diff --git a/apps/prod/tekton/configs.yaml b/apps/prod/tekton/configs.yaml
index 8f3bfaa62..d546be1c4 100644
--- a/apps/prod/tekton/configs.yaml
+++ b/apps/prod/tekton/configs.yaml
@@ -24,8 +24,3 @@ spec:
           value:
             scheduler.alpha.kubernetes.io/defaultTolerations: '[{"operator": "Equal", "effect": "NoSchedule", "key": "dedicated", "value": "test-infra"}]'
             scheduler.alpha.kubernetes.io/node-selector: enable-ci=true
-  postBuild:
-    substituteFrom:
-      - kind: Secret
-        name: tekton-ingress # should manual created in namespace `apps`
-        optional: true
diff --git a/apps/prod/tekton/configs/triggers/event-listener.yaml b/apps/prod/tekton/configs/triggers/event-listeners/event-listener.yaml
similarity index 100%
rename from apps/prod/tekton/configs/triggers/event-listener.yaml
rename to apps/prod/tekton/configs/triggers/event-listeners/event-listener.yaml
diff --git a/apps/prod/tekton/configs/triggers/event-listeners/kustomization.yaml b/apps/prod/tekton/configs/triggers/event-listeners/kustomization.yaml
new file mode 100644
index 000000000..7ba0850a1
--- /dev/null
+++ b/apps/prod/tekton/configs/triggers/event-listeners/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - rbac.yaml
+  - event-listener.yaml
diff --git a/apps/prod/tekton/configs/triggers/rbac.yaml b/apps/prod/tekton/configs/triggers/event-listeners/rbac.yaml
similarity index 64%
rename from apps/prod/tekton/configs/triggers/rbac.yaml
rename to apps/prod/tekton/configs/triggers/event-listeners/rbac.yaml
index c4edcfbcc..762fd0fe6 100644
--- a/apps/prod/tekton/configs/triggers/rbac.yaml
+++ b/apps/prod/tekton/configs/triggers/event-listeners/rbac.yaml
@@ -27,31 +27,4 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: tekton-triggers-eventlistener-clusterroles # created by tekton operator
----
-# custom rights
-kind: Role
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: k8s-pod-full
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-    verbs:
-      - delete
-      - list
-      - get
-      - watch
-      - create
-      - patch
 
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: k8s-pod-full
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: k8s-pod-full
diff --git a/apps/prod/tekton/configs/triggers/kustomization.yaml b/apps/prod/tekton/configs/triggers/kustomization.yaml
index 06c457f66..e5e9f76ca 100644
--- a/apps/prod/tekton/configs/triggers/kustomization.yaml
+++ b/apps/prod/tekton/configs/triggers/kustomization.yaml
@@ -6,5 +6,4 @@ resources:
   - bindings
   - triggers
   - rbac.yaml
-  - event-listener.yaml
-  - ingress-event-listener.yaml
+  - event-listeners
diff --git a/apps/prod/tekton/configs/triggers/templates/public.yaml b/apps/prod/tekton/configs/triggers/templates/public.yaml
index 7a7e99ca1..612464fab 100644
--- a/apps/prod/tekton/configs/triggers/templates/public.yaml
+++ b/apps/prod/tekton/configs/triggers/templates/public.yaml
@@ -8,7 +8,7 @@ spec:
       description: The git repository full url
     - name: git-revision
       description: The git revision
-      default: main  
+      default: main
   resourcetemplates:
     - apiVersion: tekton.dev/v1beta1
       kind: PipelineRun
@@ -18,7 +18,7 @@ spec:
           "tekton.dev/git-status": "true"
           "tekton.dev/status-context": "demo-pipeline1"
           "tekton.dev/status-description": "demo pipeline forwarded by prow"
-          "tekton.dev/status-target-url": "https://dashboard.tekton.pingcap.net/#/namespaces/{{ .Namespace }}/pipelineruns/{{ .Name }}"
+          "tekton.dev/status-target-url": "https://do.pingcap.net/tekton/#/namespaces/{{ .Namespace }}/pipelineruns/{{ .Name }}"
           "tekton.dev/git-repo": $(tt.params.git-url)
           "tekton.dev/git-revision": $(tt.params.git-revision)
       spec:
diff --git a/apps/prod/tekton/ingress.yaml b/apps/prod/tekton/ingress.yaml
new file mode 100644
index 000000000..cab9e5180
--- /dev/null
+++ b/apps/prod/tekton/ingress.yaml
@@ -0,0 +1,24 @@
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: tekton-ingress
+  namespace: apps
+spec:
+  interval: 1m0s
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  path: ./apps/prod/tekton/ingress
+  dependsOn:
+    - name: tekton-setup
+      namespace: apps
+    - name: tekton-configs
+      namespace: apps
+  prune: true
+  postBuild:
+    substituteFrom:
+      - kind: Secret
+        name: tekton-ingress # should manual created in namespace `apps`
+        optional: true
diff --git a/apps/prod/tekton/setup/ingress-dashboard.yaml b/apps/prod/tekton/ingress/ingress-dashboard.yaml
similarity index 99%
rename from apps/prod/tekton/setup/ingress-dashboard.yaml
rename to apps/prod/tekton/ingress/ingress-dashboard.yaml
index e0096cfd4..2f6a5a113 100644
--- a/apps/prod/tekton/setup/ingress-dashboard.yaml
+++ b/apps/prod/tekton/ingress/ingress-dashboard.yaml
@@ -25,3 +25,4 @@ spec:
                 name: tekton-dashboard
                 port:
                   name: http
+
diff --git a/apps/prod/tekton/configs/triggers/ingress-event-listener.yaml b/apps/prod/tekton/ingress/ingress-event-listener.yaml
similarity index 86%
rename from apps/prod/tekton/configs/triggers/ingress-event-listener.yaml
rename to apps/prod/tekton/ingress/ingress-event-listener.yaml
index 508986c11..1e9b0480f 100644
--- a/apps/prod/tekton/configs/triggers/ingress-event-listener.yaml
+++ b/apps/prod/tekton/ingress/ingress-event-listener.yaml
@@ -3,6 +3,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: trigger-groups-listener
+  namespace: ee-cd
   annotations:
     nginx.ingress.kubernetes.io/rewrite-target: /$2
 spec:
@@ -12,7 +13,7 @@ spec:
       http:
         paths:
           - pathType: Prefix
-            path: "(/|$)(.*)"
+            path: "${path_for_hook}(/|$)(.*)"
             backend:
               service:
                 name: el-trigger-groups-listener
diff --git a/apps/prod/tekton/ingress/kustomization.yaml b/apps/prod/tekton/ingress/kustomization.yaml
new file mode 100644
index 000000000..a26cdd164
--- /dev/null
+++ b/apps/prod/tekton/ingress/kustomization.yaml
@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ingress-dashboard.yaml
+- ingress-event-listener.yaml
diff --git a/apps/prod/tekton/kustomization.yaml b/apps/prod/tekton/kustomization.yaml
index df620cd43..d388cc6b3 100644
--- a/apps/prod/tekton/kustomization.yaml
+++ b/apps/prod/tekton/kustomization.yaml
@@ -3,3 +3,4 @@ kind: Kustomization
 resources:
   - setup.yaml
   - configs.yaml
+  - ingress.yaml
diff --git a/apps/prod/tekton/setup.yaml b/apps/prod/tekton/setup.yaml
index a630b47f5..4d2bd857c 100644
--- a/apps/prod/tekton/setup.yaml
+++ b/apps/prod/tekton/setup.yaml
@@ -55,9 +55,4 @@ spec:
       kind: Deployment
       name: tekton-dashboard
       namespace: tekton-pipelines
-  postBuild:
-    substituteFrom:
-      - kind: Secret
-        name: tekton-ingress # should manual created in namespace `apps`
-        optional: true
   timeout: 5m0s
diff --git a/apps/prod/tekton/setup/kustomization.yaml b/apps/prod/tekton/setup/kustomization.yaml
index 0534c15ad..662f4a72f 100644
--- a/apps/prod/tekton/setup/kustomization.yaml
+++ b/apps/prod/tekton/setup/kustomization.yaml
@@ -8,4 +8,3 @@ resources:
   #   gcr.io/tekton-releases/dogfooding/tkn
   - operator-release.yaml 
   - operator-config.yaml
-  - ingress-dashboard.yaml