diff --git a/.deploy/SSL.yaml b/.deploy/SSL.yaml
new file mode 100644
index 00000000..28984f49
--- /dev/null
+++ b/.deploy/SSL.yaml
@@ -0,0 +1,11 @@
+# secret.yaml
+apiVersion: v1
+kind: Secret
+
+metadata:
+  name: entity-ssl
+  namespace: hypermine-development
+type: kubernetes.io/tls
+stringData:
+  tls.key: ""
+  tls.crt: ""
diff --git a/.deploy/cert.yaml b/.deploy/cert.yaml
new file mode 100644
index 00000000..a985ea5c
--- /dev/null
+++ b/.deploy/cert.yaml
@@ -0,0 +1,13 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+      name: entity-ssl
+      namespace: hypermine-development
+spec:
+      dnsNames:
+            - api.entity-stage.hypersign.id
+            - "*.api.entity-stage.hypersign.id"
+      issuerRef:
+            kind: Issuer
+            name: letsencrypt-production
+      secretName: entity-ssl
diff --git a/.deploy/ingress.yaml b/.deploy/ingress.yaml
new file mode 100644
index 00000000..b3da62a9
--- /dev/null
+++ b/.deploy/ingress.yaml
@@ -0,0 +1,70 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: entity-ingress
+  namespace: hypermine-development
+  annotations:
+    kubernetes.io/ingress.allow-http: "false"
+    kubernetes.io/force-ssl-redirect: redirect
+    ingressClassName: "gce"
+    kubernetes.io/ingress.global-static-ip-name: entity-ip
+    cert-manager.io/issuer: letsencrypt-production
+  labels:
+    name: ingress
+
+spec:
+  tls:
+    - secretName: entity-ssl
+      hosts:
+        - "api.entity-stage.hypersign.id"
+        - "*.api.entity-stage.hypersign.id"
+
+  rules:
+    - host: "api.entity-stage.hypersign.id"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: nginx-entity-service
+                port:
+                  number: 8080
+          - path: /ssi/
+            pathType: Prefix
+            backend:
+              service:
+                name: nginx-entity-service
+                port:
+                  number: 8080
+          - path: /api/
+            pathType: Prefix
+            backend:
+              service:
+                name: nginx-entity-service
+                port:
+                  number: 8080
+    - host: "*.api.entity-stage.hypersign.id"
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: nginx-entity-service
+                port:
+                  number: 8080
+          - path: /ssi/
+            pathType: Prefix
+            backend:
+              service:
+                name: nginx-entity-service
+                port:
+                  number: 8080
+          - path: /api/
+            pathType: Prefix
+            backend:
+              service:
+                name: nginx-entity-service
+                port:
+                  number: 8080
diff --git a/.deploy/issuer.yaml b/.deploy/issuer.yaml
new file mode 100644
index 00000000..f421f0b3
--- /dev/null
+++ b/.deploy/issuer.yaml
@@ -0,0 +1,19 @@
+# issuer-lets-encrypt-production.yaml
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: letsencrypt-production
+  namespace: hypermine-development
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: pratap@hypermine.in # ❗ Replace this with your email address
+    privateKeySecretRef:
+      name: letsencrypt-production
+    solvers:
+      - dns01:
+          cloudDNS:
+            project: fyre-400407
+            serviceAccountSecretRef:
+              name: clouddns-dns01-solver-svc-acct
+              key: key.json