diff --git a/values/traefik.yml b/values/traefik.yml
index a7e22df..b6201ae 100644
--- a/values/traefik.yml
+++ b/values/traefik.yml
@@ -1,3 +1,4 @@
+# Traefik Helm values — compatible with Traefik chart v34+ (Traefik v3)
 # Traefik Helm values — Phase 1
 # Chart: traefik/traefik
 # Deploy:
@@ -6,59 +7,10 @@
 #   helm upgrade --install traefik traefik/traefik \
 #     --namespace traefik --create-namespace \
 #     -f values/traefik.yml
-
-globalArguments:
-  - "--global.checknewversion=false"
-  - "--global.sendanonymoususage=false"
-
-additionalArguments:
-  - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
-  - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
-  - "--certificatesresolvers.letsencrypt.acme.email=nik@nik4nao.xyz"
-  - "--certificatesresolvers.letsencrypt.acme.storage=/data/traefik/acme.json"
-
-entryPoints:
-  web:
-    address: ":80"
-    http:
-      redirections:
-        entryPoint:
-          to: websecure
-          scheme: https
-  websecure:
-    address: ":443"
-
-ingressClass:
-  enabled: true
-  isDefaultIngressClass: true
-
-service:
-  type: LoadBalancer
-  # K3s includes ServiceLB (klipper) — it will bind this to the node's IP automatically
-
-persistence:
-  enabled: false
-  existingClaim: ""
-  storageClass: ""
-  path: /data/traefik
-  size: 128Mi
-  accessMode: ReadWriteOnce
-
-volumes:
-  - name: traefik-data
-    hostPath:
-      path: /data/traefik
-      type: DirectoryOrCreate
-
-volumeMounts:
-  - name: traefik-data
-    mountPath: /data/traefik
+# Minimal Traefik v3 / chart v39 compatible values
 
 deployment:
   replicas: 1
-  # Pin to Minisforum (primary node)
-  # Remove this section in Phase 2 once you have a multi-node cluster
-  # and only want Traefik on the server node
   affinity:
     nodeAffinity:
       requiredDuringSchedulingIgnoredDuringExecution:
@@ -69,20 +21,42 @@ deployment:
                 values:
                   - primary
 
-dashboard:
+ingressClass:
   enabled: true
-  # Accessible internally at http://traefik.192.168.7.7.nip.io or via IngressRoute
-  # Do NOT expose the dashboard externally
-  ingressRoute:
-    dashboard:
-      enabled: true
-      matchRule: Host(`traefik.home.arpa`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
-      entryPoints:
-        - websecure
-      # Add BasicAuth middleware here if you want dashboard password protection
+  isDefaultClass: true
+
+ports:
+  web:
+    port: 8000
+    exposedPort: 80
+    http:
+      redirections:
+        entryPoint:
+          to: websecure
+          scheme: https
+          permanent: true
+  websecure:
+    port: 8443
+    exposedPort: 443
+
+service:
+  type: LoadBalancer
+
+additionalArguments:
+  - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
+  - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
+  - "--certificatesresolvers.letsencrypt.acme.email=nik.afiq98@ymail.com"
+  - "--certificatesresolvers.letsencrypt.acme.storage=/data/traefik/acme.json"
+
+volumes:
+  - name: traefik-data
+    hostPath:
+      path: /data/traefik
+      type: DirectoryOrCreate
+    mountPath: /data/traefik
 
 logs:
   general:
     level: INFO
   access:
-    enabled: true
+    enabled: true
\ No newline at end of file