diff --git a/kubernetes/apps/kustomization.yaml b/kubernetes/apps/kustomization.yaml
index 9cd2539..c69b1e4 100644
--- a/kubernetes/apps/kustomization.yaml
+++ b/kubernetes/apps/kustomization.yaml
@@ -3,5 +3,4 @@ kind: Kustomization
 resources:
   - ./capacitor/capacitor.yaml
   - ./cert-manager/cert-manager.yaml
-  - ./cilium/cilium.yaml
   - ./podinfo/podinfo.yaml
\ No newline at end of file
diff --git a/kubernetes/infrastructure/cilium/app/release.yaml b/kubernetes/infrastructure/cilium/app/release.yaml
new file mode 100644
index 0000000..8be73c8
--- /dev/null
+++ b/kubernetes/infrastructure/cilium/app/release.yaml
@@ -0,0 +1,43 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cilium
+  namespace: kube-system
+spec:
+  chart:
+    spec:
+      chart: cilium
+      version: 1.15.5
+      sourceRef:
+        kind: HelmRepository
+        namespace: kube-system
+        name: cilium
+  install:
+    crds: Create
+  upgrade:
+    crds: CreateReplace
+  interval: 1h
+  driftDetection:
+    mode: enabled
+  values:
+    global:
+      encryption:
+        enabled: true
+        nodeEncryption: true
+
+    policyEnforcementMode: default
+
+    operator:
+      replicas: 1
+
+    ipam:
+      mode: cluster-pool
+      operator:
+        clusterPoolIPv4PodCIDRList: [10.42.0.0/16]
+        clusterPoolIPv4MaskSize: 24
+
+    dnsProxy:
+      dnsRejectResponseCode: nameError
+
+    cni:
+      exclusive: false
diff --git a/kubernetes/infrastructure/cilium/app/repository.yaml b/kubernetes/infrastructure/cilium/app/repository.yaml
new file mode 100644
index 0000000..0ca641c
--- /dev/null
+++ b/kubernetes/infrastructure/cilium/app/repository.yaml
@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: cilium
+  namespace: kube-system
+spec:
+  interval: 1h
+  url: https://helm.cilium.io
diff --git a/kubernetes/apps/cilium/cilium.yaml b/kubernetes/infrastructure/cilium/cilium.yaml
similarity index 73%
rename from kubernetes/apps/cilium/cilium.yaml
rename to kubernetes/infrastructure/cilium/cilium.yaml
index 3690846..1ccc689 100644
--- a/kubernetes/apps/cilium/cilium.yaml
+++ b/kubernetes/infrastructure/cilium/cilium.yaml
@@ -1,11 +1,11 @@
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
-  name: cilium-networkpolicies
+  name: cilium
   namespace: kube-system
 spec:
   interval: 1h
-  path: ./kubernetes/apps/cilium/networkpolicies
+  path: ./kubernetes/infrastructure/cilium
   prune: true
   sourceRef:
     kind: GitRepository
diff --git a/kubernetes/apps/cilium/kustomization.yaml b/kubernetes/infrastructure/cilium/kustomization.yaml
similarity index 100%
rename from kubernetes/apps/cilium/kustomization.yaml
rename to kubernetes/infrastructure/cilium/kustomization.yaml
diff --git a/kubernetes/apps/cilium/networkpolicies/coredns.yaml b/kubernetes/infrastructure/cilium/networkpolicies/coredns.yaml
similarity index 100%
rename from kubernetes/apps/cilium/networkpolicies/coredns.yaml
rename to kubernetes/infrastructure/cilium/networkpolicies/coredns.yaml
diff --git a/kubernetes/apps/cilium/networkpolicies/egress-kube-dns.yaml b/kubernetes/infrastructure/cilium/networkpolicies/egress-kube-dns.yaml
similarity index 94%
rename from kubernetes/apps/cilium/networkpolicies/egress-kube-dns.yaml
rename to kubernetes/infrastructure/cilium/networkpolicies/egress-kube-dns.yaml
index 1003e85..419a3df 100644
--- a/kubernetes/apps/cilium/networkpolicies/egress-kube-dns.yaml
+++ b/kubernetes/infrastructure/cilium/networkpolicies/egress-kube-dns.yaml
@@ -2,6 +2,7 @@ apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
   name: egress-kube-dns
+  namespace: kube-system
 spec:
   endpointSelector:
     matchExpressions:
diff --git a/kubernetes/apps/cilium/networkpolicies/egress-kubeapi.yaml b/kubernetes/infrastructure/cilium/networkpolicies/egress-kubeapi.yaml
similarity index 94%
rename from kubernetes/apps/cilium/networkpolicies/egress-kubeapi.yaml
rename to kubernetes/infrastructure/cilium/networkpolicies/egress-kubeapi.yaml
index 3e54454..97be096 100644
--- a/kubernetes/apps/cilium/networkpolicies/egress-kubeapi.yaml
+++ b/kubernetes/infrastructure/cilium/networkpolicies/egress-kubeapi.yaml
@@ -2,6 +2,7 @@ apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
   name: egress-kubeapi
+  namespace: kube-system
 spec:
   endpointSelector:
     matchLabels:
diff --git a/kubernetes/apps/cilium/networkpolicies/egress-namespace.yaml b/kubernetes/infrastructure/cilium/networkpolicies/egress-namespace.yaml
similarity index 90%
rename from kubernetes/apps/cilium/networkpolicies/egress-namespace.yaml
rename to kubernetes/infrastructure/cilium/networkpolicies/egress-namespace.yaml
index 7173deb..b4a7b3c 100644
--- a/kubernetes/apps/cilium/networkpolicies/egress-namespace.yaml
+++ b/kubernetes/infrastructure/cilium/networkpolicies/egress-namespace.yaml
@@ -2,6 +2,7 @@ apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
   name: egress-namespace
+  namespace: kube-system
 spec:
   endpointSelector:
     matchLabels:
diff --git a/kubernetes/apps/cilium/networkpolicies/egress-nodes.yaml b/kubernetes/infrastructure/cilium/networkpolicies/egress-nodes.yaml
similarity index 90%
rename from kubernetes/apps/cilium/networkpolicies/egress-nodes.yaml
rename to kubernetes/infrastructure/cilium/networkpolicies/egress-nodes.yaml
index 08bb2fa..c29203d 100644
--- a/kubernetes/apps/cilium/networkpolicies/egress-nodes.yaml
+++ b/kubernetes/infrastructure/cilium/networkpolicies/egress-nodes.yaml
@@ -2,6 +2,7 @@ apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
   name: egress-nodes
+  namespace: kube-system
 spec:
   endpointSelector:
     matchLabels:
diff --git a/kubernetes/apps/cilium/networkpolicies/egress-world-with-lan.yaml b/kubernetes/infrastructure/cilium/networkpolicies/egress-world-with-lan.yaml
similarity index 91%
rename from kubernetes/apps/cilium/networkpolicies/egress-world-with-lan.yaml
rename to kubernetes/infrastructure/cilium/networkpolicies/egress-world-with-lan.yaml
index 0b55a55..57e9e3b 100644
--- a/kubernetes/apps/cilium/networkpolicies/egress-world-with-lan.yaml
+++ b/kubernetes/infrastructure/cilium/networkpolicies/egress-world-with-lan.yaml
@@ -2,6 +2,7 @@ apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
   name: egress-world-with-lan
+  namespace: kube-system
 spec:
   endpointSelector:
     matchLabels:
diff --git a/kubernetes/apps/cilium/networkpolicies/egress-world.yaml b/kubernetes/infrastructure/cilium/networkpolicies/egress-world.yaml
similarity index 93%
rename from kubernetes/apps/cilium/networkpolicies/egress-world.yaml
rename to kubernetes/infrastructure/cilium/networkpolicies/egress-world.yaml
index f2c2845..af78575 100644
--- a/kubernetes/apps/cilium/networkpolicies/egress-world.yaml
+++ b/kubernetes/infrastructure/cilium/networkpolicies/egress-world.yaml
@@ -2,6 +2,7 @@ apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
   name: egress-world
+  namespace: kube-system
 spec:
   endpointSelector:
     matchLabels:
diff --git a/kubernetes/apps/cilium/networkpolicies/ingress-namespace.yaml b/kubernetes/infrastructure/cilium/networkpolicies/ingress-namespace.yaml
similarity index 90%
rename from kubernetes/apps/cilium/networkpolicies/ingress-namespace.yaml
rename to kubernetes/infrastructure/cilium/networkpolicies/ingress-namespace.yaml
index f479a7f..6922846 100644
--- a/kubernetes/apps/cilium/networkpolicies/ingress-namespace.yaml
+++ b/kubernetes/infrastructure/cilium/networkpolicies/ingress-namespace.yaml
@@ -2,6 +2,7 @@ apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
   name: ingress-namespace
+  namespace: kube-system
 spec:
   endpointSelector:
     matchLabels:
diff --git a/kubernetes/apps/cilium/networkpolicies/ingress-nginx.yaml b/kubernetes/infrastructure/cilium/networkpolicies/ingress-nginx.yaml
similarity index 96%
rename from kubernetes/apps/cilium/networkpolicies/ingress-nginx.yaml
rename to kubernetes/infrastructure/cilium/networkpolicies/ingress-nginx.yaml
index 4729f28..fdd215f 100644
--- a/kubernetes/apps/cilium/networkpolicies/ingress-nginx.yaml
+++ b/kubernetes/infrastructure/cilium/networkpolicies/ingress-nginx.yaml
@@ -2,6 +2,7 @@ apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
   name: ingress-ingress
+  namespace: ingress-nginx
 spec:
   endpointSelector:
     matchLabels:
@@ -35,6 +36,7 @@ apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
   name: egress-ingress
+  namespace: ingress-nginx
 spec:
   endpointSelector:
     matchLabels:
diff --git a/kubernetes/apps/cilium/networkpolicies/ingress-nodes.yaml b/kubernetes/infrastructure/cilium/networkpolicies/ingress-nodes.yaml
similarity index 91%
rename from kubernetes/apps/cilium/networkpolicies/ingress-nodes.yaml
rename to kubernetes/infrastructure/cilium/networkpolicies/ingress-nodes.yaml
index b148425..88ad767 100644
--- a/kubernetes/apps/cilium/networkpolicies/ingress-nodes.yaml
+++ b/kubernetes/infrastructure/cilium/networkpolicies/ingress-nodes.yaml
@@ -2,6 +2,7 @@ apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
   name: ingress-nodes
+  namespace: kube-system
 spec:
   endpointSelector:
     matchLabels:
diff --git a/kubernetes/apps/cilium/networkpolicies/ingress-world.yaml b/kubernetes/infrastructure/cilium/networkpolicies/ingress-world.yaml
similarity index 90%
rename from kubernetes/apps/cilium/networkpolicies/ingress-world.yaml
rename to kubernetes/infrastructure/cilium/networkpolicies/ingress-world.yaml
index 24d0ce1..6445ffe 100644
--- a/kubernetes/apps/cilium/networkpolicies/ingress-world.yaml
+++ b/kubernetes/infrastructure/cilium/networkpolicies/ingress-world.yaml
@@ -2,6 +2,7 @@ apiVersion: cilium.io/v2
 kind: CiliumClusterwideNetworkPolicy
 metadata:
   name: ingress-world
+  namespace: kube-system
 spec:
   endpointSelector:
     matchLabels:
diff --git a/kubernetes/apps/cilium/networkpolicies/local-path-provisioner.yaml b/kubernetes/infrastructure/cilium/networkpolicies/local-path-provisioner.yaml
similarity index 100%
rename from kubernetes/apps/cilium/networkpolicies/local-path-provisioner.yaml
rename to kubernetes/infrastructure/cilium/networkpolicies/local-path-provisioner.yaml
diff --git a/kubernetes/infrastructure/kustomization.yaml b/kubernetes/infrastructure/kustomization.yaml
index cff8667..b3b4416 100644
--- a/kubernetes/infrastructure/kustomization.yaml
+++ b/kubernetes/infrastructure/kustomization.yaml
@@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./repositories/repositories.yaml
+  - ./cilium/cilium.yaml