diff --git a/k8s-peterg/argocd/applications-wheatley.yaml b/k8s-peterg/argocd/applications-wheatley.yaml
index 2c8ae2a..2d1f069 100644
--- a/k8s-peterg/argocd/applications-wheatley.yaml
+++ b/k8s-peterg/argocd/applications-wheatley.yaml
@@ -174,3 +174,22 @@ spec:
     automated:
       prune: true
       selfHeal: true
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: plex
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: https://code.peterg.nl/wheatley/kubernetes.git
+    path: k8s-wheatley/plex
+    targetRevision: HEAD
+  destination:
+    server: https://10.13.37.10:6443
+    namespace: plex
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
diff --git a/k8s-wheatley/plex/configmap.yaml b/k8s-wheatley/plex/configmap.yaml
new file mode 100644
index 0000000..c852c79
--- /dev/null
+++ b/k8s-wheatley/plex/configmap.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: plex-envs
+data:
+  PLEX_UID: "1000"
+  PLEX_GID: "1000"
+  TZ: Europe/Amsterdam
diff --git a/k8s-wheatley/plex/deployments.yaml b/k8s-wheatley/plex/deployments.yaml
new file mode 100644
index 0000000..8663c41
--- /dev/null
+++ b/k8s-wheatley/plex/deployments.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: plex
+  labels:
+    app: plex
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: plex
+  template:
+    metadata:
+      labels:
+        app: plex
+    spec:
+      volumes:
+        - name: plex-config
+          persistentVolumeClaim:
+            claimName: plex-storage
+        - name: nfs-media
+          persistentVolumeClaim:
+            claimName: nfs-media
+      containers:
+        - name: plex
+          image: plexinc/pms-docker:1.43.0.10467-2b1ba6e69
+          imagePullPolicy: IfNotPresent
+          ports:
+            - containerPort: 32400
+          envFrom:
+            - configMapRef:
+                name: plex-envs
+          volumeMounts:
+            - mountPath: /config
+              name: plex-config
+            - mountPath: /data
+              name: nfs-media
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - "ALL"
+              add:
+                - "CHOWN"
+                - "SETUID"
+                - "SETGID"
diff --git a/k8s-wheatley/plex/ingress.yaml b/k8s-wheatley/plex/ingress.yaml
new file mode 100644
index 0000000..c67c364
--- /dev/null
+++ b/k8s-wheatley/plex/ingress.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: plex-route
+spec:
+  parentRefs:
+    - name: internal
+      namespace: kube-system
+      sectionName: https
+  hostnames:
+    - "plex.wheatley.in"
+  rules:
+    - backendRefs:
+        - name: plex
+          port: 80
+
diff --git a/k8s-wheatley/plex/kustomization.yaml b/k8s-wheatley/plex/kustomization.yaml
new file mode 100644
index 0000000..dcf18bf
--- /dev/null
+++ b/k8s-wheatley/plex/kustomization.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: plex
+
+resources:
+  - configmap.yaml
+  - deployments.yaml
+  - ingress.yaml
+  - pvc.yaml
+  - secrets.yaml
+  - services.yaml
+  - namespace.yaml
diff --git a/k8s-wheatley/plex/namespace.yaml b/k8s-wheatley/plex/namespace.yaml
new file mode 100644
index 0000000..36fa0cf
--- /dev/null
+++ b/k8s-wheatley/plex/namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: plex
diff --git a/k8s-wheatley/plex/pvc.yaml b/k8s-wheatley/plex/pvc.yaml
new file mode 100644
index 0000000..7943bab
--- /dev/null
+++ b/k8s-wheatley/plex/pvc.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: plex-storage
+spec:
+  storageClassName: piraeus-lvmthin
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: nfs-media
+spec:
+  accessModes:
+    - ReadOnlyMany
+  resources:
+    requests:
+      storage: 40Ti
+  volumeName: nfs-media-plex
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: nfs-media-plex
+spec:
+  capacity:
+    storage: 40Ti
+  accessModes:
+    - ReadOnlyMany
+  nfs:
+    server: 10.0.69.10
+    path: /tank/media
+  mountOptions:
+    - vers=4.1
+    - rsize=1048576
+    - wsize=1048576
+    - hard
+    - timeo=600
+    - noatime
+  persistentVolumeReclaimPolicy: Retain
diff --git a/k8s-wheatley/plex/secrets.yaml b/k8s-wheatley/plex/secrets.yaml
new file mode 100644
index 0000000..801f5fc
--- /dev/null
+++ b/k8s-wheatley/plex/secrets.yaml
@@ -0,0 +1,16 @@
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: plex-env-secrets
+spec:
+  secretStoreRef:
+    name: vault-wheatley
+    kind: ClusterSecretStore
+  target:
+    name: plex-env-secrets
+  data:
+    - secretKey: PLEX_CLAIM
+      remoteRef:
+        key: secrets/managed/plex/env-secrets
+        property: PLEX_CLAIM
diff --git a/k8s-wheatley/plex/services.yaml b/k8s-wheatley/plex/services.yaml
new file mode 100644
index 0000000..8bc2490
--- /dev/null
+++ b/k8s-wheatley/plex/services.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: plex
+spec:
+  selector:
+    app: plex
+  ports:
+    - port: 80
+      protocol: TCP
+      targetPort: 32400