diff --git a/kubernetes/apps/default/kustomization.yaml b/kubernetes/apps/default/kustomization.yaml
index f669bd811..1dcaab69d 100644
--- a/kubernetes/apps/default/kustomization.yaml
+++ b/kubernetes/apps/default/kustomization.yaml
@@ -31,6 +31,7 @@ resources:
   - ./lms/ks.yaml
   - ./lychee/ks.yaml
   - ./navidrome/ks.yaml
+  - ./opengist/ks.yaml
   - ./outline/ks.yaml
   - ./paperless/ks.yaml
   - ./prowlarr/ks.yaml
diff --git a/kubernetes/apps/default/opengist/app/config/config.yaml b/kubernetes/apps/default/opengist/app/config/config.yaml
new file mode 100644
index 000000000..41d5dfe6d
--- /dev/null
+++ b/kubernetes/apps/default/opengist/app/config/config.yaml
@@ -0,0 +1,65 @@
+---
+# Set the log level to one of the following: trace, debug, info, warn, error, fatal, panic. Default: warn
+log-level: warn
+
+# Public URL for the Git HTTP/SSH connection.
+# If not set, uses the URL from the request
+# external-url: opengist.${SECRET_EXTERNAL_DOMAIN}
+
+# Directory where Opengist will store its data. Default: /opengist/
+opengist-home: /config/opengist/
+
+# Name of the SQLite database file. Default: opengist.db
+db-uri: opengist.db
+
+# Set the journal mode for SQLite. Default: WAL
+# See https://www.sqlite.org/pragma.html#pragma_journal_mode
+sqlite.journal-mode: WAL
+
+
+# HTTP server configuration
+# Host to bind to. Default: 0.0.0.0
+http.host: 0.0.0.0
+
+# Port to bind to. Default: 6157
+http.port: 6157
+
+# Enable or disable git operations (clone, pull, push) via HTTP (either `true` or `false`). Default: true
+http.git-enabled: true
+
+# SSH built-in server configuration
+# Note: it is not using the SSH daemon from your machine (yet)
+
+# Enable or disable SSH built-in server
+# for git operations (clone, pull, push) via SSH (either `true` or `false`). Default: true
+ssh.git-enabled: true
+
+# Host to bind to. Default: 0.0.0.0
+ssh.host: 0.0.0.0
+
+# Port to bind to. Default: 2222
+# Note: it cannot be the same port as the SSH daemon if it's currently running
+# If you want to use the port 22 for the built-in SSH server,
+# you can either change the port of the SSH daemon or stop it
+ssh.port: 2222
+
+# Public domain for the Git SSH connection, if it has to be different from the HTTP one.
+# If not set, uses the URL from the request
+# ssh.external-domain: opengist.${SECRET_EXTERNAL_DOMAIN}
+
+# Path or alias to ssh-keygen executable. Default: ssh-keygen
+ssh.keygen-executable: ssh-keygen
+
+
+# OAuth2 configuration
+# The callback/redirect URL must be http://opengist.domain/oauth/<github|gitea>/callback
+
+# To create a new OAuth2 application using GitHub : https://github.com/settings/applications/new
+# github.client-key:
+# github.secret:
+
+# To create a new OAuth2 application using Gitea : https://gitea.domain/user/settings/applications
+# gitea.client-key:
+# gitea.secret:
+# URL of the Gitea instance. Default: https://gitea.com/
+# gitea.url: https://gitea.com/
diff --git a/kubernetes/apps/default/opengist/app/helmrelease.yaml b/kubernetes/apps/default/opengist/app/helmrelease.yaml
new file mode 100644
index 000000000..9b0d0653b
--- /dev/null
+++ b/kubernetes/apps/default/opengist/app/helmrelease.yaml
@@ -0,0 +1,107 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app opengist
+spec:
+  chartRef:
+    kind: OCIRepository
+    name: app-template
+  interval: 15m
+  dependsOn:
+    - name: rook-ceph-cluster
+      namespace: rook-ceph
+  install:
+    remediation:
+      retries: -1
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  driftDetection:
+    mode: enabled
+    ignore:
+      - paths:
+          - /spec/containers/resources/limits
+        target:
+          kind: Pod
+  values:
+    controllers:
+      opengist:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        strategy: Recreate
+        containers:
+          app:
+            image:
+              repository: ghcr.io/thomiceli/opengist
+              tag: 1.10.0@sha256:b3ae8c4614fcfc3099ed08317f0113444f314d3d390e89161cff9b673729d191
+            command: # double "$$" escape flux substitutions
+              - ./opengist
+            args:
+              - --config
+              - /config/config.yaml
+            resources:
+              requests:
+                cpu: 100m
+                memory: 52M
+              limits:
+                memory: 256M
+            securityContext:
+              allowPrivilegeEscalation: false
+              # readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+
+    defaultPodOptions:
+      securityContext:
+        # runAsGroup: 65534
+        # runAsUser: 65534
+        # runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+
+    service:
+      app:
+        controller: *app
+        ports:
+          http:
+            port: 6157
+          # ssh:
+          #   port: 2222
+    ingress:
+      app:
+        className: internal
+        annotations:
+          gethomepage.dev/enabled: "true"
+          gethomepage.dev/name: Opengist
+          gethomepage.dev/description: Photo-management tool.
+          gethomepage.dev/group: Applications
+          gethomepage.dev/icon: opengist.png
+          gethomepage.dev/pod-selector: >-
+            app in (
+              opengist
+            )
+        hosts:
+          - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+                service:
+                  identifier: app
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      config:
+        type: configMap
+        name: opengist-configmap
+        globalMounts:
+          - subPath: config.yaml
+            path: /config/config.yaml
+        defaultMode: 0775
+      data:
+        existingClaim: *app
+        globalMounts:
+          - path: /config
diff --git a/kubernetes/apps/default/opengist/app/kustomization.yaml b/kubernetes/apps/default/opengist/app/kustomization.yaml
new file mode 100644
index 000000000..daa5a0c26
--- /dev/null
+++ b/kubernetes/apps/default/opengist/app/kustomization.yaml
@@ -0,0 +1,13 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: default
+resources:
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: opengist-configmap
+    files:
+      - ./config/config.yaml
+generatorOptions:
+  disableNameSuffixHash: true
diff --git a/kubernetes/apps/default/opengist/ks.yaml b/kubernetes/apps/default/opengist/ks.yaml
new file mode 100644
index 000000000..2336e92e4
--- /dev/null
+++ b/kubernetes/apps/default/opengist/ks.yaml
@@ -0,0 +1,34 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app opengist
+  namespace: &namespace default
+spec:
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  dependsOn:
+    - name: rook-ceph-cluster
+      namespace: rook-ceph
+    - name: volsync
+      namespace: volsync
+  components:
+    - ../../../../components/gatus/external
+    - ../../../../components/volsync
+  interval: 1h
+  path: ./kubernetes/apps/default/opengist/app
+  postBuild:
+    substitute:
+      APP: *app
+      VOLSYNC_CAPACITY: 2Gi
+  prune: true
+  retryInterval: 2m
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+    namespace: flux-system
+  targetNamespace: *namespace
+  timeout: 5m
+  wait: false