diff --git a/cluster/apps/kustomization.yaml b/cluster/apps/kustomization.yaml
index c80348c42..c0d2fc549 100644
--- a/cluster/apps/kustomization.yaml
+++ b/cluster/apps/kustomization.yaml
@@ -8,4 +8,3 @@ resources:
   - media
   - monitoring
   - networking
-  - system-upgrade
diff --git a/cluster/apps/networking/k8s-gateway/deployment.yaml b/cluster/apps/networking/k8s-gateway/deployment.yaml
deleted file mode 100644
index b1298309f..000000000
--- a/cluster/apps/networking/k8s-gateway/deployment.yaml
+++ /dev/null
@@ -1,126 +0,0 @@
-# see: https://github.com/ori-edge/k8s_gateway/blob/master/examples/install-clusterwide.yml
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: excoredns
-  namespace: networking
----
-# Source: coredns/templates/configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: excoredns
-  namespace: networking
-data:
-  Corefile: |-
-    .:53 {
-        errors
-        log
-        ready
-        k8s_gateway ${SECRET_CLUSTER_DOMAIN}
-        {
-          resources Ingress Service
-          ttl 10
-          apex dns1
-        }
-        forward . /etc/resolv.conf
-        cache 30
-        loop
-        reload
-        loadbalance
-    }
----
-# Source: coredns/templates/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: excoredns
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - services
-      - namespaces
-    verbs:
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingresses
-    verbs:
-      - list
-      - watch
----
-# Source: coredns/templates/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: excoredns
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: excoredns
-subjects:
-  - kind: ServiceAccount
-    name: excoredns
-    namespace: networking
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: external-dns
-  namespace: networking
-spec:
-  selector:
-    k8s-app: "excoredns"
-  ports:
-    - name: udp-53
-      port: 53
-      protocol: UDP
-  type: LoadBalancer
-  externalIPs:
-    - ${CLUSTER_LB_K8SGATEWAY}
-  externalTrafficPolicy: Local
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: excoredns
-  namespace: networking
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      k8s-app: "excoredns"
-  template:
-    metadata:
-      labels:
-        k8s-app: "excoredns"
-    spec:
-      serviceAccountName: excoredns
-      dnsPolicy: ClusterFirst
-      containers:
-        - name: "coredns"
-          image: "quay.io/oriedge/k8s_gateway:v0.1.6"
-          imagePullPolicy: IfNotPresent
-          args: ["-conf", "/etc/coredns/Corefile"]
-          volumeMounts:
-            - name: config-volume
-              mountPath: /etc/coredns
-          resources:
-            requests:
-              cpu: 100m
-              memory: 128Mi
-          ports:
-            - { containerPort: 53, protocol: UDP, name: udp-53 }
-            - { containerPort: 53, protocol: TCP, name: tcp-53 }
-      volumes:
-        - name: config-volume
-          configMap:
-            name: excoredns
-            items:
-              - key: Corefile
-                path: Corefile
diff --git a/cluster/apps/networking/k8s-gateway/helm-release.yaml b/cluster/apps/networking/k8s-gateway/helm-release.yaml
index 75cf5189b..09a42aae9 100644
--- a/cluster/apps/networking/k8s-gateway/helm-release.yaml
+++ b/cluster/apps/networking/k8s-gateway/helm-release.yaml
@@ -8,18 +8,32 @@ spec:
   interval: 5m
   chart:
     spec:
-      # renovate: registryUrl=https://github.com/ori-edge/k8s_gateway
-      chart: ./charts/k8s-gateway
-      version: 1.0.3
+      # renovate: registryUrl=https://ori-edge.github.io/k8s_gateway/
+      chart: k8s-gateway
+      version: 1.0.4
       sourceRef:
-        kind: GitRepository
+        kind: HelmRepository
         name: k8s-gateway-charts
         namespace: flux-system
       interval: 5m
   values:
+    image:
+      registry: quay.io
+      repository: oriedge/k8s_gateway
+      tag: v0.1.6
+      pullPolicy: IfNotPresent
     domain: "${SECRET_CLUSTER_DOMAIN}"
     service:
       type: LoadBalancer
-      externalIPs:
-        - ${CLUSTER_LB_K8SGATEWAY}
       externalTrafficPolicy: Local
+  postRenderers:
+    - kustomize:
+        patchesJson6902:
+          - target:
+              kind: Service
+              name: k8s-gateway
+            patch:
+              - op: add
+                path: /spec/externalIPs
+                value:
+                  - "${CLUSTER_LB_K8SGATEWAY}"
diff --git a/cluster/base-custom/charts/coredns-charts.yaml b/cluster/base-custom/charts/coredns-charts.yaml
deleted file mode 100644
index 31c59f836..000000000
--- a/cluster/base-custom/charts/coredns-charts.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: HelmRepository
-metadata:
-  name: coredns-charts
-  namespace: flux-system
-spec:
-  interval: 10m
-  url: https://coredns.github.io/helm
-  timeout: 3m
diff --git a/cluster/base-custom/charts/k8s-gateway-charts.yaml b/cluster/base-custom/charts/k8s-gateway-charts.yaml
index 5341962f7..4fb945934 100644
--- a/cluster/base-custom/charts/k8s-gateway-charts.yaml
+++ b/cluster/base-custom/charts/k8s-gateway-charts.yaml
@@ -1,16 +1,10 @@
 ---
 apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: GitRepository
+kind: HelmRepository
 metadata:
   name: k8s-gateway-charts
   namespace: flux-system
 spec:
-  interval: 1440m
-  url: https://github.com/ori-edge/k8s_gateway
-  ref:
-    branch: master
-  ignore: |
-    # exclude all
-    /*
-    # include charts directory
-    !/charts/
+  interval: 10m
+  url: https://ori-edge.github.io/k8s_gateway/
+  timeout: 3m
diff --git a/cluster/base-custom/charts/kubernetes-dashboard-charts.yaml b/cluster/base-custom/charts/kubernetes-dashboard-charts.yaml
deleted file mode 100644
index 2e568f16d..000000000
--- a/cluster/base-custom/charts/kubernetes-dashboard-charts.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: HelmRepository
-metadata:
-  name: kubernetes-dashboard-charts
-  namespace: flux-system
-spec:
-  interval: 10m
-  url: https://kubernetes.github.io/dashboard/
-  timeout: 3m
diff --git a/cluster/base-custom/charts/kustomization.yaml b/cluster/base-custom/charts/kustomization.yaml
index aba9d251d..a07f37518 100644
--- a/cluster/base-custom/charts/kustomization.yaml
+++ b/cluster/base-custom/charts/kustomization.yaml
@@ -1,9 +1,9 @@
+---
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - bitnami-charts.yaml
   - cert-manager-webhook-ovh.yaml
-  - coredns-charts.yaml
   - drone-charts.yaml
   - emxq-charts.yaml
   - gitea-charts.yaml
@@ -15,7 +15,6 @@ resources:
   - k8s-at-home.yaml
   - k8s-gateway-charts.yaml
   - kasten-charts.yaml
-  - kubernetes-dashboard-charts.yaml
   - kubernetes-sigs-descheduler-charts.yaml
   - mittwald-charts.yaml
   - node-feature-discovery.yaml
diff --git a/cluster/core/cert-manager/cert-manager-webhook-ovh-helm-release.yaml b/cluster/core/cert-manager/cert-manager-webhook-ovh-helm-release.yaml
index f180490b0..7e81b1873 100644
--- a/cluster/core/cert-manager/cert-manager-webhook-ovh-helm-release.yaml
+++ b/cluster/core/cert-manager/cert-manager-webhook-ovh-helm-release.yaml
@@ -8,6 +8,7 @@ spec:
   interval: 5m
   chart:
     spec:
+      # renovate: registryUrl=https://github.com/baarde/cert-manager-webhook-ovh
       chart: ./deploy/cert-manager-webhook-ovh
       version: 0.2.0
       sourceRef:
diff --git a/cluster/core/system-upgrade/kustomization.yaml b/cluster/core/system-upgrade/kustomization.yaml
index 9c2d28b0c..ad6b3f56b 100644
--- a/cluster/core/system-upgrade/kustomization.yaml
+++ b/cluster/core/system-upgrade/kustomization.yaml
@@ -1,4 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - namespace.yaml
   - deployment.yaml
diff --git a/cluster/apps/system-upgrade/namespace.yaml b/cluster/core/system-upgrade/namespace.yaml
similarity index 100%
rename from cluster/apps/system-upgrade/namespace.yaml
rename to cluster/core/system-upgrade/namespace.yaml
diff --git a/cluster/apps/system-upgrade/kustomization.yaml b/cluster/core/system-upgrade/plans/kustomization.yaml
similarity index 86%
rename from cluster/apps/system-upgrade/kustomization.yaml
rename to cluster/core/system-upgrade/plans/kustomization.yaml
index 1f6efc213..457c088e9 100644
--- a/cluster/apps/system-upgrade/kustomization.yaml
+++ b/cluster/core/system-upgrade/plans/kustomization.yaml
@@ -1,6 +1,5 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - namespace.yaml
   - server-plan.yaml
   - worker-plan.yaml
diff --git a/cluster/apps/system-upgrade/server-plan.yaml b/cluster/core/system-upgrade/plans/server-plan.yaml
similarity index 100%
rename from cluster/apps/system-upgrade/server-plan.yaml
rename to cluster/core/system-upgrade/plans/server-plan.yaml
diff --git a/cluster/apps/system-upgrade/worker-plan.yaml b/cluster/core/system-upgrade/plans/worker-plan.yaml
similarity index 100%
rename from cluster/apps/system-upgrade/worker-plan.yaml
rename to cluster/core/system-upgrade/plans/worker-plan.yaml