diff --git a/tasks/main.yml b/tasks/main.yml
index 1d2a398..7dbcfa9 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -102,7 +102,6 @@
     kubernetes.core.helm_repository:
       name: traefik
       repo_url: "https://helm.traefik.io/traefik"
-    tags: traefik
   - name: Deploy latest version of Traefik
     kubernetes.core.helm:
       context: "{{ my_context }}"
@@ -129,4 +128,21 @@
 #      - traefik-svc.yml.j2
 #      - traefik-defaultbackend.yml.j2
 
+  - name: Defined traefik-hub repository
+    kubernetes.core.helm_repository:
+      name: traefik-hub
+      repo_url: "https://helm.traefik.io/hub"
+    when:
+      - traefik_hub_token is defined
+  - name: Deploy latest version of Traefik-hub
+    kubernetes.core.helm:
+      context: "{{ my_context }}"
+      name: hub-agent
+      chart_ref: traefik-hub/hub-agent
+      release_namespace: "{{ traefik_namespace }}"
+      values:
+        token: "{{ traefik_hub_token }}"
+    when:
+      - traefik_hub_token is defined
+
   tags: traefik
diff --git a/templates/traefik-cm.yml.j2 b/templates/traefik-cm.yml.j2
index 7e4773b..947afae 100644
--- a/templates/traefik-cm.yml.j2
+++ b/templates/traefik-cm.yml.j2
@@ -35,6 +35,14 @@ data:
     #        - crowdsec-bouncer@file
       traefik:
         address: ":9000/tcp"
+      metrics:
+        address: ":9100/tcp"
+{% if traefik_hub_token is defined %}
+      traefikhub-api:
+        address: ":9900"
+      traefikhub-tunl:
+        address: ":9901"
+{% endif%}
 {% for traefik_entrypoint in traefik_entrypoints %}
       {{ traefik_entrypoint.name }}:
         address: :{{ traefik_entrypoint.port }}
@@ -62,14 +70,18 @@ data:
         watch: true
     metrics:
       prometheus:
-        entryPoint: traefik
+        entryPoint: metrics
+        addRoutersLabels: true
     ping:
       entryPoint: traefik
     api:
       dashboard: true
+{% if traefik_hub_token is defined %}
+    hub: {}
+{% endif %}
     log:
-      level: WARN
-      format: json
+      level: ERROR
+    #  format: json
     accessLog: {}
     #accessLog:
     #  filePath: "/var/log/traefik/access.log"
@@ -81,3 +93,9 @@ data:
     ##      BackendName: keep
     ##      BackendURL: keep
     ##      FrontendName: keep
+    experimental:
+    #  kubernetesGateway: true
+      http3: true
+{% if traefik_hub_token is defined %}
+      hub: true
+{% endif %}
diff --git a/templates/traefik-helm-value.yaml.j2 b/templates/traefik-helm-value.yaml.j2
index 6207b3f..050187b 100644
--- a/templates/traefik-helm-value.yaml.j2
+++ b/templates/traefik-helm-value.yaml.j2
@@ -1,6 +1,7 @@
 # https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml
 #image:
 #  tag: "{{ traefik_version }}"
+#fullnameOverride: "{{ my_context }}"
 additionalArguments:
   - --configFile=/etc/traefik/traefik.yaml
 #podSecurityPolicy:
@@ -35,8 +36,9 @@ autoscaling:
       resource:
         name: memory
         targetAverageUtilization: 60
-{% if traefik_service_type == "NodePort" and false %}
+{% if traefik_service_type == "NodePort" or traefik_hub_token is defined %}
 ports:
+{% if traefik_service_type == "NodePort" and false %}
   web:
 #    redirectTo: websecure
 #    hostPort: 80
@@ -48,6 +50,14 @@ ports:
 #      enabled: true
 #      options: default
 {% endif %}
+{% if traefik_hub_token is defined %}
+  traefikhub-tunl:
+    port: 9901
+    expose: true
+    exposedPort: 9901
+    protocol: "TCP"
+{% endif %}
+{% endif %}
 volumes:
   - mountPath: /etc/traefik
     name: traefik-conf
@@ -61,7 +71,7 @@ volumes:
 deployment:
   replicas: 1
   podAnnotations: 
-    prometheus.io/port: '9000'
+    prometheus.io/port: '9100'
     prometheus.io/scrape: 'true'
 experimental:
   http3:
@@ -70,3 +80,7 @@ experimental:
     enabled: true
   kubernetesGateway:
     enabled: false
+{% if traefik_hub_token is defined %}
+  hub:
+    enabled: true
+{% endif %}