diff --git a/kubernetes/raspberry/network/kustomization.yaml b/kubernetes/raspberry/network/kustomization.yaml
index a42e67cf..85361bcd 100644
--- a/kubernetes/raspberry/network/kustomization.yaml
+++ b/kubernetes/raspberry/network/kustomization.yaml
@@ -8,3 +8,4 @@ resources:
   - ./ingress-nginx/ks.yaml
   - ./k8s-gateway/ks.yaml
   - ./namespace.yaml
+  - ./unifi-controller/ks.yaml
diff --git a/kubernetes/raspberry/network/unifi-controller/app/helmrelease.yaml b/kubernetes/raspberry/network/unifi-controller/app/helmrelease.yaml
new file mode 100644
index 00000000..7c7225ff
--- /dev/null
+++ b/kubernetes/raspberry/network/unifi-controller/app/helmrelease.yaml
@@ -0,0 +1,126 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: &app unifi-controller
+  namespace: network
+spec:
+  interval: 1h
+  timeout: 15m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  maxHistory: 3
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  uninstall:
+    keepHistory: false
+  values:
+    controllers:
+      unifi:
+        annotations:
+          reloader.stakater.com/auto: "true"
+        pod:
+          nodeSelector:
+            disktype: ssd
+        containers:
+          app:
+            image:
+              repository: jacobalberty/unifi
+              tag: v8.5.6@sha256:fb92425531a7dc40194668315082bb79c217417de6074127793a7e84c1d60fe8
+              pullPolicy: IfNotPresent
+            env:
+              DEBUG: "true"
+              JVM_MAX_HEAP_SIZE: 1024M
+              RUNAS_UID0: "false"
+              TZ: ${TIMEZONE}
+              UNIFI_GID: "999"
+              UNIFI_STDOUT: "true"
+              UNIFI_UID: "999"
+            resources:
+              requests:
+                memory: 2Gi
+                cpu: 50m
+    service:
+      app:
+        controller: unifi
+        type: LoadBalancer
+        externalTrafficPolicy: Cluster
+        loadBalancerIP: "192.168.0.34"
+        annotations:
+          io.cilium/lb-ipam-ips: "192.168.0.34"
+          io.cilium/lb-ipam-sharing-key: unifi
+        ports:
+          http:
+            port: 8443
+            protocol: HTTPS
+          controller:
+            enabled: true
+            port: 8080
+            protocol: TCP
+          portal-http:
+            enabled: false
+            port: 8880
+            protocol: HTTP
+          portal-https:
+            enabled: false
+            port: 8843
+            protocol: HTTPS
+          speedtest:
+            enabled: true
+            port: 6789
+            protocol: TCP
+          stun:
+            enabled: true
+            port: 3478
+            protocol: UDP
+          syslog:
+            enabled: true
+            port: 5514
+            protocol: UDP
+          discovery:
+            enabled: true
+            port: 10001
+            protocol: UDP
+    ingress:
+      app:
+        enabled: true
+        className: internal
+        annotations:
+          gethomepage.dev/enabled: "true"
+          gethomepage.dev/name: Unifi
+          gethomepage.dev/group: Network
+          gethomepage.dev/icon: unifi.png
+          nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+        hosts:
+          - host: &host unifi.${SECRET_DOMAIN}
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+        tls:
+          - hosts:
+              - *host
+    persistence:
+      data:
+        enabled: true
+        type: persistentVolumeClaim
+        accessMode: ReadWriteOnce
+        size: 4Gi
+        advancedMounts:
+          unifi:
+            app:
+              - path: /unifi/data
diff --git a/kubernetes/raspberry/network/unifi-controller/app/kustomization.yaml b/kubernetes/raspberry/network/unifi-controller/app/kustomization.yaml
new file mode 100644
index 00000000..dbc604ed
--- /dev/null
+++ b/kubernetes/raspberry/network/unifi-controller/app/kustomization.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - helmrelease.yaml
diff --git a/kubernetes/raspberry/network/unifi-controller/ks.yaml b/kubernetes/raspberry/network/unifi-controller/ks.yaml
new file mode 100644
index 00000000..e7fa37c5
--- /dev/null
+++ b/kubernetes/raspberry/network/unifi-controller/ks.yaml
@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app unifi-controller
+  namespace: flux-system
+spec:
+  targetNamespace: network
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/raspberry/network/unifi-controller/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: flux-system
+  wait: true
+  interval: 1h
+  retryInterval: 1m
+  timeout: 5m