diff --git a/07_bootstrap_argocd/shared-external-gateway.yaml b/07_bootstrap_argocd/shared-external-gateway.yaml
new file mode 100644
index 0000000..6e520b3
--- /dev/null
+++ b/07_bootstrap_argocd/shared-external-gateway.yaml
@@ -0,0 +1,25 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+  name: shared-external-gateway
+  namespace: default
+  labels:
+    bgp.cilium.io/ip-pool: default  # Damit bekommt das Gateway eine IP aus deinem Pool
+  annotations:
+    # Damit external-dns diesen Gateway findet und einen DNS-Eintrag erstellt
+    # (falls external-dns Gateway API unterstützt, was es tut)
+    cert-manager.io/cluster-issuer: cloudflare-cluster-issuer
+spec:
+  gatewayClassName: envoy-gateway-class
+  listeners:
+    - name: http
+      hostname: "*.hnrx.net"
+      protocol: HTTPS
+      port: 443
+      allowedRoutes:
+        namespaces:
+          from: All
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: shared-external-gateway-tls
\ No newline at end of file