diff --git a/Readme.md b/Readme.md
index 88c22e7..887a5b1 100644
--- a/Readme.md
+++ b/Readme.md
@@ -1,7 +1,44 @@
 # Kubernetes clusters configuration
 
 Contains the kubernetes clusters configuration.
 
 Organization:
 - One directory per cluster
 - The directory name must match the cluster name in rancher
+
+
+# ArgoCD management
+
+## Bootstrap
+
+On the cluster:
+```
+export NS=argocd
+kubectl create namespace $NS
+kubectl apply -n $NS \
+   -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+```
+
+Follow the step  in https://docs.softwareheritage.org/sysadm/deployment/argocd.html
+
+## Store ArgoCD admin dashboard
+
+Copy the password in your clipboard (and try and connect to the dashboard:
+```
+kubectl -n $NS get secret argocd-initial-admin-secret \
+  -o jsonpath="{.data.password}" | base64 -d | xsel --input --clipboard
+```
+
+## Change ArgocCD admin login password
+
+```
+# examples:
+# - ARGOCD_SERVER=localhost:8080
+# - ARGOCD_SERVER=argo-worker01.internal.admin.swh.network:443
+argocd login $ARGOCD_SERVER
+argocd account update-password
+```
+
+Note:
+The password must be a string of characters between [8-32] characters.
+
diff --git a/argocd/argocd-ingress.yaml b/argocd/argocd-ingress.yaml
new file mode 100644
index 0000000..e2c6d2b
--- /dev/null
+++ b/argocd/argocd-ingress.yaml
@@ -0,0 +1,25 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-server
+  namespace: argocd
+  annotations:
+    #cert-manager.io/cluster-issuer: letsencrypt-prod
+    kubernetes.io/ingress.class: nginx
+    kubernetes.io/tls-acme: "true"
+    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+    # If you encounter a redirect loop or are getting a 307 response code
+    # then you need to force the nginx ingress to connect to the backend using HTTPS.
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+spec:
+  rules:
+  - host: argocd.softwareheritage.org
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argocd-server
+            port:
+              name: https
diff --git a/argocd/argocd-install.yaml b/argocd/argocd-install.yaml
new file mode 100644
index 0000000..a8f5810
--- /dev/null
+++ b/argocd/argocd-install.yaml
@@ -0,0 +1,37 @@
+# Declare the application to deploy the swh services
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: argocd-argocd-install
+  namespace: argocd
+spec:
+  project: default
+  source:
+    repoURL: 'https://github.com/argoproj/argo-cd.git'
+    path: manifests
+    targetRevision: v2.4.11
+
+    directory:
+      recurse: false
+      include: install.yaml
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: argocd
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+
+  syncPolicy:
+    syncOptions:
+    - RespectIgnoreDifferences=true
+
+  ignoreDifferences:
+  # The argocd-ssh-known-hosts-cm ConfigMap is redeclared in our descritor to add the forge keys
+  - kind: ConfigMap
+    name: argocd-ssh-known-hosts-cm
+    jsonPointers:
+      - /data
+      - /metadata/labels
+
+  revisionHistoryLimit: 2