diff --git a/defaults/main.yml b/defaults/main.yml
index bf17a26..fad378a 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,6 +1,6 @@
 my_context: kubernetes
-traefik_version: "3.1.4"
-traefik_helm_chart_version: "31.1.1"
+traefik_version: "3.0.4"
+traefik_helm_chart_version: "28.0.0"
 cluster_domain: "local"
 traefik_namespace: "traefik"
 traefik_service_type: LoadBalancer
diff --git a/tasks/main.yml b/tasks/main.yml
index 07f176b..d103949 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -106,9 +106,6 @@
       kubernetes.core.helm_repository:
         name: traefik
         repo_url: "https://helm.traefik.io/traefik"
-#    - name: show templating results
-#      ansible.builtin.debug:
-#        msg: "{{ lookup('ansible.builtin.template', 'traefik-helm-value.yaml.j2') }}"
     - name: Deploy latest version of Traefik
       kubernetes.core.helm:
         context: "{{ my_context }}"
@@ -116,7 +113,6 @@
         chart_ref: traefik/traefik
         chart_version: "{{ traefik_helm_chart_version }}"
         release_namespace: "{{ traefik_namespace }}"
-        create_namespace: true
         values: "{{ lookup('template', 'traefik-helm-value.yaml.j2') | from_yaml }}"
 
     - name: Install traefik configuration
@@ -126,9 +122,8 @@
         namespace: '{{ traefik_namespace }}'
 #        merge_type: merge
         apply: true
-        resource_definition: "{{ lookup('template', item) | from_yaml_all }}"
+        resource_definition: "{{ lookup('template', item) | from_yaml }}"
       with_items:
-        - default-network-dns-policy.yaml.j2
 #        - "{{ lookup('vars', 'traefik_' + traefik_version | regex_replace('[.]','_') + '_list') }}"
         - traefik-certificate.yml.j2
         - traefik-cm.yml.j2
diff --git a/templates/default-network-dns-policy.yaml.j2 b/templates/default-network-dns-policy.yaml.j2
deleted file mode 100644
index 185500e..0000000
--- a/templates/default-network-dns-policy.yaml.j2
+++ /dev/null
@@ -1,46 +0,0 @@
-kind: NetworkPolicy
-apiVersion: networking.k8s.io/v1
-metadata:
-  name: intra-namespace
-spec:
-  podSelector: {}
-  ingress:
-    - from:
-      - namespaceSelector:
-          matchLabels:
-            name: {{ traefik_namespace }}
-
-#---
-#apiVersion: networking.k8s.io/v1
-#kind: NetworkPolicy
-#metadata:
-#  name: allow-dns-access
-#spec:
-#  podSelector:
-#    matchLabels: {}
-#  policyTypes:
-#  - Egress
-#  egress:
-#  - to:
-#    - namespaceSelector:
-#        matchLabels:
-#          kubernetes.io/metadata.name: kube-system
-#      podSelector:
-#        matchLabels:
-#          k8s-app: kube-dns
-#    ports:
-#    - protocol: UDP
-#      port: 53
----
-apiVersion: networking.k8s.io/v1
-kind: NetworkPolicy
-metadata:
-  name: allow-all-traefik-v121-ingress
-spec:
-  podSelector:
-    matchLabels:
-      app.kubernetes.io/name: traefik
-  ingress:
-  - {}
-  policyTypes:
-  - Ingress
diff --git a/templates/traefik-helm-value.yaml.j2 b/templates/traefik-helm-value.yaml.j2
index c1d6b71..ee066b4 100644
--- a/templates/traefik-helm-value.yaml.j2
+++ b/templates/traefik-helm-value.yaml.j2
@@ -140,10 +140,11 @@ metrics:
 #             severity: warning
 #           annotations:
 #             summary: "Traefik Down"
-#             description: "{% raw %}{{ $labels.pod }} on {{ $labels.nodename }} is down{% endraw %}"
+#             description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
 experimental:
-{% if traefik_ondemand is defined %}
   plugins:
+    enabled: true
+{% if traefik_ondemand is defined %}
     sablier:
       moduleName: "github.com/acouvreur/sablier"
       version: "v1.7.0"
@@ -154,10 +155,3 @@ experimental:
   hub:
     enabled: true
 {% endif %}
-securityContext:
-  allowPrivilegeEscalation: false
-  capabilities:
-    drop: [ALL]
-  readOnlyRootFilesystem: true
-  seccompProfile: 
-    type: RuntimeDefault
diff --git a/templates/traefik-ingressroute.yml.j2 b/templates/traefik-ingressroute.yml.j2
index 93c07e5..22000cc 100644
--- a/templates/traefik-ingressroute.yml.j2
+++ b/templates/traefik-ingressroute.yml.j2
@@ -1,4 +1,4 @@
-apiVersion: traefik.io/v1alpha1
+apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
   name: traefik
diff --git a/templates/traefik-ondemand-plugin.yml.j2 b/templates/traefik-ondemand-plugin.yml.j2
index 0a0aba5..59c28ad 100644
--- a/templates/traefik-ondemand-plugin.yml.j2
+++ b/templates/traefik-ondemand-plugin.yml.j2
@@ -19,21 +19,9 @@ spec:
       containers:
       - name: sablier
         image: acouvreur/sablier:1.7.0
-        args: ["start", "--provider.name=kubernetes", "--storage.file=/dev/shm/state.json"]
+        args: ["start", "--provider.name=kubernetes"]
         ports:
-          - containerPort: 10000
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop: [ALL]
-          readOnlyRootFilesystem: true
-          seccompProfile:
-            type: RuntimeDefault
-      securityContext:
-        runAsGroup: 65532
-        runAsNonRoot: true
-        runAsUser: 65532
-# --configFile=path/to/myconfigfile.yml 
+        - containerPort: 10000
 ---
 apiVersion: v1
 kind: Service
@@ -51,6 +39,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: sablier
+  namespace: {{ traefik_namespace }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -98,7 +87,7 @@ subjects:
     name: sablier
     namespace: {{ traefik_namespace }}
 #---
-#apiVersion: traefik.io/v1alpha1
+#apiVersion: traefik.containo.us/v1alpha1
 #kind: Middleware
 #metadata:
 #  name: ondemand