diff --git a/infrastructure/argocd/argocd-config.yaml b/infrastructure/argocd/argocd-config.yaml
new file mode 100644
index 0000000..235e5af
--- /dev/null
+++ b/infrastructure/argocd/argocd-config.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cmd-params-cm
+  namespace: argocd
+data:
+  server.insecure: "true"
diff --git a/infrastructure/argocd/argocd-ingress.yaml b/infrastructure/argocd/argocd-ingress.yaml
new file mode 100644
index 0000000..ec0b5a9
--- /dev/null
+++ b/infrastructure/argocd/argocd-ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-ingress
+  namespace: argocd
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    argocd.argoproj.io/sync-wave: "6"
+spec:
+  ingressClassName: traefik
+  rules:
+  - host: argocd.unreg-hdw.de
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argocd-server
+            port:
+              number: 80
+  tls:
+  - hosts:
+    - argocd.unreg-hdw.de
+    secretName: argocd-tls-cert
diff --git a/infrastructure/argocd/argocd-rbac.yaml b/infrastructure/argocd/argocd-rbac.yaml
new file mode 100644
index 0000000..e426809
--- /dev/null
+++ b/infrastructure/argocd/argocd-rbac.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-rbac-cm
+  namespace: argocd
+data:
+  # Unangemeldete / unbekannte User haben keinen Zugriff
+  policy.default: role:''
+  policy.csv: |
+    # readonly: darf alles sehen, nichts ändern
+    p, role:readonly, applications, get, */*, allow
+    p, role:readonly, projects, get, *, allow
+    p, role:readonly, repositories, get, *, allow
+    p, role:readonly, clusters, get, *, allow
+    p, role:readonly, logs, get, */*, allow
+
+    # Beispiel: alice bekommt readonly-Zugriff
+    # g, alice, role:readonly
diff --git a/infrastructure/argocd/argocd-users.yaml b/infrastructure/argocd/argocd-users.yaml
new file mode 100644
index 0000000..992888e
--- /dev/null
+++ b/infrastructure/argocd/argocd-users.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cm
+  namespace: argocd
+data:
+  url: https://argocd.unreg-hdw.de
+  # Weitere lokale User hier hinzufügen: accounts.<username>: login
+  # accounts.alice: login