diff --git a/apps/sharkey/app.yaml b/apps/sharkey/app.yaml
index 348e160..230a818 100644
--- a/apps/sharkey/app.yaml
+++ b/apps/sharkey/app.yaml
@@ -14,4 +14,5 @@ resources:
   - app/stackgres.yaml
   - app/deploy.yaml
   - app/service.yaml
+  - app/middleware.yaml
   - app/route.yaml
diff --git a/apps/sharkey/app/middleware.yaml b/apps/sharkey/app/middleware.yaml
new file mode 100644
index 0000000..7d8286c
--- /dev/null
+++ b/apps/sharkey/app/middleware.yaml
@@ -0,0 +1,29 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: circuit-breaker
+  namespace: sharkey 
+spec:
+  circuitBreaker:
+    expression: LatencyAtQuantileMS(50.0) > 200 || ResponseCodeRatio(500, 600, 0, 600) > 0.5
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: ratelimit
+  namespace: sharkey
+spec:
+  rateLimit:
+    average: 120
+    burst: 60
+    period: 1s
+    sourceCriterion:
+      ipStrategy:
+        excludedIPs:
+        - 127.0.0.1/32   # loopback
+        - 10.0.0.0/16    # bridge network
+        - 10.243.0.0/16  # cluster network
+        - 167.235.111.84 # lb
+        - 128.140.35.44  # node
+        - 5.75.144.230   # node
+        - 144.76.167.59  # node
diff --git a/apps/sharkey/app/route.yaml b/apps/sharkey/app/route.yaml
index dcf25d2..72931d7 100644
--- a/apps/sharkey/app/route.yaml
+++ b/apps/sharkey/app/route.yaml
@@ -12,6 +12,8 @@ spec:
     middlewares:
       - name: strict-security-headers
         namespace: default
+      - name: ratelimit
+      - name: circuit-breaker
     services:
     - name: sharkey
       port: http