diff --git a/deployments/pelican/deployment.yaml b/deployments/pelican/deployment.yaml
new file mode 100644
index 0000000..6a69277
--- /dev/null
+++ b/deployments/pelican/deployment.yaml
@@ -0,0 +1,107 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pelican-panel
+  namespace: pelican
+  labels:
+    app.kubernetes.io/name: pelican
+    app.kubernetes.io/component: panel
+    app.kubernetes.io/managed-by: orion
+spec:
+  replicas: 2
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: pelican
+      app.kubernetes.io/component: panel
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: pelican
+        app.kubernetes.io/component: panel
+    spec:
+      containers:
+        - name: panel
+          image: ghcr.io/pelican-dev/panel:latest
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          env:
+            - name: APP_ENV
+              value: production
+            - name: APP_NAME
+              value: "Pelican"
+            - name: APP_URL
+              value: "https://pelican.khalisio.com"
+            - name: DB_HOST
+              value: postgres.pelican.svc.cluster.local
+            - name: DB_PORT
+              value: "5432"
+            - name: DB_DATABASE
+              value: pelican
+            - name: DB_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: pelican-panel-db
+                  key: DB_USER
+            - name: DB_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: pelican-panel-db
+                  key: DB_PASSWORD
+            - name: APP_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: pelican-panel-app
+                  key: APP_KEY
+            - name: SESSION_SECURE
+              valueFrom:
+                secretKeyRef:
+                  name: pelican-panel-app
+                  key: SESSION_SECURE
+            - name: OAUTH_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: pelican-panel-app
+                  key: OAUTH_CLIENT_SECRET
+            - name: OAUTH_CLIENT_ID
+              value: pelican-panel
+            - name: OAUTH_BASE_URI
+              value: "https://pelican.khalisio.com"
+            - name: OAUTH_AUTH_SERVER_URI
+              value: "https://auth.khalisio.com"
+            - name: OAUTH_CLIENT_PORTAL_URI
+              value: "https://auth.khalisio.com"
+            - name: OAUTH_CLIENT_ADMIN_URI
+              value: "https://auth.khalisio.com"
+            - name: CACHE_DRIVER
+              value: file
+            - name: SESSION_DRIVER
+              value: file
+          volumeMounts:
+            - name: data
+              mountPath: /var/www/app/storage
+            - name: logs
+              mountPath: /var/www/app/storage/logs
+            - name: uploads
+              mountPath: /var/www/app/public/uploads
+            - name: pufferpanel
+              mountPath: /var/www/app/storage/pufferpanel
+      volumes:
+        - name: data
+          persistentVolumeClaim:
+            claimName: pelican-data
+        - name: logs
+          persistentVolumeClaim:
+            claimName: pelican-logs
+        - name: uploads
+          persistentVolumeClaim:
+            claimName: pelican-data
+        - name: pufferpanel
+          persistentVolumeClaim:
+            claimName: pelican-data
diff --git a/deployments/pelican/externalsecret-app.yaml b/deployments/pelican/externalsecret-app.yaml
new file mode 100644
index 0000000..916dc91
--- /dev/null
+++ b/deployments/pelican/externalsecret-app.yaml
@@ -0,0 +1,23 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pelican-panel-app
+  namespace: pelican
+spec:
+  refreshInterval: 1h
+  target:
+    name: pelican-panel-app
+    creationPolicy: Owner
+  data:
+    - secretKey: APP_KEY
+      remoteRef:
+        key: secret/data/Talos Cluster/pelican/panel/app
+        property: APP_KEY
+    - secretKey: SESSION_SECURE
+      remoteRef:
+        key: secret/data/Talos Cluster/pelican/panel/app
+        property: SESSION_SECURE
+    - secretKey: OAUTH_CLIENT_SECRET
+      remoteRef:
+        key: secret/data/Talos Cluster/pelican/panel/app
+        property: OAUTH_CLIENT_SECRET
diff --git a/deployments/pelican/externalsecret-autostart.yaml b/deployments/pelican/externalsecret-autostart.yaml
new file mode 100644
index 0000000..76b0760
--- /dev/null
+++ b/deployments/pelican/externalsecret-autostart.yaml
@@ -0,0 +1,15 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pelican-autostart-key
+  namespace: pelican
+spec:
+  refreshInterval: 1h
+  target:
+    name: pelican-autostart-key
+    creationPolicy: Owner
+  data:
+    - secretKey: api_key
+      remoteRef:
+        key: secret/data/Talos Cluster/pelican/panel/autostart
+        property: api_key
diff --git a/deployments/pelican/externalsecret-db.yaml b/deployments/pelican/externalsecret-db.yaml
new file mode 100644
index 0000000..b769d89
--- /dev/null
+++ b/deployments/pelican/externalsecret-db.yaml
@@ -0,0 +1,19 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: pelican-panel-db
+  namespace: pelican
+spec:
+  refreshInterval: 1h
+  target:
+    name: pelican-panel-db
+    creationPolicy: Owner
+  data:
+    - secretKey: DB_PASSWORD
+      remoteRef:
+        key: secret/data/Talos Cluster/pelican/panel/db
+        property: DB_PASSWORD
+    - secretKey: DB_USER
+      remoteRef:
+        key: secret/data/Talos Cluster/pelican/panel/db
+        property: DB_USER
diff --git a/deployments/pelican/ingress.yaml b/deployments/pelican/ingress.yaml
new file mode 100644
index 0000000..644cb7e
--- /dev/null
+++ b/deployments/pelican/ingress.yaml
@@ -0,0 +1,19 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: pelican-panel
+  namespace: pelican
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  entryPoints:
+    - websecure
+  tls:
+    secretName: pelican-panel-tls
+  routes:
+    - match: Host(`pelican.khalisio.com`)
+      kind: Rule
+      services:
+        - name: pelican-panel
+          port: 80
+          scheme: http
diff --git a/deployments/pelican/service.yaml b/deployments/pelican/service.yaml
new file mode 100644
index 0000000..6ca110e
--- /dev/null
+++ b/deployments/pelican/service.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: pelican-panel
+  namespace: pelican
+  labels:
+    app.kubernetes.io/name: pelican
+    app.kubernetes.io/component: panel
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: pelican
+    app.kubernetes.io/component: panel
+  ports:
+    - name: http
+      port: 80
+      targetPort: 8080
+      protocol: TCP
diff --git a/deployments/pelican/storage.yaml b/deployments/pelican/storage.yaml
new file mode 100644
index 0000000..ee8daa8
--- /dev/null
+++ b/deployments/pelican/storage.yaml
@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pelican-data
+  namespace: pelican
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+  storageClassName: longhorn
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pelican-logs
+  namespace: pelican
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 5Gi
+  storageClassName: longhorn