diff --git a/config.yml b/config.yml
index a471bd9..2a462ba 100644
--- a/config.yml
+++ b/config.yml
@@ -1,8 +1,10 @@
 all:
   vars:
     api_endpoint: "{{ hostvars[groups['server'][0]]['ansible_host'] | default(groups['server'][0]) }}"
+
     cert_manager_state: present
     cert_manager_version: v1.18.2
+
     letsencrypt_clusterissuers:
       staging:
         server: https://acme-staging-v02.api.letsencrypt.org/directory
@@ -10,6 +12,7 @@ all:
       prod:
         server: https://acme-v02.api.letsencrypt.org/directory
         email: "{{ vault_letsencrypt_issuer_email }}"
+
     gitea_chart_version: 12.3.0
     gitea_state: present
     gitea_host: gitea.nehrke.info
@@ -20,6 +23,13 @@ all:
     gitea_admin_password: "{{ vault_gitea_admin_password }}"
     gitea_admin_email: "{{ vault_gitea_admin_email }}"
 
+    concourse_state: present
+    concourse_chart_version: 19.0.2
+    concourse_certificate_issuer: letsencrypt-prod
+    concourse_host: ci.nehrke.info
+    concourse_local_users: "{{ vault_concourse_local_users }}"
+    concourse_worker_replicas: 2
+
 k3s_cluster:
   vars:
     ansible_user: root
diff --git a/roles/k8s-setup/defaults/main.yml b/roles/k8s-setup/defaults/main.yml
index 71b0eb9..db3f33a 100644
--- a/roles/k8s-setup/defaults/main.yml
+++ b/roles/k8s-setup/defaults/main.yml
@@ -1,6 +1,8 @@
 cert_manager_state: present
 cert_manager_version: v1.18.2
+
 letsencrypt_clusterissuers: {}
+
 gitea_chart_version: 12.3.0
 gitea_state: present
 gitea_image_rootless: False
@@ -9,3 +11,8 @@ gitea_image: gitea-for-nehrke-info
 gitea_image_tag: latest
 gitea_image_registry: docker.nehrke.info
 
+concourse_chart_version: 19.0.2
+concourse_state: present
+concourse_namespace: concourse
+concourse_local_users: {}
+concourse_worker_replicas: 2
diff --git a/roles/k8s-setup/tasks/_concourse.yml b/roles/k8s-setup/tasks/_concourse.yml
new file mode 100644
index 0000000..d0ed215
--- /dev/null
+++ b/roles/k8s-setup/tasks/_concourse.yml
@@ -0,0 +1,45 @@
+- name: Ensure concourse namespace
+  kubernetes.core.k8s:
+    state: "{{ concourse_state }}"
+    definition:
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: "{{ concourse_namespace }}"
+        labels:
+          name: "{{ concourse_namespace }}"
+
+- name: Deploy concourse {{ concourse_chart_version }}
+  kubernetes.core.helm:
+    name: concourse
+    chart_ref: concourse
+    chart_version: "{{ concourse_chart_version }}"
+    chart_repo_url: https://concourse-charts.storage.googleapis.com/
+    release_namespace: "{{ concourse_namespace }}"
+    release_state: "{{ concourse_state }}"
+    values:
+      concourse:
+        web:
+          kubernetes:
+            keepNamespaces: False
+          externalUrl: "https://{{ concourse_host }}"
+          enableResourceCausality: True
+      secrets:
+        localUsers: "{{ concourse_local_users.items() | map('join', ':') | join(',') }}"
+      worker:
+        replicas: "{{ concourse_worker_replicas }}"
+      web:
+        env:
+        - name: CONCOURSE_MAIN_TEAM_LOCAL_USER
+          value: "{{ concourse_local_users.keys() | join(',') }}"
+        ingress:
+          enabled: True
+          annotations:
+            cert-manager.io/cluster-issuer: "{{ concourse_certificate_issuer }}"
+            traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
+          hosts:
+          - "{{ concourse_host }}"
+          tls:
+          - hosts:
+            - "{{ concourse_host }}"
+            secretName: concourse-tls
diff --git a/roles/k8s-setup/tasks/main.yml b/roles/k8s-setup/tasks/main.yml
index 21b42d8..1827469 100644
--- a/roles/k8s-setup/tasks/main.yml
+++ b/roles/k8s-setup/tasks/main.yml
@@ -9,3 +9,9 @@
   - k8s
   - gitea
   import_tasks: _gitea.yml
+
+- name: Ensure concourse
+  tags:
+  - k8s
+  - concourse
+  import_tasks: _concourse.yml
diff --git a/vault.yml b/vault.yml
index efa44f3..749de7d 100644
--- a/vault.yml
+++ b/vault.yml
@@ -1,28 +1,34 @@
 $ANSIBLE_VAULT;1.1;AES256
-39303138313831326563376436343965396439393734663935616232353733363761393462326365
-3536323339393332643863313535643563373062646262320a333937363761353564353339323166
-35623732646630636234643531616361643534653461626466353262346137636432366436333732
-3232663239643535640a393537623336643033646331363130646635636534333864353237646236
-65313232633034643938316333346234636561316465643434663365613733396662376536616530
-37343939336437363663373432643734303236663438303039366337323734336133306137333330
-39356139393462343966316462623363396434323733333030363131393564346361396236343636
-62356431353138613264643630613265396235646233316166313163303263356664333866303261
-64623133646264633330363537396132326236636363353232653564613530316231306435333766
-37343235623965663236333135396334366434653061313237323564643464386533313632396237
-65373837393132316163383435326366383637653935643138393437326133363834303333323438
-64306534363939356439656231346533346432323633666464356132303664326137653930386530
-65303734653362343332356238383139656139626161383130313434613738633762656130346163
-33373166363266343730616231626437383832396139636639363636396565373932323338333466
-64383631316130613331376230353063396266636632653030323436386264656334316463386137
-64383836653935623938336239313638653165396232363766373330323037383930393962636536
-64356638353234303964306335633064626562646639393338663462346632333833646261326438
-62626539623033393065343365633539363962613935363634383530333262636333353830626330
-62343763393037353732643339353164353664633565313962653039643861353465326139663766
-61393666623866376462323636303232366363633861633436313234353461643066396561663262
-39616465353136343761396334373230663737616464646130616136313835323164633032396531
-34643034373237613162366665646366313332636531303231643666313931663532366330366339
-66363637393463326533666335366232666561323539336365326237376661653130613166396238
-61643163636531326232653031646536326239343261363533336230646534376362363734343936
-34613465343332343764383965386564393133643232323237656639373837656430313962636131
-61363131363637613235613832303161623666666361613136376537373131373461316233366330
-663934313536643162623337623938653163
+64306466396434313937333231373533323666666539383665396632616433396564643461333638
+6666613265323262323537393664643630323064343531660a653632656663626562313065373539
+34646534373034346135356638613133326138353836666633353064626665353363613533636436
+3932653939613939350a623130646362633864313034356164626230336538633637383431656661
+62313161353734633137656163346137343131393865306162613832613239393464396638623936
+63343565396162616466303130636131346530353134656163663762383630336365326630313063
+63396661613465633264336337373434623533303662373031303731346535353164663862613035
+32663662336362393665323832643561313164326232653538396364643737306536623030313061
+64346133323664356539643538346233643766316439373339323463333833346662666539393237
+37643965636536376634626133663537363935653438383636306331663734376130343461376138
+63663930643363373765393931366130626264653735393731383864366430386335373165326637
+37303635333239373634383739316539313263326363643534656137386138313130343766366231
+66636337613030386536316631626630343264663464383530316135323165303963653530613631
+37303536323366396231373030306233323866323166376639386661643565373162303762353735
+63623834343037633137363264323864393066373831363139363333353034633534343432306337
+61396537383136303933626635643932636562383034306238333230393038313532636335626534
+61393131653933656165393930336265346564653966303533616536346636343463656663323564
+32306561303165383963326139363639623361613634343836316232333939646137626465383438
+32653431616132373365356366643633303232656137613463623764303931363433323038643331
+64636239393630373866323031373464373564396466313362623838623832376165386162383133
+30616134393063646331303465373730663165633464366166303661666338336461643431316363
+35313132636538396464623361333037633530376137386364663535313138353537316536343032
+38316661666232373738363636316162626330353130613436366131363362653034313537393133
+37393264366633346430396661366636343562353137663835303032646631393461366338633964
+36643063383530396237333365663061313439353666656665373263313634643832393563336336
+38386263313737336432363637626266373937323536323965343237306530633362383735393036
+62353437323037313337383861343134343663323739386536333230393933643263353536323338
+61643365326136383031656364343637326561373536383464383136366333343332326232396235
+61386335316138396535336161333437346137616366356330386331393335323734666439666134
+63313131383164393138323736656265626333323566336164393263343633363965666432363232
+66303936643136623366346664666362313035326136383365366163333865353534666664666462
+33326531346364353734336434653538323265656163366634353334306630623366623633393331
+6563