diff --git a/deployment/kustomize/overlays/staging/portal-deployment.yaml b/deployment/kustomize/overlays/staging/portal-deployment.yaml
index 73b8d37..bfa36d4 100644
--- a/deployment/kustomize/overlays/staging/portal-deployment.yaml
+++ b/deployment/kustomize/overlays/staging/portal-deployment.yaml
@@ -32,7 +32,7 @@ spec:
                 secretKeyRef:
                   name: portal-storage-creds
                   key: AWS_SECRET_ACCESS_KEY
-        - name: ssh-tunnel
+        - name: ssh-tunnel-dev
           image: servala.app.codey.ch/servala/servala-portal:latest
           command:
             - "/bin/bash"
@@ -44,10 +44,30 @@ spec:
               ssh $SSH_HOST -l $SSH_USER -o StrictHostKeyChecking=no -L 6443:127.0.0.1:6443 -N -i /app/.ssh/id -v
           env:
             - name: SSH_HOST
-              valueFrom:
-                secretKeyRef:
-                  name: servala-sshclient
-                  key: ssh-host
+              value: "78.47.176.209"
+            - name: SSH_USER
+              valueFrom:
+                secretKeyRef:
+                  name: servala-sshclient
+                  key: ssh-user
+            - name: SSH_PRIVATE_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: servala-sshclient
+                  key: ssh-private-key
+        - name: ssh-tunnel-talos
+          image: servala.app.codey.ch/servala/servala-portal:latest
+          command:
+            - "/bin/bash"
+            - "-c"
+            - |
+              mkdir -p /app/.ssh && chmod 700 /app/.ssh
+              echo "$SSH_PRIVATE_KEY" > /app/.ssh/id
+              chmod 600 /app/.ssh/id
+              ssh $SSH_HOST -l $SSH_USER -o StrictHostKeyChecking=no -L 6444:172.18.200.10:6443 -N -i /app/.ssh/id -v
+          env:
+            - name: SSH_HOST
+              value: mgmt.cls-rma1-9c02.servala.com
             - name: SSH_USER
               valueFrom:
                 secretKeyRef: