diff --git a/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2 b/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
index f1df3e6..b7d67a3 100644
--- a/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
+++ b/ansible-5/roles/ns.xai-corp.net/templates/xai-corp.net.internal.j2
@@ -88,3 +88,4 @@ abcapi                  IN CNAME    dkhost
 ;metrics                 IN CNAME    dkhost
 funkwhale               IN CNAME dkhost
 backstage               IN CNAME dkhost
+argocd                  IN CNAME dkhost
\ No newline at end of file
diff --git a/ansible-5/roles/prod.k3s/defaults/main.yml b/ansible-5/roles/prod.k3s/defaults/main.yml
index 01081d2..5ac66f8 100644
--- a/ansible-5/roles/prod.k3s/defaults/main.yml
+++ b/ansible-5/roles/prod.k3s/defaults/main.yml
@@ -92,6 +92,11 @@ apps:
     namespace: default
     state: absent
 
+  argocd:
+    enabled: true
+    namespace: argocd
+    state: present
+
   funkwhale:
     enabled: false
     namespace: funkwhale
diff --git a/ansible-5/roles/prod.k3s/files/argocd/ingress-cli.yaml b/ansible-5/roles/prod.k3s/files/argocd/ingress-cli.yaml
new file mode 100644
index 0000000..d47de40
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/files/argocd/ingress-cli.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server-cli
+  namespace: argocd
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+    - host: argocd.xai-corp.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: argocd-server
+                port:
+                  number: 80
+                scheme: h2c
+
+  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+    - secretName: xai-corp-production-tls
diff --git a/ansible-5/roles/prod.k3s/files/argocd/ingress.yaml b/ansible-5/roles/prod.k3s/files/argocd/ingress.yaml
new file mode 100644
index 0000000..fee2676
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/files/argocd/ingress.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server-ui
+  namespace: argocd
+  annotations:
+    kubernetes.io/ingress.class: "traefik"
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+spec:
+  rules:
+    - host: argocd.xai-corp.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: argo-cd-server
+                port:
+                  number: 80
+
+  tls: # < placing a host in the TLS config will determine what ends up in the cert's subjectAltNames
+    - secretName: xai-corp-production-tls
+
diff --git a/ansible-5/roles/prod.k3s/files/argocd/ingressRoute.yaml b/ansible-5/roles/prod.k3s/files/argocd/ingressRoute.yaml
new file mode 100644
index 0000000..fecaaf9
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/files/argocd/ingressRoute.yaml
@@ -0,0 +1,24 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-server
+  namespace: argocd
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - kind: Rule
+      match: Host(`argocd.xai-corp.net`)
+      priority: 10
+      services:
+        - name: argocd-server
+          port: 80
+    - kind: Rule
+      match: Host(`argocd.xai-corp.net`) && Header(`Content-Type`, `application/grpc`)
+      priority: 11
+      services:
+        - name: argocd-server
+          port: 80
+          scheme: h2c
+  tls:
+    certResolver: default
\ No newline at end of file
diff --git a/ansible-5/roles/prod.k3s/files/argocd/values.yaml b/ansible-5/roles/prod.k3s/files/argocd/values.yaml
new file mode 100644
index 0000000..3d5856e
--- /dev/null
+++ b/ansible-5/roles/prod.k3s/files/argocd/values.yaml
@@ -0,0 +1,18 @@
+---
+# https://github.com/bitnami/charts/blob/main/bitnami/argo-cd/values.yaml
+# xai-corp-production-tls
+
+#server:
+#  ingress:
+#    enabled: false
+#    hostname: argocd.xai-corp.net
+#    tls: true
+#    annotations:
+#    extraTLS:
+#      hostname:
+#
+#  grpcIngress:
+#    enabled: false
+#    hostname: argocd.xai-corp.net
+#    tls: true
+
diff --git a/ansible-5/roles/prod.k3s/tasks/deployments/argoCD.yaml b/ansible-5/roles/prod.k3s/tasks/deployments/argoCD.yaml
index 52356a8..9b56261 100644
--- a/ansible-5/roles/prod.k3s/tasks/deployments/argoCD.yaml
+++ b/ansible-5/roles/prod.k3s/tasks/deployments/argoCD.yaml
@@ -1,2 +1,58 @@
 ---
 #tasks to deploy argoCD to cluster
+# https://github.com/bitnami/charts/blob/main/bitnami/argo-cd/values.yaml
+
+- name: Create a namespace for argoCD
+  k8s:
+    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+    name: "{{apps.argocd.namespace}}"
+    api_version: v1
+    kind: Namespace
+    state: "{{apps.argocd.state}}"
+  become: true
+
+#- name: create persistent volume resources
+#  kubernetes.core.k8s:
+#    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+#    state: "{{apps.gitea.state}}"
+#    definition: "{{ lookup('template', item) | from_yaml }}"
+#  loop:
+#    - gitea/pv.yaml
+#    - gitea/pv-claim.yaml
+#  become: true
+
+- name: Install argocd
+  block:
+    - name: Add argocd chart helm repo
+      local_action:
+        module: kubernetes.core.helm_repository
+        name: bitnami
+        repo_url: https://charts.bitnami.com/bitnami
+
+    - name: load variables files/argocd/values.yaml
+      ansible.builtin.include_vars:
+        file: files/argocd/values.yaml
+        name: release_values
+
+    - name: Install argocd Release
+      local_action:
+        module: kubernetes.core.helm
+        release_state: "{{apps.argocd.state}}"
+        name: argo-cd
+        namespace: "{{apps.argocd.namespace}}"
+        create_namespace: yes
+        update_repo_cache: True
+        chart_ref: bitnami/argo-cd
+        values: "{{release_values}}"
+
+        wait: true
+
+- name: create extra resources for argoCD
+  kubernetes.core.k8s:
+    kubeconfig: "/etc/rancher/k3s/k3s.yaml"
+    state: "{{apps.argocd.state}}"
+    definition: "{{ lookup('file', item) | from_yaml }}"
+  loop:
+    - argocd/ingress.yaml
+  become: true
+
diff --git a/ansible-5/roles/prod.k3s/tasks/main.yml b/ansible-5/roles/prod.k3s/tasks/main.yml
index b26909c..0e1eaa9 100644
--- a/ansible-5/roles/prod.k3s/tasks/main.yml
+++ b/ansible-5/roles/prod.k3s/tasks/main.yml
@@ -54,97 +54,7 @@
 - name: deploy backstage
   include_tasks: deployments/backstage.yaml
   when: apps.backstage.enabled
-#-----------------------------------------------------
-#- include_tasks: mariadb.yaml
-#
-# https://artifacthub.io/packages/helm/twuni/docker-registry
-#- name: Deploy latest version of docker-registry in dev-tools namespace
-#  local_action:
-#    module: kubernetes.core.helm
-#    name: dkregistry
-#    chart_ref: twuni/docker-registry
-#    release_namespace: dev-tools
-#    create_namespace: True
-#    values:
-#      replicaCount: 1
-#      ingress:
-#        enabled: true
-#        hosts:
-#          - dkregistry.xai-corp.net
-#        className: traefik
-#      secrets.htpassword: me1
-#      extraVolumeMounts:
-#        - name: registry-data
-#          mountPath: /var/lib/registry-data
-#        - name: registry-auth
-#          mountPath: /auth
-#        - name: registry-auth
-#          mountPath: /etc/docker/registry/
-#        - name: letsencrypt-data
-#          mountPath: /certs
-#        - name: letsencrypt-config
-#          mountPath: /etc/letsencrypt
-#      extraVolumes:
-#        - name: registry-data
-#          hostPath:
-#            path: /opt/shared/dkregistry/data
-#        - name: registry-auth
-#          hostPath:
-#            path: /opt/shared/dkregistry/auth
-#        - name: registry-config
-#          hostPath:
-#            path: /opt/shared/dkregistry/config/
-#        - name: letsencrypt-data
-#          hostPath:
-#            path: /opt/shared/letsencrypt-2
-#        - name: letsencrypt-config
-#          hostPath:
-#            path: /opt/shared/letsencrypt-2
-#      extraEnvVars:
-#        - name: REGISTRY_HTTP_SECRET
-#          value: aabuioqlwlcpp2
-#        - name: REGISTRY_HTTP_TLS_CERTIFICATE
-#          value: /certs/live/xai-corp.net/fullchain.pem
-#        - name: REGISTRY_HTTP_TLS_KEY
-#          value: /certs/live/xai-corp.net/privkey.pem
-#
-#
-# k3s config file
-#- name: Copy k3s config file to /etc/rancher/k3s/config.yaml
-#  ansible.builtin.copy:
-#    src: config.yaml
-#    dest: /etc/rancher/k3s/config.yaml
-#  become: true
-#
-# provision gitea
-#
-# provision argoCD
-#
-# provision graphana
-#- name: Copy manifest for graphana
-#  ansible.builtin.copy:
-#    src: manifests/graphana.helm.yaml
-#    dest: /var/lib/rancher/k3s/server/manifests/graphana.helm.yaml
-#  become: true
-#
-#- name: Copy manifest for docker registry
-#  ansible.builtin.copy:
-#    src: manifests/registry.helm.yaml
-#    dest: /var/lib/rancher/k3s/server/manifests/dkregistry.helm.yaml
-#  become: true
-#
-#- name: Copy manifest for mariadb
-#  ansible.builtin.copy:
-#    src: manifests/mariadb.helm.yaml
-#    dest: /var/lib/rancher/k3s/server/manifests/mariadb.helm.yaml
-#  become: true
-#
-#- name: remove manifests
-#  ansible.builtin.file:
-#    state: absent
-#    path: "{{ item }}"
-#  loop:
-#    - /var/lib/rancher/k3s/server/manifests/graphana.helm.yaml
-#    - /var/lib/rancher/k3s/server/manifests/dkregistry.helm.yaml
-#    - /var/lib/rancher/k3s/server/manifests/mariadb.helm.yaml
-#  become: true
+
+- name: deploy argoCD
+  include_tasks: deployments/argoCD.yaml
+  when: apps.argocd.enabled