diff --git a/all.yml b/all.yml
index 1ddb001..39a7a38 100644
--- a/all.yml
+++ b/all.yml
@@ -51,7 +51,7 @@
           dest: "/usr/local/scripts/alerts.sh"
           owner: root
           group: root
-          mode: 0744
+          mode: 0755
         tags:
           - alerts
 
diff --git a/group_vars/local.yml b/group_vars/local.yml
index 21c96de..f410c68 100644
--- a/group_vars/local.yml
+++ b/group_vars/local.yml
@@ -239,3 +239,12 @@ dockerapp_compose:
   # KUBERNETES #
   ##############
 
+
+
+
+
+kubernetes_tree_base_dir:
+  - /opt
+  - /opt/kubernetes
+
+kubernetes_service: infra
\ No newline at end of file
diff --git a/host_vars/vagrant.yml b/host_vars/vagrant.yml
index 5ad95f4..16c3df1 100644
--- a/host_vars/vagrant.yml
+++ b/host_vars/vagrant.yml
@@ -4,6 +4,7 @@ docker_install_compose: false
 
 kubernetes_version: 1.28
 kubernetes_apiserver_advertise_address: 192.168.33.10
+kubernetes_load_balancer_public_ip: 192.168.33.11
 kubernetes_pod_network:
   # Flannel CNI.
   cni: 'flannel'
@@ -18,11 +19,11 @@ kubernetes_pod_network:
 #   - "--pod-network-cidr=10.244.0.0/16"
 #   - "--control-plane-endpoint=192.168.33.10"
 
-kubernetes_namespaces:
-  - apiVersion: v1
-    kind: Namespace
-    metadata:
-      name: argocd
+# kubernetes_namespaces:
+#   - apiVersion: v1
+#     kind: Namespace
+#     metadata:
+#       name: argocd
 
 # kubernetes_namespace: toto
 
@@ -90,6 +91,216 @@ kubernetes_alias_bashrc:
   # - complete -F __start_kubectl k
   #- echo "function kname() {k config set-context --current --namespace $1}" >> ~/.bashrc
 
+kubernetes_namespaces_crd:
+  - namespace: argocd
+    url: https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
+    file: install
+  - namespace: traefik
+    url: https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+    file: kubernetes-crd-definition-v1
+  # - namespace: traefik
+  #   url: https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+  #   file: kubernetes-crd-rbac
+
+kubernetes_namespaces: "{{ kubernetes_namespaces_crd }}"
+
+
+kubernetes_traefik_objects:
+  - namespace: traefik
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    definition:
+      metadata:
+        name: traefik-role
+      rules:
+        - apiGroups:
+            - ""
+          resources:
+            - services
+            - endpoints
+            - secrets
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - extensions
+            - networking.k8s.io
+          resources:
+            - ingresses
+            - ingressclasses
+          verbs:
+            - get
+            - list
+            - watch
+        - apiGroups:
+            - extensions
+            - networking.k8s.io
+          resources:
+            - ingresses/status
+          verbs:
+            - update
+        - apiGroups:
+            - traefik.io
+          resources:
+            - middlewares
+            - middlewaretcps
+            - ingressroutes
+            - traefikservices
+            - ingressroutetcps
+            - ingressrouteudps
+            - tlsoptions
+            - tlsstores
+            - serverstransports
+            - serverstransporttcps
+          verbs:
+            - get
+            - list
+            - watch
+  - namespace: traefik
+    apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    definition:
+      metadata:
+        name: traefik-role-binding
+      roleRef:
+        apiGroup: rbac.authorization.k8s.io
+        kind: ClusterRole
+        name: traefik-role
+      subjects:
+        - kind: ServiceAccount
+          name: traefik-account
+          namespace: traefik
+  - namespace: traefik
+    apiVersion: v1
+    kind: ServiceAccount
+    definition:
+      metadata:
+        name: traefik-account
+  - namespace: traefik
+    kind: Deployment
+    apiVersion: apps/v1
+    definition:
+      metadata:
+        name: traefik-deployment
+        labels:
+          app: traefik
+      spec:
+        replicas: 1
+        selector:
+          matchLabels:
+            app: traefik
+        template:
+          metadata:
+            labels:
+              app: traefik
+          spec:
+            serviceAccountName: traefik-account
+            hostNetwork: true     
+            containers:
+              - name: traefik
+                image: traefik:v2.10
+                args:
+                  - --accessLog
+                  - --api.insecure=false
+                  - --api.dashboard
+                  - --entrypoints.web.address=:80
+                  - --entrypoints.web.http.redirections.entryPoint.to=websecure
+                  - --entrypoints.websecure.address=:443
+                  - --providers.kubernetesingress=true
+                  - --providers.kubernetescrd=true
+                  - --log.level=debug
+                  - --metrics.prometheus=true
+                  - --metrics.prometheus.buckets=0.1,0.3,1.2,5.0
+                  - --metrics.prometheus.addEntryPointsLabels=true
+                  - --metrics.prometheus.addrouterslabels=true
+                  - --metrics.prometheus.addServicesLabels=true
+                  - --metrics.prometheus.manualrouting=true
+                  #Cela signifie que Traefik ne vérifiera pas la validité du certificat SSL/TLS du serveur vers lequel il dirige le trafic
+                  # Ok en dev (self-signed) NOK en prod
+                  # Utilisé pour argocd - 500 Internal Error traefik
+                  - --serverstransport.insecureskipverify=true
+                ports:
+                  - name: web
+                    containerPort: 80
+                  - name: websecure
+                    containerPort: 443
+  - namespace: traefik
+    apiVersion: v1
+    kind: Secret
+    definition:
+      data:
+        tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZsekNDQTM4Q0ZGSjc1dnE5KzhJUGNIR0RHcU5EM1ZnRzZyU1FNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1JR0gKTVFzd0NRWURWUVFHRXdKR1VqRVBNQTBHQTFVRUNBd0dSbkpoYm1ObE1RNHdEQVlEVlFRSERBVlFZWEpwY3pFTwpNQXdHQTFVRUNnd0ZTMFZaV1U4eERqQU1CZ05WQkFzTUJVdEZXVmxQTVJrd0Z3WURWUVFEREJCMFpYTjBMblJ5CllXVm1hV3N1Ym1WME1Sd3dHZ1lKS29aSWh2Y05BUWtCRmcxMFpYTjBRSFJsYzNRdVkyOXRNQjRYRFRJek1EZ3kKTnpFME5ESXhObG9YRFRJek1Ea3lOakUwTkRJeE5sb3dnWWN4Q3pBSkJnTlZCQVlUQWtaU01ROHdEUVlEVlFRSQpEQVpHY21GdVkyVXhEakFNQmdOVkJBY01CVkJoY21sek1RNHdEQVlEVlFRS0RBVkxSVmxaVHpFT01Bd0dBMVVFCkN3d0ZTMFZaV1U4eEdUQVhCZ05WQkFNTUVIUmxjM1F1ZEhKaFpXWnBheTV1WlhReEhEQWFCZ2txaGtpRzl3MEIKQ1FFV0RYUmxjM1JBZEdWemRDNWpiMjB3Z2dJaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQwpBUURNbG9aSE4yOE04SERMU2t5WkJ5SzhvWEtTcDB0WHFnL3FrM1FpeHQ5UEpnOWduYWs1NThtVEgwemNzQk1VCmFndEtTWXU1akdQSGFSQ3dXNDdrTGp6TUlLL2RYdWlDRE1nUUN6RFB0cWM2Qm9KQy95UTZHV1VwU2hhSmVQUVUKRFRVK09NamNpd09LSmkxOTFKMnR3ZGxpb21FbXZYWUFHcStzSkRVa25WL1FadVBZMlpmcVZibnBwQkt5U0FvegpJWVVGRzdOSTk2K3o3TW5IelVWNG94V1lkQkNjTWNvMllFV3lNU2hhR0hDV3Z3dUtXalZJWXJWSGI1dlQyWVF4CjRCbHlUa2dEQ1o3bTZWMlhLcFJIalp4cjJJVHh1T0FybzhoZ3FHSGprbnptVGh6ZnZKK1NuWk8xK253OXEvNnMKN1lxbkI1RUh2UVdBSks5UkYrZDZsOGZTam1iUGs0VGl1cWNqRkljUXprSnVUV2ZSbk1MN0YybXQ4Z0p6azlZRwpsaW1jcTdkSTdENFFDaEJadGt1Ny93TmUrSTI2Y0MwM0l5QnR0SFRqeUlvbWJ4K1JVOFJBaGFKNDZtY3Y4ZUdCCjNIeS9hVjZERFB6SWdUc1JQWTNuekhlYWhmOHJmamNRcDcrZGNuNmxDV0pROW0rQVFNN0hZZGtJdXQ5QlF0aEQKemlHZFFLd3ZBdmFTV3krRjdQc2kxUXQwTDhxZ01OT2JDTUl6ZUdCYXg0ZkdZQnJjNFQ3UXFVNzBKakZXWXhQUwpzU1UzRm5sWFhLbXFTZ29naFd3Y2tqWUJCakJnb1E4dmZJNDhqTDlycmJkZWFxSWJXSkRSeXc4R0ZGNDVDMzNQCkxRWC9zWEN3Wno0YjVHYkZZNWRzbVBGdFVnUG9TVWtZWm9KVU8waUw3NXhMRVFJREFRQUJNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElDQVFDWU0vY2tKUDBYelk1bTJsQlRWdm9hUzg1MVJlRTA5YmFqaXlMbnYrTFpLRTNyVzFQTAo1citubzNXVCtZWmxYUzVGS0Z4cGZMdXdJRGZtZTZjOUVldzRLbkdxaTVVTXJrVjJxb3lPUmxIRzdESG1ocW5NCjlNK1J2Zks4QldaUmMwQ0lwOGQ3dnBhWW1xQ0tFdURYajZZd2FSUmJHejdkcE1MYnFsNWViaU5md2c5em1aaE0KNmxXcVphN3JxTzBwMEp3NXNOLzZUS2F1QXlkUitaS1NGdzVVVWFCN20veW1MN0lWVk5WRVBzRm5aYnViRm40YwpZQm93NHA1V3NjUHoyQTVmUG83QzlkZkNaaWpCYmlodXNYdTIzMDEwSU9ITys4SjlOMFBtUit5Y0J3dHd2MmhRCmpzbThPTTV0YTFUZkJmeHUzeWNQZjl2Um5SVlJHVkg0eEdLN2tTMnNwKzZiS0xEM2hKNFN2VkRNdVBHQW5zb2gKbGFOb2JqL2l0NU1MQ08wcDhMclJ2OHdwTUdnVUZ0eVNtR2FDa0MvM0pqQ1BTbnI2S1d3a3VQVnRVVlZpSjhpagpKREhBcW9hSWhLVzcwOXZTdWlFbHZUTlIwUmJWWHVaRDZqRHRDTGdmaXB1T2E1endoeEd3aVhHL1g1bUszaUxkCnRCUi9JeGw0ZUlQV1BVbEtnZHBMVzFIU2I3aU42cG05cjQveGpEbDkzeGowR2ZYZktKalhFY0RtTklhZUl1cVUKRUpDK0Q3YVU4bkdoMlN3WTIrbWlQckFQU0gwSjBxMjhzTHErMXZKWG11MEsxUVZNejErY3hrVER5WVRpTnBwcQpTOXJoWkJoTzNPZEd4Z0ZYSVc5V1dqSStEdXZ3cTJrV1Qwb3VKTHZNbkpDcU5vYkgzVXlHTGg0WmNnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+        tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpSQUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1M0d2dna3FBZ0VBQW9JQ0FRRE1sb1pITjI4TThIREwKU2t5WkJ5SzhvWEtTcDB0WHFnL3FrM1FpeHQ5UEpnOWduYWs1NThtVEgwemNzQk1VYWd0S1NZdTVqR1BIYVJDdwpXNDdrTGp6TUlLL2RYdWlDRE1nUUN6RFB0cWM2Qm9KQy95UTZHV1VwU2hhSmVQUVVEVFUrT01qY2l3T0tKaTE5CjFKMnR3ZGxpb21FbXZYWUFHcStzSkRVa25WL1FadVBZMlpmcVZibnBwQkt5U0FveklZVUZHN05JOTYrejdNbkgKelVWNG94V1lkQkNjTWNvMllFV3lNU2hhR0hDV3Z3dUtXalZJWXJWSGI1dlQyWVF4NEJseVRrZ0RDWjdtNlYyWApLcFJIalp4cjJJVHh1T0FybzhoZ3FHSGprbnptVGh6ZnZKK1NuWk8xK253OXEvNnM3WXFuQjVFSHZRV0FKSzlSCkYrZDZsOGZTam1iUGs0VGl1cWNqRkljUXprSnVUV2ZSbk1MN0YybXQ4Z0p6azlZR2xpbWNxN2RJN0Q0UUNoQloKdGt1Ny93TmUrSTI2Y0MwM0l5QnR0SFRqeUlvbWJ4K1JVOFJBaGFKNDZtY3Y4ZUdCM0h5L2FWNkREUHpJZ1RzUgpQWTNuekhlYWhmOHJmamNRcDcrZGNuNmxDV0pROW0rQVFNN0hZZGtJdXQ5QlF0aER6aUdkUUt3dkF2YVNXeStGCjdQc2kxUXQwTDhxZ01OT2JDTUl6ZUdCYXg0ZkdZQnJjNFQ3UXFVNzBKakZXWXhQU3NTVTNGbmxYWEttcVNnb2cKaFd3Y2tqWUJCakJnb1E4dmZJNDhqTDlycmJkZWFxSWJXSkRSeXc4R0ZGNDVDMzNQTFFYL3NYQ3daejRiNUdiRgpZNWRzbVBGdFVnUG9TVWtZWm9KVU8waUw3NXhMRVFJREFRQUJBb0lDQUd4bE9FSFZVZ1kyQWwwRFFiQTJncVlVCm1DS3hkbzY4OE8vbExqd2F5RWdrTHpPT2RSSFVDQTNtSUpBd3pmc2I4RjFzdUJZWUZ1bVpkaGtxZVh2V0w2b3IKaTJJcm5kOEJyS0lyZTdJaDRWb3lCcVEra0ZBa0VtQWMrL0hjWHQyYzNkL1lzRHVCZjkrYk9MRVpqRzE2YnBYKwoyS0J3ODJzOHVHVHBUaXJYSXVQRkQrVmQ3RXBoSHo1MkN0M2dvMTdSM0t1SE1LZHhhK3RWZ3RkVW9BRTV6d0JXClJsS3JZcXNLdVFLZlh2VFZUQm5pb05ldDBkdEhTU3JQTEczREtuSk9mTXorUXRNeExyckRYQzN5aGx1ZTRRaVcKMEdGT0JaKzVpRG9HSE04NVZ1bWk2MU56bWN4UnB1aGREYVNUVXowR0lsYzdBQkZzaWRTS0cwVkkrQUVSRi9JNQpyM0IyWFBoQVVTNFVlTCttTVJoNW4xWjAzemY4dnRTbnJydUhTditlT25GMVpmcy9tS0NwSnV3YXFHVU4ycjU5CjR1SUNLeXExeUdWaXhNUFU1Zk9QU3poeVd3dUNyVEIydlZqb2J4OUtwVGZGb1dQbU1nSW1rVDRiZy9oVE5naWQKcm9mMmMrVE12cVBQdERKTnRyNW8vQm5jbFIvMXloOVVYdnZSN1dxT21UcEREZUtRUmZlb253TFhNRW1xbmlVYgpTQzZBWnZ4M05yeE14Sk9iRkNDQ01rbXNhS3o2VE9jN2FCRU9ocEZaK1VtN3ZhWWpCZE4vTVlDQmxQZEJ2R090CnRJNk43TVJuc0tid09zOE5wU0FZRWVoWkF3M285KzJzaGIrL3hTUnFocGpURE9tY25KSGRSN3B6RnpGZzA0QzYKT01kU09ycTNrdnpHWWlnNnduYkJBb0lCQVFEbnhtbERwbHRyUUdYMXZmcTRzTFBHTnhmbktabVg3SzdvTlEvegp3NlBFKzlwSi8zSU1VL3NXMGFmcDhvQnc1ZndNT21jN0FqL3VEeTBZYks5Mk55VG5OSzBoZzZPcXNodFdYdDZOCjlnU0hCV3ArcG9pMHVxS3pEblhReEpZUzQ5MDVvTmxvdmhabHMvOG1jbm91TmlhSUlHcXQ0L2dOMUZINmN0bDUKMTRrbm1SUDFRNnZzWXNHNXlKSThsNldDTnJzT21RQmFzR0RrWGJ1dzFWTVYxMzhRR3lCUDdVK2J6Sy9vZ1VqQgpiKzY3Q3JSZ0dIRDc0eS9QNVp3MDJMV3F2WWVHZVJhZHMwQUIyNUlqeTVMWHVERkdWUVZsRlNjTGNkNFZSVXdzCnVqWVdqem1CQmJsVE9tMW1vSjRmRm1haGdLM2RiSW12UGFjQkprQXhnbDJ4MGlVcEFvSUJBUURoK0t2TzBxV08KMXZSbklJWmE3TzQ2SWdmN3E4cVdlanhsbmtUamVkYm5xakpxM1VQMHRxZmpid1V2a3J2amhWaHJmR1lVelBrTApINm9seGh5VmpLM0EvYUNPTlNnWXpDd1grWHllSUdtUnpNNlV5aGFzYVFzTHU1dnhYRTBmZ0VxdGxUb3VrZkIvCjBVUm9TTittQjd5VXBKSTBDQkZmZGN0aVR6a2Q5cDRlU2VSZDNHSWFFMU0vUXBSTTVyN2h1S3dkSXdOdDJSeHEKQ2szY3dVd1psZkpSZ1NZL3pjK3VuZFlYYmN5aFFKRTIya29yNVQ4Nll1S1NPcU1RdlhNRkJkSFlMNVJBZzBRYgpQSkxUWm9hNU9qbkc3VHNsaWxFbUVMSUg3eHp4ZStYVEY3MERSdkhuOWlnY2hHbmhkSTEvWU1DbTNuSHlqWVRNCmFML1BlcTRxSVF1cEFvSUJBUUNMMEdiRGhtRHphOStWeEVxd2l2ZUhoTWlJaTlHNWtlOVk2Rmw5SlBGdjdMV2IKbWRyRWtReVFrVnlIaGQveE91czJ2U3gwcmtDK2JLMDVaS2JiMnh3SjFQN3pqcU4yWHdhYXJaUDNjd2I4SkVvLwpxRm9qRzhyMTFLMUJpTFUzSS9uWnY2d213VFJsbVpVN0xpZUNKT3hOaGJDVXdVWnJvVDdxbzhtSTlIb3FSdStCCkxwZFJlNmw5VnY3UVNuSnZBSEVLdDBVOWI5U2pMZUFCSms1K2lJWi93cjFWT2NTaUtYR2NBaEZQanlRbDlLa20KcHRmUk94VW1oazRhbXZmTHpaVXBpM1lYSDRCbkhuc2oyTFAyS1lpZjhyM1VZbFF4VlRrdy82S2FBS0tNTFUzMQpCT3pzeGZ3a3dwTmdFWFZMeTRJV1psa1FPMUs1SU1mc2xjWExkUWN4QW9JQkFRRGR4MUxRRlR1NTJreGEzcmdlCmkwVXdOdkJBMkJWbjVLWmNVWjVvNTg2ODVmUy9uMVF2M0FrZ2xYaXdmVUg4aG9ZR1VEeGNFK1FsUDdtZGd6ZlEKcXhacFFFT1E3cWpnMVpvOUdYWnVOMytGUWs1S0I2R0RLMEZWRFpkNnBrMW5LbUdneGNJcHJNQXVvbk9TS2x1ZQpOeCtsZjNPaXIzeGxoVlhNc2Rac0N2eWEyNGpQZWhtcVgrY25RakFNM2JiZ0VJQ1R4Q1o4YkVhUDZIY012NFh4CjRwSEYzb3hzdUpFcFh1MmRadjBjRWlPemcwQ2lua2VWQlRJN3RHTVFiZTl5TVlrSHRZSzZZbHE0cEpXeDk0RW8KVC9ZZXYveDUxcXZZUVRDSnl1dE1NbjZZMUVhRTdkOUQrdnJaS2poRXQwQ2NrSmZqN3BSRkt4SDRFS0tZZmw1cgpLSzJwQW9JQkFRRFFJOUp4N2YraW53Y1EydWtHckN2bmVJN2VnaXVqWmoxUEdKbTZLMU5hM3ZVT0xJem9iV3dNCk01dmpRcXAweDdFc3BjQXpBSVF6TytQcUNPQ21iMUx6VGVwejhyc2FiRW84Z04rOEV6SkQzdnF2NTNMR0NCMFMKM2RhdHlmZ0xmeGFvYVFTUk9jUWUxYlpwZy9MUzloZ2pmZjlEbUtaZ3VOTzN0eUZhRGJ4MHQ0RS9GZkJkNVNPWApPdU0vZVU5R1ZZdzFJSW1FeGF2bll4eEtzUXd0VlAyQjNYMG9MbFNhemk0bG9Jb21SRE81TEhTUXp0TDZ6UFZrClRUT0JML2t4Umx1K3UvYStXQ2NrNytSKzc3dmU3d0taV2lJNmdyYnpjNW1VSXlHbEpTUjRvRlVSSzhiL20vOHQKVkJBZzhUYllDYms3aG1RWitHN0lac1NQWE9od2lzWHYKLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+      metadata:
+        name: test-ssl-secret
+        namespace: traefik
+      type: kubernetes.io/tls
+  - namespace: traefik
+    apiVersion: v1
+    kind: Secret
+    definition:
+      metadata:
+        name: traefik-auth-secret-dashboard
+      type: kubernetes.io/basic-auth
+      stringData:
+        username: admin
+        password: dashboard
+  - namespace: traefik
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: Middleware
+    definition:
+      metadata:
+        name: traefik-auth-dashboard
+      spec:
+        basicAuth:
+          secret: traefik-auth-secret-dashboard
+  - namespace: traefik
+    apiVersion: traefik.io/v1alpha1
+    kind: IngressRoute
+    definition:
+      metadata:
+        name: traefik-dashboard
+        namespace: traefik
+      spec:
+        entryPoints:
+          - websecure
+        routes:
+        - match: Host(`test.traefik.net`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`)) 
+          kind: Rule
+          services:
+          - name: api@internal
+            kind: TraefikService
+          middlewares:
+          - name: traefik-auth-dashboard
+            namespace: traefik
+        tls:
+          secretName: test-ssl-secret
+  - namespace: traefik
+    apiVersion: v1
+    kind: Service
+    definition:
+      metadata:
+        name: traefik-service
+        namespace: traefik
+      spec:
+        type: LoadBalancer
+        externalIPs: 
+          - "{{ kubernetes_load_balancer_public_ip }}"
+        ports:
+          - protocol: TCP
+            port: 443
+            targetPort: websecure
+            name: websecure
+          - protocol: TCP
+            targetPort: web
+            port: 80
+            name: web
+        selector:
+          app: traefik
+
+
+
 # for github
 
 management_user_list:
diff --git a/kube.yml b/kube.yml
index c90ec75..d40a159 100644
--- a/kube.yml
+++ b/kube.yml
@@ -77,7 +77,7 @@
         - "{{ kubernetes_tree_base_dir | last }}"
         - "{{ kubernetes_tree_base_dir | last }}/{{ kubernetes_service }}"
       tags:
-        - git
+        - test
 
 #kubectl label node <node name> node-role.kubernetes.io/<role name>=<key
 
@@ -91,27 +91,35 @@
 # need pip kubernetes to use k8s module
     - name: Create all k8s namespace
       kubernetes.core.k8s:
-        name: argocd
+        name: "{{ item.namespace }}"
         api_version: v1
         kind: Namespace
         state: present
+      loop: "{{ kubernetes_namespaces }}"
+      when: kubernetes_role == 'control_plane'
       tags: 
         - test
 
     # Download and apply manifest
-    - name: Download all manifest to the cluster.
+    - name: Download all manifests to the cluster.
       ansible.builtin.get_url:
-        url: https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml
-        dest: "{{ kubernetes_tree_base_dir | last }}/{{ kubernetes_service }}/install.yaml"
+        url: "{{ item.url| default(omit) }}"
+        dest: "{{ kubernetes_tree_base_dir | last }}/{{ kubernetes_service }}/{{ item.namespace }}_{{ item.file }}.yaml"
         mode: '0664'
+      loop: "{{ kubernetes_namespaces }}"
+      when:
+        - kubernetes_role == 'control_plane'
       tags: 
         - test
 
-    - name: Apply argocd manifest to the cluster.
+    - name: Apply all manifests to the cluster.
       kubernetes.core.k8s:
         state: present
-        namespace: argocd
-        src: "{{ kubernetes_tree_base_dir | last }}/{{ kubernetes_service }}/install.yaml"
+        namespace: "{{ item.namespace }}"
+        src: "{{ kubernetes_tree_base_dir | last }}/{{ kubernetes_service }}/{{ item.namespace }}_{{ item.file }}.yaml"
+      loop: "{{ kubernetes_namespaces }}"
+      when:
+        - kubernetes_role == 'control_plane'
       tags: 
         - test
 
@@ -126,7 +134,7 @@
         kind: "{{ item.kind }}"
         definition: "{{ item.definition }}"
         state: present
-      loop: "{{ kubernetes_argocd_objects }}" 
+      loop: "{{ kubernetes_traefik_objects }}" 
       tags: 
         - test
         - last