diff --git a/deploy/backend-values.yaml b/deploy/backend-values.yaml
index 05ef68d..f0bd27c 100644
--- a/deploy/backend-values.yaml
+++ b/deploy/backend-values.yaml
@@ -77,9 +77,9 @@ env:
         name: olmap-backend-secrets
         key: DJANGO_SECRET_KEY
   DJANGO_ALLOWED_HOSTS:
-    value: "olmap.dataportal.fi,localhost"
+    value: "olmap-backend.dataportal.fi,localhost"
   DJANGO_CORS_ALLOWED_ORIGINS:
-    value: "https://olmap.dataportal.fi"
+    value: "https://olmap-frontend.dataportal.fi"
   DJANGO_MIGRATE:
     value: "true"
   # Database configuration (Cloud SQL via proxy with IAM auth)
@@ -95,7 +95,7 @@ env:
     value: "olmap-app@fvh-project-containers-etc.iam"
   # Frontend URL for CORS and redirects
   FRONTEND_ROOT:
-    value: "https://olmap.dataportal.fi"
+    value: "https://olmap-frontend.dataportal.fi"
   # Admin email
   ADMIN_EMAIL:
     value: "admin@forumvirium.fi"
@@ -125,29 +125,15 @@ service:
   port: 80
   targetPort: 8000
 
-# Ingress configuration - API endpoint (same domain as frontend, path-based routing)
-ingress:
+# Gateway API configuration (Envoy Gateway)
+# Replaces ingress-nginx; creates HTTPRoute pointing to shared dataportal-gateway
+# Hostname auto-generated as olmap-backend.dataportal.fi from release name
+gateway:
   enabled: true
-  className: nginx
-  annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-  hosts:
-  - host: olmap.dataportal.fi
-    paths:
-    - path: /api
-      pathType: Prefix
-    - path: /admin
-      pathType: Prefix
-    - path: /static
-      pathType: Prefix
-    - path: /rest-auth
-      pathType: Prefix
-    - path: /accounts
-      pathType: Prefix
-  tls:
-  - hosts:
-    - olmap.dataportal.fi
-    secretName: olmap-backend-tls  # pragma: allowlist secret
+
+# Ingress configuration - disabled in favour of Gateway API above
+ingress:
+  enabled: false
 
 # Health checks for Django
 livenessProbe:
diff --git a/deploy/frontend-values.yaml b/deploy/frontend-values.yaml
index 6299bf4..3b7592c 100644
--- a/deploy/frontend-values.yaml
+++ b/deploy/frontend-values.yaml
@@ -37,26 +37,17 @@ service:
   port: 80
   targetPort: 80
 
-# Ingress configuration - serves the SPA, proxies /api to backend
-ingress:
+# Gateway API configuration (Envoy Gateway)
+# Replaces ingress-nginx; creates HTTPRoute pointing to shared dataportal-gateway
+# Hostname auto-generated as olmap-frontend.dataportal.fi from release name
+# Note: SPA catch-all routing (try_files $uri $uri/ /index.html) must be handled
+# by the nginx container's own nginx.conf - it cannot be delegated to the gateway.
+gateway:
   enabled: true
-  className: nginx
-  annotations:
-    cert-manager.io/cluster-issuer: "letsencrypt-prod"
-    # SPA catch-all routing - serve index.html for non-file paths
-    nginx.ingress.kubernetes.io/configuration-snippet: |
-      location ~* ^/(?!api|admin|static|rest-auth|accounts|health).*$ {
-        try_files $uri $uri/ /index.html;
-      }
-  hosts:
-  - host: olmap.dataportal.fi
-    paths:
-    - path: /
-      pathType: Prefix
-  tls:
-  - hosts:
-    - olmap.dataportal.fi
-    secretName: olmap-frontend-tls # pragma: allowlist secret
+
+# Ingress configuration - disabled in favour of Gateway API above
+ingress:
+  enabled: false
 
 # Health check for nginx
 livenessProbe: