diff --git a/argocd/applications/garage.yaml b/argocd/applications/garage.yaml
new file mode 100644
index 0000000..0bd3310
--- /dev/null
+++ b/argocd/applications/garage.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: garage
+  namespace: argocd
+spec:
+  project: k-space.ee
+  sources:
+    - repoURL: https://git.deuxfleurs.fr/Deuxfleurs/garage.git
+      targetRevision: main-v2
+      path: script/helm/garage
+      helm:
+        releaseName: garage
+        valueFiles:
+          - $values/garage/values.yaml
+    - repoURL: 'git@git.k-space.ee:k-space/kube.git'
+      targetRevision: HEAD
+      ref: values
+  destination:
+    server: 'https://kubernetes.default.svc'
+    namespace: garage
+  syncPolicy:
+    automated:
+      prune: true
+    syncOptions:
+    - CreateNamespace=true      
\ No newline at end of file
diff --git a/garage/values.yaml b/garage/values.yaml
new file mode 100644
index 0000000..fc2b69a
--- /dev/null
+++ b/garage/values.yaml
@@ -0,0 +1,260 @@
+# Default values for garage.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# -- Additional labels to add to all resources created by this chart
+commonLabels: {}
+#   app.kubernetes.io/part-of: storage
+#   team: platform
+
+# Garage configuration. These values go to garage.toml
+garage:
+  # -- Can be changed for better performance on certain systems
+  # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#db_engine
+  dbEngine: "lmdb"
+
+  # -- Defaults is 1MB
+  # An increase can result in better performance in certain scenarios
+  # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#block_size
+  blockSize: "1048576"
+
+  # -- Default to 3 replicas, see the replication_factor section at
+  # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#replication_factor
+  replicationFactor: "1"
+
+  # -- By default, enable read-after-write consistency guarantees, see the consistency_mode section at
+  # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#consistency_mode
+  consistencyMode: "consistent"
+
+  # -- zstd compression level of stored blocks
+  # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#compression_level
+  compressionLevel: "1"
+
+  # -- If this value is set, Garage will automatically take a snapshot of the metadata DB file at a regular interval and save it in the metadata directory.
+  # https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/#metadata_auto_snapshot_interval
+  metadataAutoSnapshotInterval: ""
+
+  rpcBindAddr: "[::]:3901"
+  # -- If not given, a random secret will be generated and stored in a Secret object
+  rpcSecret: ""
+  # -- If you want to provide an rpcSecret within an existing k8s secret,
+  # specify the secret name here, and store the value under the secret key `rpcSecret`
+  # the default secret will not be created
+  existingRpcSecret: ""
+  # -- This is not required if you use the integrated kubernetes discovery
+  bootstrapPeers: []
+  # -- Set to true if you want to use k8s discovery but install the CRDs manually outside
+  # of the helm chart, for example if you operate at namespace level without cluster ressources
+  kubernetesSkipCrd: false
+  s3:
+    api:
+      region: "garage"
+      rootDomain: ".s3.garage.k-space.ee"
+    web:
+      rootDomain: ".web.garage.k-space.ee"
+      index: "index.html"
+
+  # -- Additional configuration to append to garage.toml. Use a multi-line string for custom config.
+  # Example:
+  #  additionalTopLevelConfig: |-
+  #    data_fsync = true
+  additionalTopLevelConfig: ""
+
+  # -- if not empty string, allow using an existing ConfigMap for the garage.toml,
+  # if set, ignores garage.toml
+  existingConfigMap: ""
+
+  # -- String Template for the garage configuration
+  # if set, ignores above values.
+  # Values can be templated,
+  # see https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
+  garageTomlString: ""
+
+# Data persistence
+persistence:
+  enabled: true
+  meta:
+    storageClass: "ceph-rbd"
+    size: 10Gi
+    # used only for daemon sets
+    hostPath: /var/lib/garage/meta
+  data:
+    storageClass: "hdd-ceph"
+    size: 3Ti
+    # used only for daemon sets
+    hostPath: /var/lib/garage/data
+
+# Deployment configuration
+deployment:
+  # -- Switchable to DaemonSet
+  kind: StatefulSet
+  # -- Number of StatefulSet replicas/garage nodes to start
+  replicaCount: 1
+  # -- If using statefulset, allow Parallel or OrderedReady (default)
+  podManagementPolicy: OrderedReady
+
+image:
+  # -- default to amd64 docker image
+  repository: dxflrs/amd64_garage
+  # -- set the image tag, please prefer using the chart version and not this
+  # to avoid compatibility issues
+  tag: ""
+  pullPolicy: IfNotPresent
+
+initImage:
+  repository: busybox
+  tag: stable
+  pullPolicy: IfNotPresent
+
+# -- set if you need credentials to pull your custom image
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # -- Specifies whether a service account should be created
+  create: true
+  # -- Annotations to add to the service account
+  annotations: {}
+  # -- The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+# -- additonal pod annotations
+podAnnotations: {}
+
+podSecurityContext:
+  runAsUser: 1000
+  runAsGroup: 1000
+  fsGroup: 1000
+  fsGroupChangePolicy: "OnRootMismatch"
+  runAsNonRoot: true
+
+securityContext:
+  # -- The default security context is heavily restricted,
+  # feel free to tune it to your requirements
+  capabilities:
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
+
+service:
+  # -- You can rely on any service to expose your cluster
+  # - ClusterIP (+ Ingress)
+  # - NodePort (+ Ingress)
+  # - LoadBalancer
+  type: ClusterIP
+  # -- Annotations to add to the service
+  annotations: {}
+  s3:
+    api:
+      port: 3900
+    web:
+      port: 3902
+    # NOTE: the admin API is excluded for now as it is not consistent across nodes
+
+ingress:
+  s3:
+    api:
+      enabled: true
+      # -- Rely _either_ on the className or the annotation below but not both!
+      # If you want to use the className, set
+      # className: "nginx"
+      # and replace "nginx" by an Ingress controller name,
+      # examples [here](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers).
+      annotations:
+        kubernetes.io/ingress.class: traefik
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
+      labels: {}
+      hosts:
+        # -- garage S3 API endpoint, to be used with awscli for example
+        - host: "garage.k-space.ee"
+          paths:
+            - path: /
+              pathType: Prefix
+        # -- garage S3 API endpoint, DNS style bucket access
+        - host: "*.garage.k-space.ee"
+          paths:
+            - path: /
+              pathType: Prefix
+      tls:
+        - hosts:
+            - "*.k-space.ee"
+    web:
+      enabled: true
+      # -- Rely _either_ on the className or the annotation below but not both!
+      # If you want to use the className, set
+      # className: "nginx"
+      # and replace "nginx" by an Ingress controller name,
+      # examples [here](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers).
+      annotations:
+        kubernetes.io/ingress.class: traefik
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        external-dns.alpha.kubernetes.io/target: traefik.k-space.ee
+      labels: {}
+      hosts:
+      # --  wildcard website access with bucket name prefix
+       - host: "garage-web.k-space.ee"
+         paths:
+           - path: /
+             pathType: Prefix
+      tls:
+        - hosts:
+            - "*.k-space.ee"
+
+resources: {}
+  # The following are indicative for a small-size deployement, for anything serious double them.
+  # limits:
+  #   cpu: 100m
+  #   memory: 1024Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 512Mi
+
+# -- Specifies a livenessProbe
+livenessProbe: {}
+  #httpGet:
+  #  path: /health
+  #  port: 3903
+  #initialDelaySeconds: 5
+  #periodSeconds: 30
+# -- Specifies a readinessProbe
+readinessProbe: {}
+  #httpGet:
+  #  path: /health
+  #  port: 3903
+  #initialDelaySeconds: 5
+  #periodSeconds: 30
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+environment: {}
+
+extraVolumes: {}
+
+extraVolumeMounts: {}
+
+monitoring:
+  metrics:
+    # -- If true, a service for monitoring is created with a prometheus.io/scrape annotation
+    enabled: true
+    serviceMonitor:
+      # -- If true, a ServiceMonitor CRD is created for a prometheus operator
+      # https://github.com/coreos/prometheus-operator
+      enabled: false
+      path: /metrics
+      #  namespace: monitoring  (defaults to use the namespace this chart is deployed to)
+      labels: {}
+      interval: 15s
+      scheme: http
+      tlsConfig: {}
+      scrapeTimeout: 10s
+      relabelings: []
+  tracing:
+    # -- specify a sink endpoint for OpenTelemetry Traces, eg. `http://localhost:4317`
+    sink: ""