diff --git a/templates/ingressroute.yaml b/templates/ingressroute.yaml
index 7e42738..f4f2524 100644
--- a/templates/ingressroute.yaml
+++ b/templates/ingressroute.yaml
@@ -41,42 +41,11 @@ spec:
     - {{ .Values.instance.domain }}
 {{- end }}
 ---
-# HTTP → HTTPS redirect. Browsers default a bare hostname to http://,
-# but the only entrypoint serving Odoo is `websecure` — without this
-# route plain-http requests fall through to Traefik's default backend
-# and the user sees Traefik's "404 page not found" even though the
-# instance is fully up. The Middleware lives in this same chart so a
-# legacy cluster without a global redirect-to-https middleware works
-# the same as a fresh one.
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: {{ include "instance.fullname" . }}-redirect-https
-  labels:
-    {{- include "instance.labels" . | nindent 4 }}
-spec:
-  redirectScheme:
-    scheme: https
-    permanent: true
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: {{ include "instance.fullname" . }}-http
-  labels:
-    {{- include "instance.labels" . | nindent 4 }}
-spec:
-  entryPoints:
-    - web
-  routes:
-    - match: Host(`{{ .Values.instance.domain }}`)
-      kind: Rule
-      middlewares:
-        - name: {{ include "instance.fullname" . }}-redirect-https
-      services:
-        - name: {{ include "instance.fullname" . }}-odoo
-          port: 8069
----
+# HTTP → HTTPS redirect lives at the cluster's Traefik entrypoint
+# config (cluster-platform-v3 chart, `traefik.ports.web.redirectTo`)
+# — every cluster's `web` entrypoint redirects port 80 → 443
+# uniformly, before any IngressRoute matching runs. Per-instance
+# redirect is redundant and intentionally NOT defined here.
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata: