diff --git a/talos-k8s-flux/clusters/t8s-demo/install/cert-manager.yaml b/talos-k8s-flux/clusters/t8s-demo/install/cert-manager.yaml
new file mode 100644
index 0000000..db49f18
--- /dev/null
+++ b/talos-k8s-flux/clusters/t8s-demo/install/cert-manager.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: cert-manager
+  labels:
+    app.kubernetes.io/component: cert-manager
+    pod-security.kubernetes.io/enforce: privileged
+---
+
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: flux-system
+spec:
+  interval: 1h
+  targetNamespace: cert-manager
+  chart:
+    spec:
+      chart: cert-manager
+      version: v1.18.0
+      sourceRef:
+        kind: HelmRepository
+        name: jetstack-repo
+        namespace: flux-system
+      interval: 60m
+  values:
+    crds:
+      enabled: true
diff --git a/talos-k8s-flux/clusters/t8s-demo/kustomization.yaml b/talos-k8s-flux/clusters/t8s-demo/kustomization.yaml
index 16bfe5a..06ca11d 100644
--- a/talos-k8s-flux/clusters/t8s-demo/kustomization.yaml
+++ b/talos-k8s-flux/clusters/t8s-demo/kustomization.yaml
@@ -4,6 +4,7 @@ resources:
 - gotk-components.yaml
 - gotk-sync.yaml
 
+- ../../soft/jetstack.yaml
 - ../../soft/piraeus.yaml
 - ../../soft/cpng.yaml
 - ../../soft/ingress-nginx.yaml
@@ -20,6 +21,7 @@ resources:
 
 # - install/piraeus.yaml
 # - install/nfs-provisioner.yaml
+- install/cert-manager.yaml
 - install/ingress-nginx.yaml
 - install/metrics-server.yaml
 # - install/monitoring.yaml
diff --git a/talos-k8s-flux/soft/jetstack.yaml b/talos-k8s-flux/soft/jetstack.yaml
new file mode 100644
index 0000000..4730b75
--- /dev/null
+++ b/talos-k8s-flux/soft/jetstack.yaml
@@ -0,0 +1,9 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: jetstack-repo
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://charts.jetstack.io
+---