonth": 0,
+        "graphTooltip": 0,
+        "id": 1,
+        "links": [
+        ],
+        "panels": [
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 0
+                },
+                "id": 5,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "expr": "{app=\"crossplane\"}",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: App crossplane",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 8
+                },
+                "id": 4,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "expr": "{app=\"argo-server\"}",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: App argo-server",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 16
+                },
+                "id": 3,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "expr": "{app=\"forgejo\"}",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: App forgejo",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 24
+                },
+                "id": 2,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "expr": "{app=\"backstage\"}",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: App backstage",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 32
+                },
+                "id": 1,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "expr": "{app=\"shoot-control-plane\"}",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: App shoot-control-plane",
+                "type": "logs"
+            }
+        ],
+        "preload": false,
+        "schemaVersion": 40,
+        "tags": [
+        ],
+        "templating": {
+            "list": [
+            ]
+        },
+        "time": {
+            "from": "now-6h",
+            "to": "now"
+        },
+        "timepicker": {
+        },
+        "timezone": "browser",
+        "title": "Loki Logs: Apps",
+        "uid": "ee4iuluru756of",
+        "version": 2,
+        "weekStart": ""
+    }
\ No newline at end of file
diff --git a/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_components.yaml b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_components.yaml
new file mode 100644
index 0000000..b35ed60
--- /dev/null
+++ b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_components.yaml
@@ -0,0 +1,845 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-dashboard-2
+  labels:
+    grafana_dashboard: "1"
+data:
+  k8s-dashboard-02.json: |
+    {
+        "annotations": {
+            "list": [
+                {
+                    "builtIn": 1,
+                    "datasource": {
+                        "type": "grafana",
+                        "uid": "-- Grafana --"
+                    },
+                    "enable": true,
+                    "hide": true,
+                    "iconColor": "rgba(0, 211, 255, 1)",
+                    "name": "Annotations & Alerts",
+                    "type": "dashboard"
+                }
+            ]
+        },
+        "editable": true,
+        "fiscalYearStartMonth": 0,
+        "graphTooltip": 0,
+        "id": 30,
+        "links": [
+        ],
+        "panels": [
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 0
+                },
+                "id": 19,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"server\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component server",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 8
+                },
+                "id": 17,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"repo-server\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component repo-server",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 16
+                },
+                "id": 16,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"redis\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component redis",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 24
+                },
+                "id": 15,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"query-frontend\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component query-frontend",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 32
+                },
+                "id": 14,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"querier\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component querier",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 40
+                },
+                "id": 13,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"prometheus-operator-webhook\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component prometheus-operator-webhook",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 48
+                },
+                "id": 12,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"prometheus-operator\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component prometheus-operator",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 56
+                },
+                "id": 11,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"metrics\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component metrics",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 64
+                },
+                "id": 10,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"kube-scheduler\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component kube-scheduler",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 72
+                },
+                "id": 9,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"kube-controller-manager\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component kube-controller-manager",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 80
+                },
+                "id": 8,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"kube-apiserver\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component kube-apiserver",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 88
+                },
+                "id": 7,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"ingester\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component ingester",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 96
+                },
+                "id": 6,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"gateway\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component gateway",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 104
+                },
+                "id": 5,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"etcd\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component etcd",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 112
+                },
+                "id": 4,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"distributor\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component distributor",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 120
+                },
+                "id": 3,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"controller\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component controller",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 128
+                },
+                "id": 2,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"cloud-infrastructure-controller\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component cloud-infrastructure-controller",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 136
+                },
+                "id": 1,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{component=\"applicationset-controller\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Component application-controller",
+                "type": "logs"
+            }
+        ],
+        "preload": false,
+        "schemaVersion": 40,
+        "tags": [
+        ],
+        "templating": {
+            "list": [
+            ]
+        },
+        "time": {
+            "from": "now-6h",
+            "to": "now"
+        },
+        "timepicker": {
+        },
+        "timezone": "browser",
+        "title": "Loki Logs: Components",
+        "uid": "ae4zuyp1kui9sc",
+        "version": 2,
+        "weekStart": ""
+    }
\ No newline at end of file
diff --git a/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_container.yaml b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_container.yaml
new file mode 100644
index 0000000..267bd90
--- /dev/null
+++ b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_loki_container.yaml
@@ -0,0 +1,537 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-dashboard-3
+  labels:
+    grafana_dashboard: "1"
+data:
+  k8s-dashboard-03.json: |
+    {
+        "annotations": {
+            "list": [
+                {
+                    "builtIn": 1,
+                    "datasource": {
+                        "type": "grafana",
+                        "uid": "-- Grafana --"
+                    },
+                    "enable": true,
+                    "hide": true,
+                    "iconColor": "rgba(0, 211, 255, 1)",
+                    "name": "Annotations & Alerts",
+                    "type": "dashboard"
+                }
+            ]
+        },
+        "editable": true,
+        "fiscalYearStartMonth": 0,
+        "graphTooltip": 0,
+        "id": 31,
+        "links": [
+        ],
+        "panels": [
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 0
+                },
+                "id": 11,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{container=\"repo-server\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Container repo-server",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 8
+                },
+                "id": 10,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{container=\"promtail\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Container promtail",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 16
+                },
+                "id": 9,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{container=\"prometheus\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Container prometheus",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 24
+                },
+                "id": 8,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{container=\"postgres\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Container postgres",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 32
+                },
+                "id": 7,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{container=\"kube-prometheus-stack\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Container kube-prometheus-stack",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 40
+                },
+                "id": 6,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{container=\"keycloak\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Container keycloak",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 48
+                },
+                "id": 5,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{container=\"grafana\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Container grafana",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 56
+                },
+                "id": 4,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{container=\"forgejo\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Container forgejo",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 64
+                },
+                "id": 3,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{container=\"crossplane\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Container crossplane",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 72
+                },
+                "id": 2,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{container=\"backstage\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Container backstage",
+                "type": "logs"
+            },
+            {
+                "datasource": {
+                    "type": "loki",
+                    "uid": "P8E80F9AEF21F6940"
+                },
+                "fieldConfig": {
+                    "defaults": {
+                    },
+                    "overrides": [
+                    ]
+                },
+                "gridPos": {
+                    "h": 8,
+                    "w": 24,
+                    "x": 0,
+                    "y": 80
+                },
+                "id": 1,
+                "options": {
+                    "dedupStrategy": "none",
+                    "enableLogDetails": true,
+                    "prettifyLogMessage": false,
+                    "showCommonLabels": false,
+                    "showLabels": false,
+                    "showTime": false,
+                    "sortOrder": "Descending",
+                    "wrapLogMessage": false
+                },
+                "pluginVersion": "11.3.1",
+                "targets": [
+                    {
+                        "datasource": {
+                            "type": "loki",
+                            "uid": "P8E80F9AEF21F6940"
+                        },
+                        "editorMode": "builder",
+                        "expr": "{container=\"argo-server\"} |= ``",
+                        "queryType": "range",
+                        "refId": "A"
+                    }
+                ],
+                "title": "Logs: Container argo-server",
+                "type": "logs"
+            }
+        ],
+        "preload": false,
+        "schemaVersion": 40,
+        "tags": [
+        ],
+        "templating": {
+            "list": [
+            ]
+        },
+        "time": {
+            "from": "now-6h",
+            "to": "now"
+        },
+        "timepicker": {
+        },
+        "timezone": "browser",
+        "title": "Loki Logs: Container",
+        "uid": "ee50bcaehmv40e",
+        "version": 2,
+        "weekStart": ""
+    }
\ No newline at end of file
diff --git a/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_nginx-ingress.yaml b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_nginx-ingress.yaml
new file mode 100644
index 0000000..8436c8c
--- /dev/null
+++ b/template/stacks/monitoring/kube-prometheus/dashboards/dashboard_nginx-ingress.yaml
@@ -0,0 +1,1577 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: grafana-dashboard-4
+  labels:
+    grafana_dashboard: "1"
+data:
+  k8s-dashboard-04.json: |
+    {
+        "annotations": {
+            "list": [
+            {
+                "builtIn": 1,
+                "datasource": {
+                "type": "grafana",
+                "uid": "-- Grafana --"
+                },
+                "enable": true,
+                "hide": true,
+                "iconColor": "rgba(0, 211, 255, 1)",
+                "name": "Annotations & Alerts",
+                "type": "dashboard"
+            }
+            ]
+        },
+        "editable": true,
+        "fiscalYearStartMonth": 0,
+        "graphTooltip": 0,
+        "id": 32,
+        "links": [],
+        "panels": [
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green",
+                        "value": null
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 0
+            },
+            "id": 16,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_response_size_sum",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller response size sum",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green",
+                        "value": null
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 8
+            },
+            "id": 15,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_response_duration_seconds_sum",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller response duration seconds sum",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green",
+                        "value": null
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 16
+            },
+            "id": 14,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_request_size_sum",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller request size sum",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green",
+                        "value": null
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 24
+            },
+            "id": 13,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_request_duration_seconds_sum",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller request duration seconds sum",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green"
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 32
+            },
+            "id": 12,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_orphan_ingress",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller orphan ingress",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green"
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 40
+            },
+            "id": 11,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_nginx_process_requests_total",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller nginx process requests total",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green"
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 48
+            },
+            "id": 10,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_nginx_process_read_bytes_total",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller nginx process read bytes total",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green"
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 56
+            },
+            "id": 9,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_nginx_process_connections_total",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller nginx process connections total",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green"
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 64
+            },
+            "id": 8,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_ingress_upstream_latency_seconds_sum",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller ingress upstream latency seconds sum",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green"
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 72
+            },
+            "id": 7,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_header_duration_seconds_sum",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller header duration seconds sum",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green"
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 80
+            },
+            "id": 6,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_connect_duration_seconds_sum",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller connect duration seconds sum",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green"
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 88
+            },
+            "id": 5,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_config_last_reload_successful_timestamp_seconds",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller config last reload successful timestamp seconds",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green"
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 96
+            },
+            "id": 4,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_bytes_sent_sum",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller bytes sent sum",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green"
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 104
+            },
+            "id": 3,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_admission_roundtrip_duration",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller admission roundtrip duration",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green"
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 112
+            },
+            "id": 2,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_admission_render_ingresses",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller admission render ingresses",
+            "type": "timeseries"
+            },
+            {
+            "datasource": {
+                "type": "prometheus",
+                "uid": "prometheus"
+            },
+            "fieldConfig": {
+                "defaults": {
+                "color": {
+                    "mode": "palette-classic"
+                },
+                "custom": {
+                    "axisBorderShow": false,
+                    "axisCenteredZero": false,
+                    "axisColorMode": "text",
+                    "axisLabel": "",
+                    "axisPlacement": "auto",
+                    "barAlignment": 0,
+                    "barWidthFactor": 0.6,
+                    "drawStyle": "line",
+                    "fillOpacity": 0,
+                    "gradientMode": "none",
+                    "hideFrom": {
+                    "legend": false,
+                    "tooltip": false,
+                    "viz": false
+                    },
+                    "insertNulls": false,
+                    "lineInterpolation": "linear",
+                    "lineWidth": 1,
+                    "pointSize": 5,
+                    "scaleDistribution": {
+                    "type": "linear"
+                    },
+                    "showPoints": "auto",
+                    "spanNulls": false,
+                    "stacking": {
+                    "group": "A",
+                    "mode": "none"
+                    },
+                    "thresholdsStyle": {
+                    "mode": "off"
+                    }
+                },
+                "mappings": [],
+                "thresholds": {
+                    "mode": "absolute",
+                    "steps": [
+                    {
+                        "color": "green"
+                    },
+                    {
+                        "color": "red",
+                        "value": 80
+                    }
+                    ]
+                }
+                },
+                "overrides": []
+            },
+            "gridPos": {
+                "h": 8,
+                "w": 24,
+                "x": 0,
+                "y": 120
+            },
+            "id": 1,
+            "options": {
+                "legend": {
+                "calcs": [],
+                "displayMode": "list",
+                "placement": "bottom",
+                "showLegend": true
+                },
+                "tooltip": {
+                "mode": "single",
+                "sort": "none"
+                }
+            },
+            "pluginVersion": "11.3.1",
+            "targets": [
+                {
+                "datasource": {
+                    "type": "prometheus",
+                    "uid": "prometheus"
+                },
+                "disableTextWrap": false,
+                "editorMode": "builder",
+                "expr": "nginx_ingress_controller_admission_render_duration",
+                "fullMetaSearch": false,
+                "includeNullMetadata": true,
+                "legendFormat": "__auto",
+                "range": true,
+                "refId": "A",
+                "useBackend": false
+                }
+            ],
+            "title": "nginx ingress controller admission render duration",
+            "type": "timeseries"
+            }
+        ],
+        "preload": false,
+        "schemaVersion": 40,
+        "tags": [],
+        "templating": {
+            "list": []
+        },
+        "time": {
+            "from": "now-6h",
+            "to": "now"
+        },
+        "timepicker": {},
+        "timezone": "browser",
+        "title": "Nginx Ingress Controller",
+        "uid": "ae6eoqdik5n28e",
+        "version": 1,
+        "weekStart": ""
+    }
\ No newline at end of file
diff --git a/template/stacks/monitoring/kube-prometheus/values.yaml b/template/stacks/monitoring/kube-prometheus/values.yaml
index d4f21b9..9c0ca32 100644
--- a/template/stacks/monitoring/kube-prometheus/values.yaml
+++ b/template/stacks/monitoring/kube-prometheus/values.yaml
@@ -6,15 +6,40 @@ grafana:
     userKey: admin-user
     passwordKey: admin-password
 
+  defaultDashboardsTimezone: Europe/Berlin
+
+  additionalDataSources:
+    - name: Loki
+      type: loki
+      url: http://loki-loki-distributed-gateway.monitoring:80
+
+  # syncPolicy:
+  #   syncOptions:
+  #   - ServerSideApply=true
+
+  sidecar:
+    dashboards:
+      enabled: true
+      label: grafana_dashboard
+      folder: /tmp/dashboards
+      updateIntervalSeconds: 10
+      folderAnnotation: grafana_folder
+      provider:
+        allowUiUpdates: true
+        foldersFromFilesStructure: true
+
   grafana.ini:
     server:
-      domain: {{ .Values.edfbuilderTargetDomain }}
+      domain: {{{ .Env.DOMAIN }}}
       root_url: "%(protocol)s://%(domain)s/grafana"
       serve_from_sub_path: true
-
-  ingress:
+      
+  serviceMonitor:
+    # If true, a ServiceMonitor CRD is created for a prometheus operator https://github.com/coreos/prometheus-operator
     enabled: true
-    ingressClassName: nginx
-    hosts:
-      - {{ .Values.edfbuilderTargetDomain }}    
-    path: /grafana           
\ No newline at end of file
+
+#monitoring nginx
+prometheus:
+  prometheusSpec:
+    podMonitorSelectorNilUsesHelmValues: false
+    serviceMonitorSelectorNilUsesHelmValues: false     
diff --git a/template/stacks/monitoring/loki.yaml b/template/stacks/monitoring/loki.yaml
new file mode 100644
index 0000000..8494955
--- /dev/null
+++ b/template/stacks/monitoring/loki.yaml
@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: loki
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+  destination:
+    name: in-cluster
+    namespace: monitoring
+  sources:
+    - repoURL: https://github.com/grafana/helm-charts
+      path:     charts/loki-distributed         
+      targetRevision: HEAD      
+      helm:
+        valueFiles:
+          - $values/stacks/monitoring/loki/values.yaml
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
+      targetRevision: HEAD
+      ref: values
+
+    ## consider using the following version, if it works again
+    #- repoURL: https://github.com/grafana/loki
+    #  path: production/helm/loki        
+
diff --git a/template/stacks/monitoring/loki/values.yaml b/template/stacks/monitoring/loki/values.yaml
new file mode 100644
index 0000000..5cc5c1f
--- /dev/null
+++ b/template/stacks/monitoring/loki/values.yaml
@@ -0,0 +1,7 @@
+loki:
+  commonConfig:
+    replication_factor: 1
+  auth_enabled: false
+
+#  storageConfig:
+#    filesystem: null
diff --git a/template/stacks/monitoring/promtail.yaml b/template/stacks/monitoring/promtail.yaml
new file mode 100644
index 0000000..bc4682d
--- /dev/null
+++ b/template/stacks/monitoring/promtail.yaml
@@ -0,0 +1,29 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: promtail
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  syncPolicy:
+    automated:
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+  destination:
+    name: in-cluster
+    namespace: monitoring
+  sources:
+    - repoURL: https://github.com/grafana/helm-charts
+      path:     charts/promtail   
+      targetRevision: HEAD      
+      helm:
+        valueFiles:
+          - $values/stacks/monitoring/promtail/values.yaml
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
+      targetRevision: HEAD
+      ref: values
\ No newline at end of file
diff --git a/template/stacks/monitoring/promtail/values.yaml b/template/stacks/monitoring/promtail/values.yaml
new file mode 100644
index 0000000..49faadc
--- /dev/null
+++ b/template/stacks/monitoring/promtail/values.yaml
@@ -0,0 +1,45 @@
+# -- Overrides the chart's name
+nameOverride: null
+
+# -- Overrides the chart's computed fullname
+fullnameOverride: null
+
+global:
+  # -- Allow parent charts to override registry hostname
+  imageRegistry: ""
+  # -- Allow parent charts to override registry credentials
+  imagePullSecrets: []
+
+daemonset:
+  # -- Deploys Promtail as a DaemonSet
+  enabled: true
+  autoscaling:
+    # -- Creates a VerticalPodAutoscaler for the daemonset
+    enabled: false
+
+deployment:
+  # -- Deploys Promtail as a Deployment
+  enabled: false    
+
+config:
+  enabled: true
+  logLevel: info
+  logFormat: logfmt
+  serverPort: 3101
+  clients:
+    - url: http://loki-loki-distributed-gateway/loki/api/v1/push
+  scrape_configs:
+  - job_name: authlog
+    static_configs:
+    - targets:
+        - authlog
+      labels:
+        job: authlog
+        __path__: /logs/auth.log
+  - job_name: syslog
+    static_configs:
+    - targets:
+        - syslog
+      labels:
+        job: syslog
+        __path__: /logs/syslog    
\ No newline at end of file
diff --git a/template/stacks/ref-implementation/README.md b/template/stacks/ref-implementation/README.md
index acb945b..66d887e 100644
--- a/template/stacks/ref-implementation/README.md
+++ b/template/stacks/ref-implementation/README.md
@@ -30,7 +30,7 @@ idpbuilder create --use-path-routing \
   --package https://github.com/cnoe-io/stacks//ref-implementation
 ```
 
-This will take ~6 minutes for everything to come up. To track the progress, you can go to the [ArgoCD UI](https://{{ .Values.edfbuilderTargetDomain }}:8443/argocd/applications).
+This will take ~6 minutes for everything to come up. To track the progress, you can go to the [ArgoCD UI](https://{{{ .Env.DOMAIN }}}:8443/argocd/applications).
 
 ### What was installed?
 
@@ -47,15 +47,15 @@ The only package that cannot be removed this way is Keycloak because other packa
 
 
 #### Accessing UIs
-- Argo CD: https://{{ .Values.edfbuilderTargetDomain }}:8443/argocd
-- Argo Workflows: https://{{ .Values.edfbuilderTargetDomain }}:8443/argo-workflows
-- Backstage: https://{{ .Values.edfbuilderTargetDomain }}:8443/
-- Gitea: https://{{ .Values.edfbuilderTargetDomain }}:8443/gitea
-- Keycloak: https://{{ .Values.edfbuilderTargetDomain }}:8443/keycloak/admin/master/console/
+- Argo CD: https://{{{ .Env.DOMAIN }}}:8443/argocd
+- Argo Workflows: https://{{{ .Env.DOMAIN }}}:8443/argo-workflows
+- Backstage: https://{{{ .Env.DOMAIN }}}:8443/
+- Gitea: https://{{{ .Env.DOMAIN }}}:8443/gitea
+- Keycloak: https://{{{ .Env.DOMAIN }}}:8443/keycloak/admin/master/console/
 
 # Using it
 
-For this example, we will walk through a few demonstrations. Once applications are ready, go to the [backstage URL](https://{{ .Values.edfbuilderTargetDomain }}:8443).
+For this example, we will walk through a few demonstrations. Once applications are ready, go to the [backstage URL](https://{{{ .Env.DOMAIN }}}:8443).
 
 Click on the Sign-In button, you will be asked to log into the Keycloak instance. There are two users set up in this 
 configuration, and their password can be retrieved with the following command:
@@ -70,7 +70,7 @@ Both users use the same password retrieved above.
 
 If you want to create a new user or change existing users:
 
-1. Go to the [Keycloak UI](https://{{ .Values.edfbuilderTargetDomain }}:8443/keycloak/admin/master/console/). 
+1. Go to the [Keycloak UI](https://{{{ .Env.DOMAIN }}}:8443/keycloak/admin/master/console/). 
 Login with the username `cnoe-admin`. Password is the `KEYCLOAK_ADMIN_PASSWORD` field from the command above. 
 2. Select `cnoe` from the realms drop down menu.
 3. Select users tab.
@@ -97,9 +97,9 @@ You can click on the ArgoCD Application name to see more details.
 
 ### What just happened?
 
-1. Backstage created [a git repository](https://{{ .Values.edfbuilderTargetDomain }}:8443/gitea/giteaAdmin/demo), then pushed templated contents to it.
-2. Backstage created [an ArgoCD Application](https://{{ .Values.edfbuilderTargetDomain }}:8443/argocd/applications/argocd/demo?) and pointed it to the git repository.
-3. Backstage registered the application as [a component](https://{{ .Values.edfbuilderTargetDomain }}:8443/gitea/giteaAdmin/demo/src/branch/main/catalog-info.yaml) in Backstage.
+1. Backstage created [a git repository](https://{{{ .Env.DOMAIN }}}:8443/gitea/giteaAdmin/demo), then pushed templated contents to it.
+2. Backstage created [an ArgoCD Application](https://{{{ .Env.DOMAIN }}}:8443/argocd/applications/argocd/demo?) and pointed it to the git repository.
+3. Backstage registered the application as [a component](https://{{{ .Env.DOMAIN }}}:8443/gitea/giteaAdmin/demo/src/branch/main/catalog-info.yaml) in Backstage.
 4. ArgoCD deployed the manifests stored in the repo to the cluster.
 5. Backstage retrieved application health from ArgoCD API, then displayed it.
 
diff --git a/template/stacks/ref-implementation/argo-workflows.yaml b/template/stacks/ref-implementation/argo-workflows.yaml
index a5794b0..93cc7b1 100644
--- a/template/stacks/ref-implementation/argo-workflows.yaml
+++ b/template/stacks/ref-implementation/argo-workflows.yaml
@@ -10,7 +10,7 @@ metadata:
 spec:
   project: default
   source:
-    repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/ref-implementation/argo-workflows/manifests/dev"
   destination:
diff --git a/template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml b/template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml
deleted file mode 100644
index ea8c75f..0000000
--- a/template/stacks/ref-implementation/argo-workflows/manifests/dev/ingress.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: argo-workflows-ingress
-  namespace: argo
-  annotations:
-    nginx.ingress.kubernetes.io/use-regex: "true"
-    nginx.ingress.kubernetes.io/rewrite-target: /$2
-spec:
-  ingressClassName: "nginx"
-  rules:
-    - host: localhost
-      http:
-        paths:
-          - path: /argo-workflows(/|$)(.*)
-            pathType: ImplementationSpecific
-            backend:
-              service:
-                name: argo-server
-                port:
-                  name: web
-    - host: {{ .Values.edfbuilderTargetDomain }}
-      http:
-        paths:
-          - path: /argo-workflows(/|$)(.*)
-            pathType: ImplementationSpecific
-            backend:
-              service:
-                name: argo-server
-                port:
-                  name: web
diff --git a/template/stacks/ref-implementation/argo-workflows/manifests/dev/kustomization.yaml b/template/stacks/ref-implementation/argo-workflows/manifests/dev/kustomization.yaml
index 042c3f6..2c56a2b 100644
--- a/template/stacks/ref-implementation/argo-workflows/manifests/dev/kustomization.yaml
+++ b/template/stacks/ref-implementation/argo-workflows/manifests/dev/kustomization.yaml
@@ -1,7 +1,6 @@
 resources:
   - ../base
   - external-secret.yaml
-  - ingress.yaml
   - sa-admin.yaml
 patches:
   - path: patches/cm-argo-workflows.yaml
diff --git a/template/stacks/ref-implementation/argo-workflows/manifests/dev/patches/cm-argo-workflows.yaml b/template/stacks/ref-implementation/argo-workflows/manifests/dev/patches/cm-argo-workflows.yaml
index 29bb00b..03e31c2 100644
--- a/template/stacks/ref-implementation/argo-workflows/manifests/dev/patches/cm-argo-workflows.yaml
+++ b/template/stacks/ref-implementation/argo-workflows/manifests/dev/patches/cm-argo-workflows.yaml
@@ -7,14 +7,14 @@ data:
   config: |
     sso:
       insecureSkipVerify: true 
-      issuer: https://{{ .Values.edfbuilderTargetDomain }}/keycloak/realms/cnoe
+      issuer: https://{{{ .Env.DOMAIN }}}/keycloak/realms/cnoe
       clientId:
         name: keycloak-oidc
         key: client-id
       clientSecret:
         name: keycloak-oidc
         key: secret-key
-      redirectUrl: https://{{ .Values.edfbuilderTargetDomain }}:443/argo-workflows/oauth2/callback
+      redirectUrl: https://{{{ .Env.DOMAIN }}}:443/argo-workflows/oauth2/callback
       rbac:
         enabled: true
       scopes:
diff --git a/template/stacks/ref-implementation/backstage-templates.yaml b/template/stacks/ref-implementation/backstage-templates.yaml
index 8083351..adb5f08 100644
--- a/template/stacks/ref-implementation/backstage-templates.yaml
+++ b/template/stacks/ref-implementation/backstage-templates.yaml
@@ -10,7 +10,7 @@ metadata:
 spec:
   project: default
   source:
-    repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/ref-implementation/backstage-templates/entities"
     directory:
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml
index 3cbbf60..bc52aa8 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/skeleton/catalog-info.yaml
@@ -20,7 +20,7 @@ metadata:
     backstage.io/kubernetes-namespace: default
     argocd/app-name: ${{values.name | dump}}
   links:
-    - url: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
       title: Repo URL
       icon: github
 spec:
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml
index 7c042f5..34ee8da 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/app-with-bucket/template.yaml
@@ -100,7 +100,7 @@ spec:
       input:
         description: This is an example app
         # Hard coded value for this demo purposes only.
-        repoUrl: gitea.{{ .Values.edfbuilderTargetDomain }}:443/?repo=${{parameters.name}}
+        repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}}
         defaultBranch: main
     - id: create-argocd-app
       name: Create ArgoCD App
@@ -111,7 +111,7 @@ spec:
         argoInstance: in-cluster
         projectName: default
         # necessary until we generate our own cert
-        repoUrl: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443/giteaAdmin/${{parameters.name}}
+        repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}}
         path: "kustomize/base"
     - id: register
       name: Register
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml
index 5f358e6..04416ba 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/skeleton/catalog-info.yaml
@@ -14,7 +14,7 @@ metadata:
     apache-spark.cnoe.io/label-selector: env=dev,entity-id=${{values.name}}
     apache-spark.cnoe.io/cluster-name: local
   links:
-    - url: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
       title: Repo URL
       icon: github
 spec:
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml
index fb3934a..f6e3083 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/argo-workflows/template.yaml
@@ -35,7 +35,7 @@ spec:
       input:
         description: This is an example app
         # Hard coded value for this demo purposes only.
-        repoUrl: gitea.{{ .Values.edfbuilderTargetDomain }}:443/?repo=${{parameters.name}}
+        repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}}
         defaultBranch: main
     - id: create-argocd-app
       name: Create ArgoCD App
@@ -46,7 +46,7 @@ spec:
         argoInstance: in-cluster
         projectName: default
         # necessary until we generate our own cert
-        repoUrl: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443/giteaAdmin/${{parameters.name}}
+        repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}}
         path: "manifests"
     - id: register
       name: Register
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml
index 2444abd..102ff01 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/basic/skeleton/catalog-info.yaml
@@ -10,7 +10,7 @@ metadata:
     backstage.io/kubernetes-namespace: default
     argocd/app-name: ${{values.name | dump}}
   links:
-    - url: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
       title: Repo URL
       icon: github
 spec:
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml
index ee2a472..7fb96a7 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/basic/template.yaml
@@ -31,7 +31,7 @@ spec:
       input:
         description: This is an example app
         # Hard coded value for this demo purposes only.
-        repoUrl: gitea.{{ .Values.edfbuilderTargetDomain }}:443/?repo=${{parameters.name}}
+        repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}}
         defaultBranch: main
     - id: create-argocd-app
       name: Create ArgoCD App
@@ -42,7 +42,7 @@ spec:
         argoInstance: in-cluster
         projectName: default
         # necessary until we generate our own cert
-        repoUrl: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443/giteaAdmin/${{parameters.name}}
+        repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}}
         path: "manifests"
     - id: register
       name: Register
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml
index 69139f1..b6f40c3 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml
@@ -9,6 +9,7 @@ spec:
     - ./argo-workflows/template.yaml
     - ./app-with-bucket/template.yaml
     - ./demo-go-hello-world/template.yaml
+    - ./spring-petclinic/template.yaml
 ---
 apiVersion: backstage.io/v1alpha1
 kind: Location
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml
index e476c6e..f75a37f 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/skeleton/catalog-info.yaml
@@ -9,7 +9,7 @@ metadata:
     backstage.io/kubernetes-label-selector: 'entity-id=${{ values.name }}'
     backstage.io/kubernetes-namespace: gitea
   links:
-    - url: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
       title: Repo URL
       icon: git
 spec:
@@ -26,7 +26,7 @@ metadata:
   annotations:
     backstage.io/techdocs-ref: dir:.
   links:
-    - url: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
       title: Gitea Repo
       icon: git
 spec:
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml
index 956e0b5..133e70e 100644
--- a/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml
+++ b/template/stacks/ref-implementation/backstage-templates/entities/demo-go-hello-world/template.yaml
@@ -33,7 +33,7 @@ spec:
       name: Publish to Gitea
       action: publish:gitea
       input:
-        repoUrl: gitea.{{ .Values.edfbuilderTargetDomain }}:443/?repo=${{parameters.name}}
+        repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}}
         description: This is the repository for ${{ parameters.name }}
         sourcePath: ./skeleton
         defaultBranch: main
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/README.md b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/README.md
new file mode 100644
index 0000000..dceeb4a
--- /dev/null
+++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/README.md
@@ -0,0 +1,94 @@
+## Spring PetClinic Template
+
+This template can deploy a fork of Spring's PetClinic and showcase the entire
+development workflow from version control over build and deployment into
+kubernetes to monitoring the state at runtime.
+
+The goal is to demonstrate the migration of an existing GitHub project into the
+stack by applying only minimal changes for compatibility. These changes
+include:
+
+ - Overwriting the CI workflows due to compatibility with forgejo actions and
+    container issues, thus making builds container less.
+ - Extending the kubernetes manifests to use Ingress and Service objects
+ - Integrate Prometheus monitoring endpoint
+
+
+### Backstage - Forking
+
+The Backstage template allows you to define a URL to 'fork' from. However,
+the template does not actually create a git fork but downloads the latest
+`HEAD` from a given branch. The source repository has to be known by backstage
+so it can apply the correct download mechanism, see `backend.integrations` in
+the backstage config.
+
+In the first step, the original source code is downloaded from the given
+upstream repository. Subsequently, overrides provided by the template are
+copied into the codebase replacing some workflow and deployment files.
+
+This 'merged' codebase is pushed into a new git repository in the supplied
+forgejo instance. Additionally, an ArgoCD deployment is created based on this
+new given repo.
+
+
+### Forgejo - CI with Forgejo Actions
+
+As soon as the patched codebase is pushed into the forgejo git repository,
+forgejo actions are triggered and start executing the three existing workflows.
+However, only the two build workflows are patched to work within the current
+stack, the third deployment workflow fails as it cannot start a kind cluster.
+
+In the current configuration, workflows are by default executed in a minimal
+node-debian container. This suffices in most cases to run GitHub actions.
+
+Like in the original upstream repository on GitHub, a Gradle- and a Maven-based
+workflow are started. The Gradle one only executes a simple java build while
+the Maven version also includes the creation of a container image and a
+trivy-based security scan.
+
+Both workflows are patched as referencing of actions differs in forgejo actions
+from GitHub actions. In GitHub Actions, actions are rerefenced as paths to
+github repositories. In Forgejo Actions, this mechanism similarly refers to
+actions hosted on `code.forgejo.org` even on self-hosted instances. As only a
+small subset of actions is ported to `code.forgejo.org` due to licensing and
+compatibility (not all GitHub actions can work with forgejo actions), forgejo
+actions also allow referencing actions by URL. Thus, the action
+`https://github.com/actions/setup-java` instructs the forgejo runner to
+download the action from GitHub. (The default actions repository can be
+overwritten)
+
+Creating the application container within the Maven workflow is accomplished
+without using 'native' container tooling, i.e. docker or podman. Besides this
+being favorable as it introduces less side effects, the current stack
+implementation does not support running nested containers, yet.
+
+Furthermore, as the system uses self-signed certificates, certificate checks
+are disabled throughout the system for now.
+
+After a successful build, the container image is published into the Forgejo
+container registry and can be pulled for deployment.
+
+
+### ArgoCD - Deployment
+
+The PetClinic consists of two components, a persistent PostgreSQL database and
+the java application that is compiled from source. On execution of the
+Backstage template an application deployment is created in ArgoCD. The
+resources defined in the newly created git repository are synchronized into the
+kubernetes cluster. However, as the java app container has to be built by
+the CI workflows, the deployment will initially fail but become successful as
+soon as the container image is available.
+
+
+
+### Prometheus & Grafana - Monitoring
+
+Prometheus and Grafana among others are deployed as apart of the IDP monitoring
+stack. To integrate with these existing components the Backstage template adds
+a ServiceMonitor definition to the deployment of the PetClinic. It instructs
+Prometheus to scrape the `actuator/prometheus` endpoint in specific intervals.
+The data contains jvm health data and can be visualized in Grafana.
+
+As the upstream PetClinic on GitHub does not contain the necessary dependencies
+to enable the Prometheus endpoint, the app is by default bootstrapped from
+a fork that contains the `micrometer-registry-prometheus` dependency.
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml
new file mode 100644
index 0000000..61fadfd
--- /dev/null
+++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/gradle-build.yml
@@ -0,0 +1,32 @@
+# This workflow will build a Java project with Gradle, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-gradle
+
+name: Java CI with Gradle
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        java: [ '17' ]
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK {% raw %}${{matrix.java}}{% endraw %}
+        uses: https://github.com/actions/setup-java@v4
+        with:
+          java-version: '{% raw %}${{matrix.java}}{% endraw %}'
+          distribution: 'adopt'
+          cache: maven
+      - name: Setup Gradle
+        uses: https://github.com/gradle/actions/setup-gradle@v4
+      - name: Build with Gradle
+        run: ./gradlew build
+
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml
new file mode 100644
index 0000000..f04cf78
--- /dev/null
+++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/.github/workflows/maven-build.yml
@@ -0,0 +1,63 @@
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/use-cases-and-examples/building-and-testing/building-and-testing-java-with-maven
+
+name: Java CI with Maven
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    #container:
+    #  image: ghcr.io/catthehacker/ubuntu:act-latest # the large image
+    strategy:
+      matrix:
+        java: [ '17' ]
+
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up JDK {% raw %}${{matrix.java}}{% endraw %}
+        uses: https://github.com/actions/setup-java@v4
+        with:
+          java-version: '{% raw %}${{matrix.java}}{% endraw %}'
+          distribution: 'adopt'
+          cache: maven
+      - name: Build with Maven Wrapper
+        run: ./mvnw -B verify
+      - name: Build image
+        #run: ./mvnw spring-boot:build-image # the original image build
+        run: |
+          export CONTAINER_REPO=$(echo {% raw %}${{ env.GITHUB_REPOSITORY }}{% endraw %} | tr '[:upper:]' '[:lower:]')
+          ./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:build -Djib.allowInsecureRegistries=true -Dimage=gitea.{{{ .Env.DOMAIN }}}/${CONTAINER_REPO}:latest -Djib.to.auth.username={% raw %}${{ github.actor }}{% endraw %} -Djib.to.auth.password={% raw %}${{ secrets.PACKAGES_TOKEN }}{% endraw %}
+      - name: Build image as tar
+        run: |
+          ./mvnw com.google.cloud.tools:jib-maven-plugin:3.4.4:buildTar -Djib.allowInsecureRegistries=true
+      # separating the trivy scan into another job is not necessary. It, however, demonstrates forgejo's compatibility with GitHub
+      - uses: forgejo/upload-artifact@v4
+        with:
+          name: petclinic-image
+          path: target/jib-image.tar
+        env:
+          NODE_TLS_REJECT_UNAUTHORIZED: 0 # This is necessary due to self signed certs for forgejo, proper setups can skip this
+
+  securityscan:
+    runs-on: ubuntu-latest
+    #container:
+     # image: aquasec/trivy # the container does not contain node...
+    steps:
+      - uses: forgejo/download-artifact@v4
+        with:
+          name: petclinic-image
+        env:
+          NODE_TLS_REJECT_UNAUTHORIZED: 0 # This is necessary due to self signed certs for forgejo, proper setups can skip this
+      - name: install trivy from deb package
+        run: |
+          wget -O trivy.deb https://github.com/aquasecurity/trivy/releases/download/v0.58.0/trivy_0.58.0_Linux-64bit.deb
+          DEBIAN_FRONTEND=noninteractive dpkg -i trivy.deb
+      - name: scan the image
+        run: trivy image --input jib-image.tar
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml
new file mode 100644
index 0000000..94a7880
--- /dev/null
+++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/catalog-info.yaml
@@ -0,0 +1,36 @@
+---
+apiVersion: backstage.io/v1alpha1
+kind: Component
+metadata:
+  name: ${{ values.name }}
+  description: This is a Backstage component created from the custom template that forks the PetClinic
+  annotations:
+    backstage.io/techdocs-ref: dir:.
+    backstage.io/kubernetes-label-selector: 'entity-id=${{ values.name }}'
+    backstage.io/kubernetes-namespace: gitea
+  links:
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
+      title: Repo URL
+      icon: git
+spec:
+  owner: guests
+  lifecycle: experimental
+  type: service
+  system: ${{ values.name | dump }}
+---
+apiVersion: backstage.io/v1alpha1
+kind: System
+metadata:
+  name: ${{ values.name | dump }}
+  description: A system for managing services created from the Gitea template.
+  annotations:
+    backstage.io/techdocs-ref: dir:.
+  links:
+    - url: https://gitea.{{{ .Env.DOMAIN }}}:443
+      title: Gitea Repo
+      icon: git
+spec:
+  owner: guests
+  lifecycle: experimental
+  type: service
+
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/db.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/db.yml
new file mode 100644
index 0000000..aff866e
--- /dev/null
+++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/db.yml
@@ -0,0 +1,76 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: demo-db
+  namespace: ${{ values.namespace }}
+type: servicebinding.io/postgresql
+stringData:
+  type: "postgresql"
+  provider: "postgresql"
+  host: "demo-db"
+  port: "5432"
+  database: "petclinic"
+  username: "user"
+  password: "pass"
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: demo-db
+  namespace: ${{ values.namespace }}
+spec:
+  ports:
+    - port: 5432
+  selector:
+    app: demo-db
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: demo-db
+  namespace: ${{ values.namespace }}
+  labels:
+    app: demo-db
+spec:
+  selector:
+    matchLabels:
+      app: demo-db
+  template:
+    metadata:
+      labels:
+        app: demo-db
+    spec:
+      containers:
+        - image: postgres:17
+          name: postgresql
+          env:
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: demo-db
+                  key: username
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: demo-db
+                  key: password
+            - name: POSTGRES_DB
+              valueFrom:
+                secretKeyRef:
+                  name: demo-db
+                  key: database
+          ports:
+            - containerPort: 5432
+              name: postgresql
+          livenessProbe:
+            tcpSocket:
+              port: postgresql
+          readinessProbe:
+            tcpSocket:
+              port: postgresql
+          startupProbe:
+            tcpSocket:
+              port: postgresql
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml
new file mode 100644
index 0000000..5098ca3
--- /dev/null
+++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/skeleton/k8s/petclinic.yml
@@ -0,0 +1,125 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ${{ values.namespace }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: petclinic
+  namespace: ${{ values.namespace }}
+  labels:
+    app: petclinic
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: http
+      name: http
+  selector:
+    app: petclinic
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ${{ values.namespace }}-petclinic
+  namespace: ${{ values.namespace }}
+spec:
+  ingressClassName: nginx
+  rules:
+    - host: ${{ values.namespace }}.{{{ .Env.DOMAIN }}}
+      http:
+        paths:
+          - backend:
+              service:
+                name: petclinic
+                port:
+                  name: http
+            path: /
+            pathType: Prefix
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: petclinic
+  namespace: ${{ values.namespace }}
+  labels:
+    app: petclinic
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: petclinic
+  template:
+    metadata:
+      labels:
+        app: petclinic
+    spec:
+      containers:
+        - name: workload
+          image: gitea.{{{ .Env.DOMAIN }}}/giteaadmin/${{ values.name }}
+          env:
+            - name: SPRING_PROFILES_ACTIVE
+              value: postgres
+            - name: POSTGRES_URL
+              value: jdbc:postgresql://demo-db/petclinic
+            - name: POSTGRES_USER
+              valueFrom:
+                secretKeyRef:
+                  name: demo-db
+                  key: username
+            - name: POSTGRES_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: demo-db
+                  key: password
+            - name: SERVICE_BINDING_ROOT
+              value: /bindings
+            - name: SPRING_APPLICATION_JSON
+              value: |
+                {
+                  "management.endpoint.health.probes.add-additional-paths": true
+                }
+          ports:
+            - name: http
+              containerPort: 8080
+          livenessProbe:
+            httpGet:
+              path: /livez
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: http
+          volumeMounts:
+            - mountPath: /bindings/secret
+              name: binding
+              readOnly: true
+      volumes:
+        - name: binding
+          projected:
+            sources:
+              - secret:
+                  name: demo-db
+
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: ${{ values.namespace }}-petclinic-monitor
+  namespace: monitoring # Namespace where Prometheus is running
+  labels:
+    release: kube-prometheus-stack # this must match Prometheus' service monitor matching
+spec:
+  selector:
+    matchLabels:
+      app: petclinic # Match your application's labels
+  namespaceSelector:
+    matchNames:
+      - ${{ values.namespace }} # Namespace where your app is running
+  endpoints:
+    - port: http # Name of the port in your Service
+      path: /actuator/prometheus # Path to your metrics endpoint
+      interval: 15s # How often to scrape metrics
+
diff --git a/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml
new file mode 100644
index 0000000..50afc43
--- /dev/null
+++ b/template/stacks/ref-implementation/backstage-templates/entities/spring-petclinic/template.yaml
@@ -0,0 +1,84 @@
+apiVersion: scaffolder.backstage.io/v1beta3
+kind: Template
+metadata:
+  name: spring-petclinic
+  title: Spring PetClinic template
+  description: An example template for the scaffolder that creates a 'fork' of Spring's PetClinic
+spec:
+  owner: user:guest
+  type: service
+
+  parameters:
+    - title: Fill in some steps
+      required:
+        - name
+      properties:
+        name:
+          title: Project Name
+          type: string
+          description: Unique name of the fork app
+          ui:autofocus: true
+        upstreamurl:
+          title: Repo to Fork
+          type: string
+          description: The URL of the repo to fork
+          default: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Patrick.Sy/ipcei-petclinic/src/branch/main
+          ui:emptyValue: 'https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/Patrick.Sy/ipcei-petclinic/src/branch/main'
+
+  steps:
+    - id: fetch-code # get the latest upstream code
+      name: Fetch Code
+      action: fetch:plain
+      input:
+        # url: https://github.com/spring-projects/spring-petclinic/tree/main
+        url: ${{ parameters.upstreamurl }}
+
+    - id: fetch-overrides # Apply specific overrides to add features and make modifications for compatibility
+      name: Fetch Overrides
+      action: fetch:template
+      input:
+        # url: ./skeleton/.github/workflows
+        # targetPath: ./.github/workflows
+        url: ./skeleton/
+        targetPath: ./
+        replace: true
+        values:
+          name: ${{ parameters.name }}
+          namespace: ${{ parameters.name }}
+
+    - id: publish
+      name: Publish to Gitea
+      action: publish:gitea
+      input:
+        repoUrl: gitea.{{{ .Env.DOMAIN }}}:443/?repo=${{parameters.name}}
+        description: This is the repository for ${{ parameters.name }}
+        sourcePath: ./
+        defaultBranch: main
+
+    - id: create-argocd-app
+      name: Create ArgoCD App
+      action: cnoe:create-argocd-app
+      input:
+        appName: ${{parameters.name}}
+        appNamespace: ${{parameters.name}}
+        argoInstance: in-cluster
+        projectName: default
+        # necessary until we generate our own cert
+        repoUrl: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/${{parameters.name}}
+        path: "k8s"
+
+    - id: register
+      name: Register in Catalog
+      action: catalog:register
+      input:
+        repoContentsUrl: ${{ steps['publish'].output.repoContentsUrl }}
+        catalogInfoPath: 'catalog-info.yaml'
+
+  output:
+    links:
+      - title: Repository
+        url: ${{ steps['publish'].output.remoteUrl }}
+      - title: Open in Catalog
+        icon: catalog
+        entityRef: ${{ steps['register'].output.entityRef }}
+
diff --git a/template/stacks/ref-implementation/backstage.yaml b/template/stacks/ref-implementation/backstage.yaml
index b4cc1a3..f162001 100644
--- a/template/stacks/ref-implementation/backstage.yaml
+++ b/template/stacks/ref-implementation/backstage.yaml
@@ -10,7 +10,7 @@ metadata:
 spec:
   project: default
   source:
-    repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/ref-implementation/backstage/manifests"
   destination:
diff --git a/template/stacks/ref-implementation/backstage/manifests/install.yaml b/template/stacks/ref-implementation/backstage/manifests/install.yaml
index 6451dcb..b46fbd4 100644
--- a/template/stacks/ref-implementation/backstage/manifests/install.yaml
+++ b/template/stacks/ref-implementation/backstage/manifests/install.yaml
@@ -70,7 +70,7 @@ data:
   app-config.yaml: |
     app:
       title: CNOE Backstage
-      baseUrl: https://{{ .Values.edfbuilderTargetDomain }}:443
+      baseUrl: https://{{{ .Env.DOMAIN }}}:443
     organization:
       name: CNOE
     backend:
@@ -80,7 +80,7 @@ data:
       # auth:
       #   keys:
       #     - secret: ${BACKEND_SECRET}
-      baseUrl: https://{{ .Values.edfbuilderTargetDomain }}:443
+      baseUrl: https://{{{ .Env.DOMAIN }}}:443
       listen:
         port: 7007
         # Uncomment the following host directive to bind to specific interfaces
@@ -90,7 +90,7 @@ data:
         # Content-Security-Policy directives follow the Helmet format: https://helmetjs.github.io/#reference
         # Default Helmet Content-Security-Policy values can be removed by setting the key to false
       cors:
-        origin: https://{{ .Values.edfbuilderTargetDomain }}:443
+        origin: https://{{{ .Env.DOMAIN }}}:443
         methods: [GET, HEAD, PATCH, POST, PUT, DELETE]
         credentials: true
       database:
@@ -106,14 +106,16 @@ data:
 
     integrations:
       gitea:
-        - baseUrl: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443
-          host: gitea.{{ .Values.edfbuilderTargetDomain }}:443
+        - baseUrl: https://gitea.{{{ .Env.DOMAIN }}}:443
+          host: gitea.{{{ .Env.DOMAIN }}}:443
           username: ${GITEA_USERNAME}
           password: ${GITEA_PASSWORD}
-        - baseUrl: https://gitea.{{ .Values.edfbuilderTargetDomain }}
-          host: gitea.{{ .Values.edfbuilderTargetDomain }}
+        - baseUrl: https://gitea.{{{ .Env.DOMAIN }}}
+          host: gitea.{{{ .Env.DOMAIN }}}
           username: ${GITEA_USERNAME}
           password: ${GITEA_PASSWORD}
+        - baseUrl: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live
+          host: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live
     #  github:
     #    - host: github.com
     #      apps:
@@ -165,7 +167,7 @@ data:
       locations:
         # Examples from a public GitHub repository.
         - type: url
-          target: https://gitea.{{ .Values.edfbuilderTargetDomain }}:443/giteaAdmin/edfbuilder/raw/branch/main/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml
+          target: https://gitea.{{{ .Env.DOMAIN }}}:443/giteaAdmin/edfbuilder/raw/branch/main/stacks/ref-implementation/backstage-templates/entities/catalog-info.yaml
           rules:
             - allow: [Component, System, API, Resource, Location, Template, User, Group]
     kubernetes:
@@ -180,7 +182,7 @@ data:
         - type: 'config'
           instances:
             - name: in-cluster
-              url: https://{{ .Values.edfbuilderTargetDomain }}:443/argocd
+              url: https://{{{ .Env.DOMAIN }}}:443/argocd
               username: admin
               password: ${ARGOCD_ADMIN_PASSWORD}
     argoWorkflows:
@@ -336,6 +338,7 @@ spec:
           volumeMounts:
             - name: data
               mountPath: /var/lib/postgresql/data
+              subPath: postgres
   volumeClaimTemplates:
   - metadata:
       name: data
@@ -373,14 +376,14 @@ spec:
     template:
       engineVersion: v2
       data:
-        BACKSTAGE_FRONTEND_URL: https://{{ .Values.edfbuilderTargetDomain }}:443/backstage
+        BACKSTAGE_FRONTEND_URL: https://{{{ .Env.DOMAIN }}}:443/backstage
         POSTGRES_HOST: postgresql.backstage.svc.cluster.local
         POSTGRES_PORT: '5432'
         POSTGRES_DB: backstage
         POSTGRES_USER: backstage
         POSTGRES_PASSWORD: "{{.POSTGRES_PASSWORD}}"
-        ARGO_WORKFLOWS_URL: https://{{ .Values.edfbuilderTargetDomain }}:443/argo-workflows
-        KEYCLOAK_NAME_METADATA: https://{{ .Values.edfbuilderTargetDomain }}:443/keycloak/realms/cnoe/.well-known/openid-configuration
+        ARGO_WORKFLOWS_URL: https://{{{ .Env.DOMAIN }}}:443/argo-workflows
+        KEYCLOAK_NAME_METADATA: https://{{{ .Env.DOMAIN }}}:443/keycloak/realms/cnoe/.well-known/openid-configuration
         KEYCLOAK_CLIENT_SECRET: "{{.BACKSTAGE_CLIENT_SECRET}}"
         ARGOCD_AUTH_TOKEN: "argocd.token={{.ARGOCD_SESSION_TOKEN}}"
         ARGO_CD_URL: 'https://argocd-server.argocd.svc.cluster.local/api/v1/'
@@ -424,32 +427,3 @@ spec:
       remoteRef:
         key: gitea-credential
         property: password
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: backstage
-  namespace: backstage
-spec:
-  ingressClassName: "nginx"
-  rules:
-    - host: localhost
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: backstage
-                port:
-                  name: http
-    - host: {{ .Values.edfbuilderTargetDomain }}
-      http:
-        paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: backstage
-                port:
-                  name: http
diff --git a/template/stacks/ref-implementation/codespaces.md b/template/stacks/ref-implementation/codespaces.md
index 37144ae..dd9188d 100644
--- a/template/stacks/ref-implementation/codespaces.md
+++ b/template/stacks/ref-implementation/codespaces.md
@@ -69,5 +69,5 @@ From here on, you can follow the instructions in the [README](./README.md) file.
 echo https://${CODESPACE_NAME}-8080.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN}
 ```
 
-For example, if you need to access Argo Workflows UI, instead of going to `https://{{ .Values.edfbuilderTargetDomain }}:8443/argo`, 
+For example, if you need to access Argo Workflows UI, instead of going to `https://{{{ .Env.DOMAIN }}}:8443/argo`, 
 you go to `https://${CODESPACE_NAME}-8080.${GITHUB_CODESPACES_PORT_FORWARDING_DOMAIN}/argo`
diff --git a/template/stacks/ref-implementation/external-secrets.yaml b/template/stacks/ref-implementation/external-secrets.yaml
index fdea39f..de2c53a 100644
--- a/template/stacks/ref-implementation/external-secrets.yaml
+++ b/template/stacks/ref-implementation/external-secrets.yaml
@@ -12,7 +12,7 @@ spec:
     namespace: external-secrets
     server: "https://kubernetes.default.svc"
   source:
-    repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/ref-implementation/external-secrets/manifests"
   project: default
diff --git a/template/stacks/ref-implementation/external-secrets/manifests/role.yaml b/template/stacks/ref-implementation/external-secrets/manifests/role.yaml
new file mode 100644
index 0000000..53be85c
--- /dev/null
+++ b/template/stacks/ref-implementation/external-secrets/manifests/role.yaml
@@ -0,0 +1,9 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: openbao
+  name: external-secrets-role
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list"]
\ No newline at end of file
diff --git a/template/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml b/template/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml
new file mode 100644
index 0000000..7baa725
--- /dev/null
+++ b/template/stacks/ref-implementation/external-secrets/manifests/rolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: external-secrets-rolebinding
+  namespace: openbao
+subjects:
+  - kind: ServiceAccount
+    name: external-secrets
+    namespace: external-secrets
+roleRef:
+  kind: Role
+  name: external-secrets-role
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/template/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml b/template/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml
new file mode 100644
index 0000000..c3fa8e7
--- /dev/null
+++ b/template/stacks/ref-implementation/external-secrets/manifests/secret-store.yaml
@@ -0,0 +1,20 @@
+#  cluster-store.yaml 
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore #Kubernetes resource type
+metadata:
+  name: bao-backend #resource name
+  namespace: openbao
+spec:
+  provider:
+    vault: #specifies vault as the provider
+      # server: "http://10.244.0.28:8200" # how to map it dynamically?
+      server: "http://openbao.openbao.svc.cluster.local:8200"
+      path: "data" #path for accessing the secrets
+      version: "v1" #Vault API version
+      auth:
+        tokenSecretRef:
+          name: "vault-token" #Use a secret called vault-token
+          key: "token" #THIS REFERENCES THE INITIAL TOKEN NOW SAVED AS A K8 SECRET
+
+# openbao-0.openbao.pod.cluster.local
+#  10.96.59.250:8200
\ No newline at end of file
diff --git a/template/stacks/ref-implementation/fibonacci-app.yaml b/template/stacks/ref-implementation/fibonacci-app.yaml
new file mode 100644
index 0000000..b049686
--- /dev/null
+++ b/template/stacks/ref-implementation/fibonacci-app.yaml
@@ -0,0 +1,25 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: fibonacci-app
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
+    targetRevision: HEAD
+    path: "stacks/ref-implementation/fibonacci-app"
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: fibonacci-app
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+    automated:
+      selfHeal: true
+    retry:
+      limit: -1
diff --git a/template/stacks/ref-implementation/fibonacci-app/deployment.yaml b/template/stacks/ref-implementation/fibonacci-app/deployment.yaml
new file mode 100644
index 0000000..16f42e8
--- /dev/null
+++ b/template/stacks/ref-implementation/fibonacci-app/deployment.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fibonacci-deployment
+  namespace: fibonacci-app  
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: fibonacci-go
+  template:
+    metadata:
+      labels:
+        app: fibonacci-go
+    spec:
+      containers:
+      - name: fibonacci-go
+        image: forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/christopher.hase/fibonacci_http_go:1.0.0
+        ports:
+        - containerPort: 9090
\ No newline at end of file
diff --git a/template/stacks/ref-implementation/fibonacci-app/service.yaml b/template/stacks/ref-implementation/fibonacci-app/service.yaml
new file mode 100644
index 0000000..6458fa4
--- /dev/null
+++ b/template/stacks/ref-implementation/fibonacci-app/service.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: fibonacci-service
+  namespace: fibonacci-app
+spec:
+  selector:
+    app: fibonacci-go
+  ports:
+    - protocol: TCP
+      port: 9090
+      targetPort: 9090
+  type: ClusterIP
\ No newline at end of file
diff --git a/template/stacks/core/forgejo-runner.yaml b/template/stacks/ref-implementation/forgejo-runner.yaml
similarity index 67%
rename from template/stacks/core/forgejo-runner.yaml
rename to template/stacks/ref-implementation/forgejo-runner.yaml
index 78b7125..bceefc7 100644
--- a/template/stacks/core/forgejo-runner.yaml
+++ b/template/stacks/ref-implementation/forgejo-runner.yaml
@@ -18,12 +18,12 @@ spec:
     name: in-cluster
     namespace: gitea
   sources:
-    - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    - repoURL: https://forgejo.edf-bootstrap.cx.fg1.ffm.osc.live/DevFW-CICD/forgejo-runner.git
       path: forgejo-runner
       targetRevision: HEAD
       helm:
         valueFiles:
-          - $values/stacks/core/forgejo-runner/values.yaml
-    - repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+          - $values/stacks/ref-implementation/forgejo-runner/values.yaml
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
       targetRevision: HEAD
       ref: values
diff --git a/template/stacks/ref-implementation/forgejo-runner/values.yaml b/template/stacks/ref-implementation/forgejo-runner/values.yaml
new file mode 100644
index 0000000..7789e35
--- /dev/null
+++ b/template/stacks/ref-implementation/forgejo-runner/values.yaml
@@ -0,0 +1,14 @@
+replicaCount: 1
+
+image:
+  repository: code.forgejo.org/forgejo/runner
+  pullPolicy: IfNotPresent
+  tag: "3.5.1"
+
+resources:
+  limits:
+    memory: 2Gi
+  requests:
+    memory: 1Gi
+
+forgejoUrl: http://forgejo-http.gitea.svc.cluster.local:3000
diff --git a/template/stacks/ref-implementation/keycloak.yaml b/template/stacks/ref-implementation/keycloak.yaml
index 32bee77..e4fb166 100644
--- a/template/stacks/ref-implementation/keycloak.yaml
+++ b/template/stacks/ref-implementation/keycloak.yaml
@@ -12,7 +12,7 @@ spec:
     namespace: keycloak
     server: "https://kubernetes.default.svc"
   source:
-    repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
     path: "stacks/ref-implementation/keycloak/manifests"
   project: default
diff --git a/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml b/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml
deleted file mode 100644
index 6fea2c7..0000000
--- a/template/stacks/ref-implementation/keycloak/manifests/ingress.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: keycloak-ingress-localhost
-  namespace: keycloak
-  annotations:
-    argocd.argoproj.io/sync-wave: "100"
-spec:
-  ingressClassName: "nginx"
-  rules:
-    - host: localhost
-      http:
-        paths:
-          - path: /keycloak
-            pathType: ImplementationSpecific
-            backend:
-              service:
-                name: keycloak
-                port:
-                  name: http
-    - host: {{ .Values.edfbuilderTargetDomain }}
-      http:
-        paths:
-          - path: /keycloak
-            pathType: ImplementationSpecific
-            backend:
-              service:
-                name: keycloak
-                port:
-                  name: http
diff --git a/template/stacks/ref-implementation/keycloak/manifests/install.yaml b/template/stacks/ref-implementation/keycloak/manifests/install.yaml
index 82f1eeb..6e55a17 100644
--- a/template/stacks/ref-implementation/keycloak/manifests/install.yaml
+++ b/template/stacks/ref-implementation/keycloak/manifests/install.yaml
@@ -83,7 +83,7 @@ data:
     proxy=edge
     
     # hostname configuration
-    hostname={{ .Values.edfbuilderTargetDomain }}
+    hostname={{{ .Env.DOMAIN }}}
     http-relative-path=keycloak
     
     # the admin url requires its own configuration to reflect correct url
@@ -151,6 +151,7 @@ spec:
           volumeMounts:
             - name: data
               mountPath: /var/lib/postgresql/data
+              subPath: postgres
   volumeClaimTemplates:
   - metadata:
       name: data
diff --git a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml
index e48960e..e2a0981 100644
--- a/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml
+++ b/template/stacks/ref-implementation/keycloak/manifests/keycloak-config.yaml
@@ -145,7 +145,7 @@ data:
       "rootUrl": "",
       "baseUrl": "",
       "redirectUris": [
-        "https://{{ .Values.edfbuilderTargetDomain }}:443/argo-workflows/oauth2/callback"
+        "https://{{{ .Env.DOMAIN }}}:443/argo-workflows/oauth2/callback"
       ],
       "webOrigins": [
         "/*"
@@ -174,7 +174,7 @@ data:
       "rootUrl": "",
       "baseUrl": "",
       "redirectUris": [
-        "https://{{ .Values.edfbuilderTargetDomain }}:443/api/auth/keycloak-oidc/handler/frame"
+        "https://{{{ .Env.DOMAIN }}}:443/api/auth/keycloak-oidc/handler/frame"
       ],
       "webOrigins": [
         "/*"
@@ -225,7 +225,12 @@ spec:
               ADMIN_PASSWORD=$(cat /var/secrets/KEYCLOAK_ADMIN_PASSWORD)
               USER1_PASSWORD=$(cat /var/secrets/USER_PASSWORD)
 
+{{{ if eq .Env.CLUSTER_TYPE "kind" }}}
               KEYCLOAK_URL=http://keycloak.keycloak.svc.cluster.local:8080/keycloak
+{{{ end }}}
+{{{ if eq .Env.CLUSTER_TYPE "osc" }}}
+              KEYCLOAK_URL=https://{{{ .Env.DOMAIN }}}/keycloak
+{{{ end }}}
 
               KEYCLOAK_TOKEN=$(curl -sS  --fail-with-body -X POST -H "Content-Type: application/x-www-form-urlencoded" \
                 --data-urlencode "username=cnoe-admin" \
diff --git a/template/stacks/ref-implementation/metric-server.yaml b/template/stacks/ref-implementation/metric-server.yaml
index 3c8699b..1a2073c 100644
--- a/template/stacks/ref-implementation/metric-server.yaml
+++ b/template/stacks/ref-implementation/metric-server.yaml
@@ -1,3 +1,4 @@
+{{{ if eq .Env.CLUSTER_TYPE "kind" }}}
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
@@ -27,3 +28,4 @@ spec:
       selfHeal: true
     syncOptions:
       - CreateNamespace=true
+{{{ end }}}
diff --git a/template/stacks/ref-implementation/openbao.yaml b/template/stacks/ref-implementation/openbao.yaml
new file mode 100644
index 0000000..a6f3ec8
--- /dev/null
+++ b/template/stacks/ref-implementation/openbao.yaml
@@ -0,0 +1,34 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: openbao
+  namespace: argocd
+  labels:
+    env: dev
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  syncPolicy:
+    automated:
+     selfHeal: false
+    syncOptions:
+      - CreateNamespace=true
+  destination:
+    name: in-cluster
+    namespace: openbao
+  sources:
+    - repoURL: https://github.com/openbao/openbao-helm.git
+      path: charts/openbao
+      targetRevision: HEAD
+      helm:
+        valueFiles:
+          - $values/stacks/ref-implementation/openbao/values.yaml
+    - repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
+      targetRevision: HEAD
+      ref: values
+  ignoreDifferences:
+  - group: admissionregistration.k8s.io
+    kind: MutatingWebhookConfiguration
+    jqPathExpressions:
+    - .webhooks[]?.clientConfig.caBundle
diff --git a/template/stacks/ref-implementation/openbao/values.yaml b/template/stacks/ref-implementation/openbao/values.yaml
new file mode 100644
index 0000000..0ff72cf
--- /dev/null
+++ b/template/stacks/ref-implementation/openbao/values.yaml
@@ -0,0 +1,17 @@
+server:
+  postStart:
+    - sh
+    - -c
+    - |
+      sleep 10
+      bao operator init >> /tmp/init.txt
+      cat /tmp/init.txt | grep "Key " | awk '{print $NF}' | xargs -I{} bao operator unseal {}
+      echo $(grep "Initial Root Token:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/initial_token.txt
+      echo $(grep "Unseal Key 1:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key1.txt
+      echo $(grep "Unseal Key 2:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key2.txt
+      echo $(grep "Unseal Key 3:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key3.txt
+      echo $(grep "Unseal Key 4:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key4.txt
+      echo $(grep "Unseal Key 5:" /tmp/init.txt | awk '{print $NF}')| cat > /openbao/data/unseal_key5.txt
+      rm /tmp/init.txt
+ui:
+  enabled: true
diff --git a/template/stacks/second-cluster/create-new-cluster-guestbook.yaml b/template/stacks/second-cluster/create-new-cluster-guestbook.yaml
index d8d167c..e71b4f0 100644
--- a/template/stacks/second-cluster/create-new-cluster-guestbook.yaml
+++ b/template/stacks/second-cluster/create-new-cluster-guestbook.yaml
@@ -19,5 +19,5 @@ spec:
     namespace: crossplane-system
   source:
     path: stacks/second-cluster/create-new-cluster-guestbook
-    repoURL: https://gitea.{{ .Values.edfbuilderTargetDomain }}/giteaAdmin/edfbuilder
+    repoURL: https://gitea.{{{ .Env.DOMAIN }}}/giteaAdmin/edfbuilder
     targetRevision: HEAD
diff --git a/template/stacks/second-cluster/create-new-cluster-guestbook/kindcluster.yaml b/template/stacks/second-cluster/create-new-cluster-guestbook/kindcluster.yaml
index 796b866..3abe324 100644
--- a/template/stacks/second-cluster/create-new-cluster-guestbook/kindcluster.yaml
+++ b/template/stacks/second-cluster/create-new-cluster-guestbook/kindcluster.yaml
@@ -15,6 +15,10 @@ spec:
           nodeRegistration:
             kubeletExtraArgs:
               node-labels: "ingress-ready=true"
+      # TODO: RIRE used maybe for velero backup
+      #  extraMounts:
+      #    - hostPath: /tmp/backup # replace with your own path
+      #      containerPath: /backup
   providerConfigRef:
     name: kind-provider
   writeConnectionSecretToRef: