diff --git a/README.md b/README.md
new file mode 100644
index 0000000..805970d
--- /dev/null
+++ b/README.md
@@ -0,0 +1,71 @@
+# Kestra Deployment
+
+GitOps deployment for Kestra with Tailscale HTTPS access and route acceptance.
+
+## Prerequisites
+
+### PostgreSQL Database
+
+Connect to your PostgreSQL server and create the database:
+
+```sql
+CREATE DATABASE kestra;
+CREATE USER kestra WITH PASSWORD 'your-secure-password';
+GRANT ALL PRIVILEGES ON DATABASE kestra TO kestra;
+ALTER DATABASE kestra OWNER TO kestra;
+```
+
+### Host Configuration
+
+Download configuration files to `/opt/kestra` (first time only):
+
+```bash
+sudo mkdir -p /opt/kestra/{tailscale,config}
+sudo curl -o /opt/kestra/tailscale/serve-config.json https://gitea.arnodo.fr/Damien/kestra-deployment/raw/branch/main/serve-config.json
+sudo curl -o /opt/kestra/config/application.yaml https://gitea.arnodo.fr/Damien/kestra-deployment/raw/branch/main/application.yaml
+```
+
+## Deployment
+
+1. Create a new stack in Portainer
+2. Select "Repository" and point to this repository
+3. Portainer will load `stack.env` automatically
+4. Override sensitive values (`CHANGE_ME`) in the environment variables section:
+   - `TS_AUTHKEY` - Tailscale auth key (reusable recommended)
+   - `DB_PASSWORD` - PostgreSQL password
+   - `KESTRA_ADMIN_PASSWORD` - Kestra admin password
+5. Deploy
+
+## Features
+
+- **Tailscale Sidecar**: HTTPS access via Tailscale with automatic certificate management
+- **Route Acceptance**: `--accept-routes` enabled to reach other services on the tailnet
+- **PostgreSQL Backend**: External PostgreSQL for persistent storage and queue
+- **Docker-in-Docker**: Socket mounted for running containerized tasks
+
+## Access
+
+Once deployed: https://kestra.taila5ad8.ts.net
+
+## Directory Structure
+
+```
+/opt/kestra/
+├── tailscale/
+│   └── serve-config.json     # Tailscale HTTPS configuration
+└── config/
+    └── application.yaml      # Kestra configuration
+```
+
+## Environment Variables
+
+| Variable | Description | Required |
+|----------|-------------|----------|
+| `TS_AUTHKEY` | Tailscale authentication key | Yes |
+| `DB_HOST` | PostgreSQL host | Yes |
+| `DB_PORT` | PostgreSQL port | Yes |
+| `DB_NAME` | Database name | Yes |
+| `DB_USER` | Database user | Yes |
+| `DB_PASSWORD` | Database password | Yes |
+| `KESTRA_ADMIN_USER` | Admin username | No (default: admin) |
+| `KESTRA_ADMIN_PASSWORD` | Admin password | Yes |