diff --git a/argocd/applications/nginx-ingress-application.yaml b/argocd/applications/nginx-ingress-application.yaml
new file mode 100644
index 0000000..861fbfd
--- /dev/null
+++ b/argocd/applications/nginx-ingress-application.yaml
@@ -0,0 +1,24 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argocd-ingress-nginx-application
+  namespace: argocd
+spec:
+  project: default # Todo define a project to limit the deployment types
+  source:
+    chart: nginx-ingress
+    repoURL: https://helm.nginx.com/stable
+    targetRevision: 0.14.1
+    helm:
+      releaseName: ingress-nginx
+      parameters:
+        - name: "controller.setAsDefaultIngress"
+          value: "true"
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: ingress-nginx
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+      allowEmpty: false
diff --git a/argocd/argocd-ingress.yaml b/argocd/argocd-internal-ingress.yaml
similarity index 90%
copy from argocd/argocd-ingress.yaml
copy to argocd/argocd-internal-ingress.yaml
index 71e9554..d6e0fab 100644
--- a/argocd/argocd-ingress.yaml
+++ b/argocd/argocd-internal-ingress.yaml
@@ -1,25 +1,25 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: argocd-ingress
+  name: argocd-internal-ingress
   namespace: argocd
   annotations:
     #cert-manager.io/cluster-issuer: letsencrypt-prod
     kubernetes.io/ingress.class: nginx
     kubernetes.io/tls-acme: "true"
     nginx.ingress.kubernetes.io/ssl-passthrough: "true"
     # If you encounter a redirect loop or are getting a 307 response code
     # then you need to force the nginx ingress to connect to the backend using HTTPS.
     nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
 spec:
   rules:
-  - host: argocd.softwareheritage.org
+  - host: argocd.internal.admin.swh.network
     http:
       paths:
       - path: /
         pathType: Prefix
         backend:
           service:
             name: argocd-server
             port:
               name: https
diff --git a/argocd/argocd-ingress.yaml b/argocd/argocd-publc-ingress.yaml
similarity index 96%
rename from argocd/argocd-ingress.yaml
rename to argocd/argocd-publc-ingress.yaml
index 71e9554..af7adab 100644
--- a/argocd/argocd-ingress.yaml
+++ b/argocd/argocd-publc-ingress.yaml
@@ -1,25 +1,25 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: argocd-ingress
+  name: argocd-public-ingress
   namespace: argocd
   annotations:
     #cert-manager.io/cluster-issuer: letsencrypt-prod
     kubernetes.io/ingress.class: nginx
     kubernetes.io/tls-acme: "true"
     nginx.ingress.kubernetes.io/ssl-passthrough: "true"
     # If you encounter a redirect loop or are getting a 307 response code
     # then you need to force the nginx ingress to connect to the backend using HTTPS.
     nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
 spec:
   rules:
   - host: argocd.softwareheritage.org
     http:
       paths:
       - path: /
         pathType: Prefix
         backend:
           service:
             name: argocd-server
             port:
               name: https
diff --git a/argocd/namespaces.yaml b/argocd/namespaces.yaml
index 47bb057..6586b88 100644
--- a/argocd/namespaces.yaml
+++ b/argocd/namespaces.yaml
@@ -1,5 +1,9 @@
-# Namespace dedicated to the swh elastic environment
 apiVersion: v1
 kind: Namespace
 metadata:
   name: metallb
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: ingress-nginx