diff --git a/crafty/deployment.yaml b/crafty/deployment.yaml
index 59ee474..c58b342 100644
--- a/crafty/deployment.yaml
+++ b/crafty/deployment.yaml
@@ -17,6 +17,25 @@ spec:
       labels:
         app: crafty
     spec:
+      securityContext:
+        fsGroup: 0
+      initContainers:
+      - name: init-permissions
+        image: busybox:latest
+        command: ['sh', '-c', 'chown -R 1000:0 /crafty && chmod -R g+rwX /crafty']
+        volumeMounts:
+        - name: backups
+          mountPath: /crafty/backups
+        - name: logs
+          mountPath: /crafty/logs
+        - name: servers
+          mountPath: /crafty/servers
+        - name: config
+          mountPath: /crafty/app/config
+        - name: import
+          mountPath: /crafty/import
+        securityContext:
+          runAsUser: 0
       containers:
       - name: crafty
         image: registry.gitlab.com/crafty-controller/crafty-4:latest
diff --git a/crafty/ingress.yaml b/crafty/ingress.yaml
index 889a639..4c1cbbf 100644
--- a/crafty/ingress.yaml
+++ b/crafty/ingress.yaml
@@ -6,6 +6,8 @@ metadata:
   annotations:
     cert-manager.io/cluster-issuer: "letsencrypt-prod"
     traefik.ingress.kubernetes.io/router.tls: "true"
+    traefik.ingress.kubernetes.io/service.serversscheme: "https"
+    traefik.ingress.kubernetes.io/service.serverstransport: "crafty-insecure@kubernetescrd"
 spec:
   ingressClassName: traefik
   tls:
diff --git a/crafty/kustomization.yaml b/crafty/kustomization.yaml
index 162d985..22860e7 100644
--- a/crafty/kustomization.yaml
+++ b/crafty/kustomization.yaml
@@ -5,4 +5,5 @@ resources:
   - pvc.yaml
   - deployment.yaml
   - service.yaml
+  - serverstransport.yaml
   - ingress.yaml
diff --git a/crafty/serverstransport.yaml b/crafty/serverstransport.yaml
new file mode 100644
index 0000000..afdb89f
--- /dev/null
+++ b/crafty/serverstransport.yaml
@@ -0,0 +1,7 @@
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: crafty-insecure
+  namespace: crafty
+spec:
+  insecureSkipVerify: true