diff --git a/defaults/main.yml b/defaults/main.yml
index e6b9cfd..02eb919 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,5 +1,5 @@
 my_context: kubernetes
-traefik_version: "2.6.1"
+traefik_version: "2.7.0"
 cluster_domain: "local"
 traefik_namespace: "traefik"
 traefik_service_type: LoadBalancer
@@ -12,11 +12,14 @@ traefik_service_type: LoadBalancer
 traefik_cpu_limit: 500m
 traefik_memory_limit: 300Mi
 traefik_entrypoints: []
-#    - { name: "http", port: 8000, proto: "TCP", hostport: 80 }
-#    - { name: "https", port: 4443, proto: "TCP", hostport: 443, tls: true }
+#    - { name: "http", port: 8000, proto: "TCP", hostport: 80 middlewares: ["{{ traefik_namespace }}-crowdsec-traefik-bouncer@kubernetescrd"] }
+#    - { name: "https", port: 4443, proto: "TCP", hostport: 443, tls: true middlewares: ["{{ traefik_namespace }}-crowdsec-traefik-bouncer@kubernetescrd"] }
 #    - { name: "traefik", port: 8080, proto: "TCP" }
 #traefik_external_ips: []
 #   - 1.2.3.4
 
 basic_auth: false
-#traefik_dashboard_certificate: wildcard-cluster
\ No newline at end of file
+#traefik_dashboard_certificate: wildcard-cluster
+
+crowdsec_namespace: "crowdsec"
+crowdsec_traefik_bouncer_chart_version: "0.1.0"
diff --git a/tasks/main.yml b/tasks/main.yml
index 3fa5e21..1d2a398 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -45,6 +45,31 @@
     when:
       - traefik_node_selector is defined
 
+  - name: Deploy latest version of CrowdSec Traefik bouncer
+    kubernetes.core.helm:
+      context: "{{ my_context }}"
+      name: crowdsec-traefik-bouncer
+      release_namespace: "{{ traefik_namespace }}"
+      create_namespace: yes
+      chart_ref: crowdsec/crowdsec-traefik-bouncer
+      chart_version: "{{ crowdsec_traefik_bouncer_chart_version }}"
+      values:
+        bouncer:
+          crowdsec_bouncer_api_key: "{{ traefik_crowdsec_bouncer_apikey }}"
+          crowdsec_agent_host: "crowdsec-service.{{ crowdsec_namespace }}.svc.cluster.local:8080"
+        replicaCount: 1
+        podSecurityContext:
+          fsGroup: 2000
+        securityContext:
+          capabilities:
+            drop:
+              - ALL
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          runAsUser: 1000
+    when:
+      - traefik_crowdsec_bouncer_apikey is defined
+
 #  - name: Get Deployment information object
 #    k8s_info:
 #      context: "{{ my_context }}"
diff --git a/templates/traefik-cm.yml.j2 b/templates/traefik-cm.yml.j2
index 240f225..7e4773b 100644
--- a/templates/traefik-cm.yml.j2
+++ b/templates/traefik-cm.yml.j2
@@ -19,6 +19,7 @@ data:
     #        - auth@file
     #        - secure_headers@file
     #        - crowdsec-bouncer@file
+    #        - {{ traefik_namespace }}-crowdsec-traefik-bouncer@kubernetescrd
           redirections:
             entryPoint:
               to: websecure
@@ -37,10 +38,18 @@ data:
 {% for traefik_entrypoint in traefik_entrypoints %}
       {{ traefik_entrypoint.name }}:
         address: :{{ traefik_entrypoint.port }}
-{% if traefik_entrypoint.tls is defined and traefik_entrypoint.tls|bool %}
+{% if traefik_entrypoint.tls is defined or traefik_entrypoint.middlewares is defined %}
         http:
+{% if traefik_entrypoint.middlewares is defined %}
+          middlewares:
+{% for middleware in traefik_entrypoint.middlewares %}
+            - {{ middleware }}
+{% endfor %}
+{% endif %}
+{% if traefik_entrypoint.tls is defined and traefik_entrypoint.tls|bool %}
           tls: {}
 {% endif %}
+{% endif %}
 {% endfor %}
     providers:
       kubernetesCRD:
diff --git a/templates/traefik-files.yml.j2 b/templates/traefik-files.yml.j2
index e6f4836..6f92802 100644
--- a/templates/traefik-files.yml.j2
+++ b/templates/traefik-files.yml.j2
@@ -7,14 +7,14 @@ data:
   traefik-middlewares.yaml: |
     http:
       middlewares:
-        test_chain:
+        min_security:
           chain:
             middlewares:
-              - rate-limit
               - security_headers
 {% if ingress_whitelist is defined %}
               - traefik-ipwhitelist
 {% endif %}
+              - rate-limit
               - compress
 {% if basic_auth|bool %}
               - basic-auth
@@ -41,9 +41,8 @@ data:
             stsPreload: true
             customFrameOptionsValue: "SAMEORIGIN"
             referrerPolicy: "same-origin"
-            featurePolicy: "vibrate 'self'"
+            permissionsPolicy: "vibrate 'self'"
             stsSeconds: 315360000
-            sslRedirect: true
             contentSecurityPolicy: "default-src 'self' 'unsafe-inline'"
     #        customResponseHeaders:
     #          X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex,"
@@ -84,7 +83,7 @@ data:
               - "Remote-Email"
         crowdsec-bouncer:
           forwardAuth:
-            address: "http://crowdsec-traefik-bouncer:8080/api/v1/forwardAuth
+            address: "http://crowdsec-traefik-bouncer-service/api/v1/forwardAuth"
             trustForwardHeader: true
 
   traefik-tls-defaults-options.yaml: |