diff --git a/dmz/internalproxy/templates/argocd.yaml b/dmz/internalproxy/templates/argocd.yaml
new file mode 100644
index 0000000..20aba48
--- /dev/null
+++ b/dmz/internalproxy/templates/argocd.yaml
@@ -0,0 +1,34 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: argocd-infra-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`argocd.infra.durp.info`)
+      #middlewares:
+      #  - name: whitelist
+      #    namespace: traefik
+      kind: Rule
+      services:
+        - name: infra-cluster
+          port: 443
+          scheme: https
+  tls:
+    secretName: argocd-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: argocd-infra-tls
+spec:
+  secretName: argocd-infra-tls
+  issuerRef:
+    name: vault-issuer
+    kind: ClusterIssuer
+  commonName: "argocd.infra.durp.info"
+  dnsNames:
+    - "argocd.infra.durp.info"