diff --git a/traefik/helm-values.yaml b/traefik/helm-values.yaml
index f75b8d1..72259e5 100644
--- a/traefik/helm-values.yaml
+++ b/traefik/helm-values.yaml
@@ -32,7 +32,10 @@ spec:
     # API 활성화 (Dashboard에서 필요)
     api:
       dashboard: true
-      insecure: false
+
+    # CLI 추가 인자 (insecure는 helm values에 없어서 직접 추가)
+    additionalArguments:
+      - "--api.insecure=true"
 
     # ports 설정
     ports:
diff --git a/traefik/ingress.yaml b/traefik/ingress.yaml
index 123a476..8c7258d 100644
--- a/traefik/ingress.yaml
+++ b/traefik/ingress.yaml
@@ -1,25 +1,64 @@
-apiVersion: networking.k8s.io/v1
-kind: Ingress
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
 metadata:
-  name: traefik-dashboard-ingress
+  name: traefik-dashboard-route
   namespace: kube-system
-  annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
 spec:
-  ingressClassName: traefik
+  entryPoints:
+    - websecure
+  routes:
+    # Dashboard UI - Authelia 인증 필요
+    - match: Host(`traefik0213.kro.kr`) && PathPrefix(`/dashboard`)
+      kind: Rule
+      services:
+        - name: api@internal
+          kind: TraefikService
+      middlewares:
+        - name: authelia-auth
+          namespace: authelia
+    # API - Authelia bypass (dashboard 내부 호출용)
+    - match: Host(`traefik0213.kro.kr`) && PathPrefix(`/api`)
+      kind: Rule
+      services:
+        - name: api@internal
+          kind: TraefikService
+    # Root redirect to dashboard
+    - match: Host(`traefik0213.kro.kr`) && Path(`/`)
+      kind: Rule
+      services:
+        - name: api@internal
+          kind: TraefikService
+      middlewares:
+        - name: authelia-auth
+          namespace: authelia
   tls:
-  - hosts:
-    - traefik0213.kro.kr
     secretName: traefik-dashboard-tls
-  rules:
-  - host: traefik0213.kro.kr
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: traefik
-            port:
-              number: 8080
+---
+# HTTP to HTTPS redirect
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: traefik-dashboard-http
+  namespace: kube-system
+spec:
+  entryPoints:
+    - web
+  routes:
+    - match: Host(`traefik0213.kro.kr`)
+      kind: Rule
+      services:
+        - name: api@internal
+          kind: TraefikService
+      middlewares:
+        - name: redirect-to-https
+          namespace: kube-system
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: redirect-to-https
+  namespace: kube-system
+spec:
+  redirectScheme:
+    scheme: https
+    permanent: true