diff --git a/components/11-argo-workflows/argo-server-cluster-role.yaml b/components/11-argo-workflows/argo-server-cluster-role.yaml
new file mode 100644
index 000000000..d35682ebe
--- /dev/null
+++ b/components/11-argo-workflows/argo-server-cluster-role.yaml
@@ -0,0 +1,26 @@
+## configure clusterrole for argo-server to provide permissions when argo-worfklows is running namespaced
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: argo-server
+rules:
+- apiGroups:
+  - argoproj.io
+  resources:
+  - clusterworkflowtemplates
+  verbs:
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: argo-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: argo-server
+subjects:
+- kind: ServiceAccount
+  name: argo-server
+  namespace: argo
diff --git a/components/11-argo-workflows/ingress.yaml b/components/11-argo-workflows/ingress.yaml
new file mode 100644
index 000000000..2b97b74b7
--- /dev/null
+++ b/components/11-argo-workflows/ingress.yaml
@@ -0,0 +1,26 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    cert-manager.io/cluster-issuer: selfsigned-cluster-issuer
+    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+  name: argo-workflows
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: workflows.local
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argo-server
+            port:
+              number: 2746
+  tls:
+  - hosts:
+    - workflows.local
+    secretName: argo-workflows-ingress-tls
diff --git a/components/11-argo-workflows/kustomization.yaml b/components/11-argo-workflows/kustomization.yaml
index ea2aa4c41..0e543dc3c 100644
--- a/components/11-argo-workflows/kustomization.yaml
+++ b/components/11-argo-workflows/kustomization.yaml
@@ -4,3 +4,21 @@ kind: Kustomization
 
 resources:
   - https://github.com/argoproj/argo-workflows/releases/download/v3.5.4/namespace-install.yaml
+  - ingress.yaml
+
+  ## configure argo-workflow rbac
+  - argo-server-cluster-role.yaml
+
+patches:
+- target:  # configure argo-server namespaced and to set to server mode to disable auth until auth can be worked out
+    group: apps
+    version: v1
+    kind: Deployment
+    name: argo-server
+  path: patch-server-deployment.yaml
+- target:  # configure the workflow controller to monitor the argo-events namespace
+    group: apps
+    version: v1
+    kind: Deployment
+    name: workflow-controller
+  path: patch-workflow-deployment.yaml
diff --git a/components/11-argo-workflows/patch-server-deployment.yaml b/components/11-argo-workflows/patch-server-deployment.yaml
new file mode 100644
index 000000000..49c0a8d33
--- /dev/null
+++ b/components/11-argo-workflows/patch-server-deployment.yaml
@@ -0,0 +1,10 @@
+## configure argo-server namespaced and to set to server mode to disable auth until auth can be worked out
+- op: replace
+  path: /spec/template/spec/containers/0/args
+  value:
+    - server
+    - --auth-mode=server
+    # - --auth-mode=client
+    - --namespaced
+    - --managed-namespace
+    - argo-events
diff --git a/components/11-argo-workflows/patch-workflow-deployment.yaml b/components/11-argo-workflows/patch-workflow-deployment.yaml
new file mode 100644
index 000000000..67e343b16
--- /dev/null
+++ b/components/11-argo-workflows/patch-workflow-deployment.yaml
@@ -0,0 +1,7 @@
+## configure the workflow controller to monitor the argo-events namespace
+- op: replace
+  path: /spec/template/spec/containers/0/args
+  value:
+    - --namespaced
+    - --managed-namespace
+    - argo-events