diff --git a/ansible/roles/apps/tasks/core.yml b/ansible/roles/apps/tasks/core.yml
index 1530ee233d5f9dedad5781bcbbdc1f1459c3d786..84dc81312dad96c046c31a69c2c764f5ca9e17fb 100644
--- a/ansible/roles/apps/tasks/core.yml
+++ b/ansible/roles/apps/tasks/core.yml
@@ -96,6 +96,36 @@
     resource_definition: "{{ lookup('file', 'local-path-provisioner_hr.yaml') | from_yaml }}"
   when: "'local-path-provisioner' in enabled_applications"
 
+- name: Create Kubernetes secret with nginx-ingress settings
+  tags:
+    - config
+    - flux
+    - nginx
+  vars:
+    flux_secret:
+      name: "ingress"
+      namespace: "oas"
+  include_tasks:
+    file: flux_secret.yml
+    apply:
+      tags:
+        - config
+        - flux
+        - nginx
+
+# We have to install nginx-ingress before other charts so that the ingress
+# validation webhook exists before it is used.
+# It will still be managed by flux afterwards.
+- name: Create ingress HelmResource
+  tags:
+    - config
+    - flux
+    - nginx
+  k8s:
+    state: present
+    resource_definition: "{{ lookup('file', 'ingress_hr.yaml') | from_yaml }}"
+  when: "'ingress' in enabled_applications"
+
 - name: Install flux
   tags:
     - flux
diff --git a/ansible/roles/apps/tasks/main.yml b/ansible/roles/apps/tasks/main.yml
index ebb3b774a573e6ea199c74307d5ba7a55a20b8b7..b1a6f9e326583b70316b4171c1a1ad405fa24358 100644
--- a/ansible/roles/apps/tasks/main.yml
+++ b/ansible/roles/apps/tasks/main.yml
@@ -9,9 +9,6 @@
 - name: Tasks pertaining to letsencrypt
   import_tasks: letsencrypt.yml
 
-- name: Tasks pertaining to nginx
-  import_tasks: nginx.yml
-
 - name: Tasks pertaining to prometheus and grafana
   import_tasks: prometheus-stack.yml
 
diff --git a/ansible/roles/apps/tasks/nginx.yml b/ansible/roles/apps/tasks/nginx.yml
index 9224d81d35f5f9851d3395b6972517f74820d975..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391 100644
--- a/ansible/roles/apps/tasks/nginx.yml
+++ b/ansible/roles/apps/tasks/nginx.yml
@@ -1,18 +0,0 @@
----
-
-- name: Create Kubernetes secret with nginx-ingress settings
-  tags:
-    - config
-    - flux
-    - nginx
-  vars:
-    flux_secret:
-      name: "ingress"
-      namespace: "oas"
-  include_tasks:
-    file: flux_secret.yml
-    apply:
-      tags:
-        - config
-        - flux
-        - nginx