diff --git a/ctrl/Tiltfile b/ctrl/Tiltfile
index 622428e..0a20bc2 100644
--- a/ctrl/Tiltfile
+++ b/ctrl/Tiltfile
@@ -43,6 +43,7 @@ docker_build(
 k8s_resource('minio')
 k8s_resource('lambda', resource_deps=['minio'])
 k8s_resource('docs')
+k8s_resource('gateway', resource_deps=['docs', 'minio'])
 
 k8s_resource(
     objects=['eth:namespace', 'eth-config:configmap'],
diff --git a/ctrl/k8s/base/Caddyfile b/ctrl/k8s/base/Caddyfile
new file mode 100644
index 0000000..7fee658
--- /dev/null
+++ b/ctrl/k8s/base/Caddyfile
@@ -0,0 +1,12 @@
+{
+    auto_https off
+    admin off
+}
+
+eth.local.ar:80 {
+    reverse_proxy docs:80
+}
+
+minio.eth.local.ar:80 {
+    reverse_proxy minio:9001
+}
diff --git a/ctrl/k8s/base/gateway.yaml b/ctrl/k8s/base/gateway.yaml
new file mode 100644
index 0000000..2d5ee27
--- /dev/null
+++ b/ctrl/k8s/base/gateway.yaml
@@ -0,0 +1,53 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gateway
+  namespace: eth
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gateway
+  template:
+    metadata:
+      labels:
+        app: gateway
+    spec:
+      containers:
+        - name: caddy
+          image: caddy:2-alpine
+          ports:
+            - containerPort: 80
+              name: http
+          volumeMounts:
+            - name: config
+              mountPath: /etc/caddy
+              readOnly: true
+          readinessProbe:
+            tcpSocket:
+              port: 80
+            initialDelaySeconds: 2
+            periodSeconds: 10
+          resources:
+            requests:
+              memory: 32Mi
+              cpu: 50m
+            limits:
+              memory: 128Mi
+      volumes:
+        - name: config
+          configMap:
+            name: gateway-config
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: gateway
+  namespace: eth
+spec:
+  selector:
+    app: gateway
+  ports:
+    - name: http
+      port: 80
+      targetPort: 80
diff --git a/ctrl/k8s/base/kustomization.yaml b/ctrl/k8s/base/kustomization.yaml
index 1b4572f..3b57057 100644
--- a/ctrl/k8s/base/kustomization.yaml
+++ b/ctrl/k8s/base/kustomization.yaml
@@ -9,3 +9,13 @@ resources:
   - minio.yaml
   - lambda.yaml
   - docs.yaml
+  - gateway.yaml
+
+# Generate the gateway Caddyfile ConfigMap from the standalone file.
+# Hash suffix is on by default — when Caddyfile changes, the ConfigMap gets
+# a new hashed name, kustomize rewrites the Deployment volume reference,
+# and the gateway pod restarts automatically with the new config.
+configMapGenerator:
+  - name: gateway-config
+    files:
+      - Caddyfile
diff --git a/ctrl/k8s/base/lambda.yaml b/ctrl/k8s/base/lambda.yaml
index 412c667..bf8f6d0 100644
--- a/ctrl/k8s/base/lambda.yaml
+++ b/ctrl/k8s/base/lambda.yaml
@@ -21,9 +21,18 @@ spec:
           envFrom:
             - configMapRef:
                 name: eth-config
+          volumeMounts:
+            - name: documents
+              mountPath: /mnt/documents
+              readOnly: true
           resources:
             requests:
               memory: 128Mi
               cpu: 100m
             limits:
               memory: 512Mi
+      volumes:
+        - name: documents
+          hostPath:
+            path: /mnt/documents
+            type: Directory
diff --git a/ctrl/k8s/kind-config.yaml b/ctrl/k8s/kind-config.yaml
index 64cd490..abf9f5e 100644
--- a/ctrl/k8s/kind-config.yaml
+++ b/ctrl/k8s/kind-config.yaml
@@ -8,3 +8,7 @@ nodes:
         hostPort: 8050
         listenAddress: "0.0.0.0"
         protocol: TCP
+    extraMounts:
+      - hostPath: /home/mariano/Documents
+        containerPath: /mnt/documents
+        readOnly: true
diff --git a/ctrl/k8s/overlays/dev/kustomization.yaml b/ctrl/k8s/overlays/dev/kustomization.yaml
index 7bc417f..c5fd20c 100644
--- a/ctrl/k8s/overlays/dev/kustomization.yaml
+++ b/ctrl/k8s/overlays/dev/kustomization.yaml
@@ -5,9 +5,11 @@ resources:
   - ../../base
 
 patches:
+  # In-cluster Caddy gateway owns the single NodePort. It routes by Host header
+  # to docs / minio / future services via service DNS inside the cluster.
   - target:
       kind: Service
-      name: docs
+      name: gateway
     patch: |
       - op: replace
         path: /spec/type
diff --git a/ctrl/seed.sh b/ctrl/seed.sh
new file mode 100755
index 0000000..3a9241b
--- /dev/null
+++ b/ctrl/seed.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/env bash
+set -euo pipefail
+kubectl --context kind-eth -n eth exec -i deploy/lambda -- python seed.py /mnt/documents
diff --git a/lambda_function.py b/lambda_function.py
index 3d56525..9c508a6 100644
--- a/lambda_function.py
+++ b/lambda_function.py
@@ -23,7 +23,7 @@ async def _run():
 
         async def producer():
             paginator = s3.get_paginator("list_objects_v2")
-            async for page in paginator.paginate(Bucket=BUCKET, Prefix=PREFIX):
+            async for page in paginator.paginate(Bucket=BUCKET, Prefix=PREFIX, PaginationConfig={"PageSize": 100}):
                 for obj in page.get("Contents", []) or []:
                     key = obj["Key"]
                     if key.lower().endswith(".pdf"):
diff --git a/seed.py b/seed.py
index 4a01085..59607e1 100644
--- a/seed.py
+++ b/seed.py
@@ -8,7 +8,7 @@ from botocore.exceptions import ClientError
 BUCKET = os.environ.get("BUCKET_NAME", "my-company-reports-bucket")
 PREFIX = os.environ.get("PREFIX", "2026/04/")
 ENDPOINT = os.environ.get("S3_ENDPOINT_URL", "http://localhost:9000")
-DECOY_EXTS = (".txt", ".csv", ".json")
+DECOY_EXTS = ()
 
 
 def _client():