diff --git a/apps/operators/ingress-nginx.yaml b/apps/operators/ingress-nginx.yaml
index 8413398d9..799d74b71 100644
--- a/apps/operators/ingress-nginx.yaml
+++ b/apps/operators/ingress-nginx.yaml
@@ -11,7 +11,7 @@ spec:
       helm:
         releaseName: ingress-nginx
         valueFiles:
-          - $values/bootstrap/phase_2/ingress-nginx/values.yaml
+          - $values/bootstrap/ingress-nginx/values.yaml
           - $secrets/helm-configs/${DEPLOY_NAME}/ingress-nginx.yaml
     - repoURL: https://github.com/rackerlabs/understack.git
       targetRevision: ${UC_REPO_REF}
diff --git a/bootstrap/phase_2/argocd/ingress.yaml b/bootstrap/argocd/ingress.yaml
similarity index 80%
rename from bootstrap/phase_2/argocd/ingress.yaml
rename to bootstrap/argocd/ingress.yaml
index b26d8f7eb..579059553 100644
--- a/bootstrap/phase_2/argocd/ingress.yaml
+++ b/bootstrap/argocd/ingress.yaml
@@ -4,7 +4,7 @@ metadata:
   name: argocd
   namespace: argocd
   annotations:
-    cert-manager.io/cluster-issuer: selfsigned-cluster-issuer
+    cert-manager.io/cluster-issuer: ${DEPLOY_NAME}-cluster-issuer
     nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
     nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
 spec:
@@ -19,8 +19,8 @@ spec:
             name: argo-cd-argocd-server
             port:
               name: http
-    host: argocd.local
+    host: argocd.${DNS_ZONE}
   tls:
   - hosts:
-    - argocd.local
+    - argocd.${DNS_ZONE}
     secretName: argocd-ingress-tls
diff --git a/bootstrap/phase_2/argocd/kustomization.yaml b/bootstrap/argocd/kustomization.yaml
similarity index 95%
rename from bootstrap/phase_2/argocd/kustomization.yaml
rename to bootstrap/argocd/kustomization.yaml
index 8dce7df5c..25db285a0 100644
--- a/bootstrap/phase_2/argocd/kustomization.yaml
+++ b/bootstrap/argocd/kustomization.yaml
@@ -4,7 +4,6 @@ kind: Kustomization
 
 resources:
 - namespace.yaml
-- ingress.yaml
 
 helmGlobals:
   chartHome: ../../charts/
diff --git a/bootstrap/phase_2/argocd/namespace.yaml b/bootstrap/argocd/namespace.yaml
similarity index 100%
rename from bootstrap/phase_2/argocd/namespace.yaml
rename to bootstrap/argocd/namespace.yaml
diff --git a/bootstrap/phase_2/argocd/values.yaml b/bootstrap/argocd/values.yaml
similarity index 100%
rename from bootstrap/phase_2/argocd/values.yaml
rename to bootstrap/argocd/values.yaml
diff --git a/bootstrap/bootstrap.sh b/bootstrap/bootstrap.sh
index 518fc473b..9567d8586 100755
--- a/bootstrap/bootstrap.sh
+++ b/bootstrap/bootstrap.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 wait_for_cert_manager() {
-  local cmd="kubectl apply -f bootstrap/phase_1/cert-manager/cmchecker.yaml --dry-run=server"
+  local cmd="kubectl apply -f bootstrap/cert-manager/cmchecker.yaml --dry-run=server"
   max_tries=10
   current_retry=1
 
@@ -19,6 +19,10 @@ wait_for_cert_manager() {
   echo " done."
 }
 
-kubectl kustomize --enable-helm bootstrap/phase_1 | kubectl apply --server-side -f -
+kubectl kustomize --enable-helm bootstrap/cert-manager/ | kubectl apply --server-side -f -
 wait_for_cert_manager
-kubectl kustomize --enable-helm bootstrap/phase_2 | kubectl apply --server-side -f -
+kubectl kustomize --enable-helm bootstrap | kubectl apply --server-side -f -
+kubectl apply -f bootstrap/cert-manager/issuer-kube-system-self-signed.yaml
+export DEPLOY_NAME=selfsigned
+export DNS_ZONE=local
+cat bootstrap/argocd/ingress.yaml | envsubst | kubectl apply -f -
diff --git a/bootstrap/phase_1/cert-manager/cmchecker.yaml b/bootstrap/cert-manager/cmchecker.yaml
similarity index 100%
rename from bootstrap/phase_1/cert-manager/cmchecker.yaml
rename to bootstrap/cert-manager/cmchecker.yaml
diff --git a/bootstrap/phase_2/issuer-kube-system-self-signed.yaml b/bootstrap/cert-manager/issuer-kube-system-self-signed.yaml
similarity index 100%
rename from bootstrap/phase_2/issuer-kube-system-self-signed.yaml
rename to bootstrap/cert-manager/issuer-kube-system-self-signed.yaml
diff --git a/bootstrap/phase_1/cert-manager/kustomization.yaml b/bootstrap/cert-manager/kustomization.yaml
similarity index 100%
rename from bootstrap/phase_1/cert-manager/kustomization.yaml
rename to bootstrap/cert-manager/kustomization.yaml
diff --git a/bootstrap/phase_2/ingress-nginx/kustomization.yaml b/bootstrap/ingress-nginx/kustomization.yaml
similarity index 100%
rename from bootstrap/phase_2/ingress-nginx/kustomization.yaml
rename to bootstrap/ingress-nginx/kustomization.yaml
diff --git a/bootstrap/phase_2/ingress-nginx/namespace.yaml b/bootstrap/ingress-nginx/namespace.yaml
similarity index 100%
rename from bootstrap/phase_2/ingress-nginx/namespace.yaml
rename to bootstrap/ingress-nginx/namespace.yaml
diff --git a/bootstrap/phase_2/ingress-nginx/values.yaml b/bootstrap/ingress-nginx/values.yaml
similarity index 100%
rename from bootstrap/phase_2/ingress-nginx/values.yaml
rename to bootstrap/ingress-nginx/values.yaml
diff --git a/bootstrap/phase_2/kustomization.yaml b/bootstrap/kustomization.yaml
similarity index 71%
rename from bootstrap/phase_2/kustomization.yaml
rename to bootstrap/kustomization.yaml
index 05aea6b54..897f3b609 100644
--- a/bootstrap/phase_2/kustomization.yaml
+++ b/bootstrap/kustomization.yaml
@@ -3,7 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
 resources:
-- issuer-kube-system-self-signed.yaml
+- cert-manager/issuer-kube-system-self-signed.yaml
 - ingress-nginx/
 - sealed-secrets/
 - argocd/
diff --git a/bootstrap/phase_1/kustomization.yaml b/bootstrap/phase_1/kustomization.yaml
deleted file mode 100644
index 1c84fe7fd..000000000
--- a/bootstrap/phase_1/kustomization.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-
-resources:
-- cert-manager/
diff --git a/bootstrap/phase_2/sealed-secrets/kustomization.yaml b/bootstrap/sealed-secrets/kustomization.yaml
similarity index 100%
rename from bootstrap/phase_2/sealed-secrets/kustomization.yaml
rename to bootstrap/sealed-secrets/kustomization.yaml
diff --git a/bootstrap/phase_2/sealed-secrets/values.yaml b/bootstrap/sealed-secrets/values.yaml
similarity index 100%
rename from bootstrap/phase_2/sealed-secrets/values.yaml
rename to bootstrap/sealed-secrets/values.yaml
diff --git a/docs/gitops-install.md b/docs/gitops-install.md
index a06ddea9d..58a4f31af 100644
--- a/docs/gitops-install.md
+++ b/docs/gitops-install.md
@@ -154,7 +154,7 @@ If you do not have ArgoCD deployed then you can use the following:
 
 ```bash
 kubectl kustomize --enable-helm \
-    https://github.com/rackerlabs/understack/bootstrap/phase_2/argocd/ \
+    https://github.com/rackerlabs/understack/bootstrap/argocd/ \
     | kubectl apply -f -
 ```
 
diff --git a/scripts/gitops-deploy.sh b/scripts/gitops-deploy.sh
index a5c7c5950..fc435f4e5 100755
--- a/scripts/gitops-deploy.sh
+++ b/scripts/gitops-deploy.sh
@@ -75,5 +75,19 @@ for component in keystone dexidp ingress-nginx ironic nautobot; do
     fi
 done
 
+for cfg in bootstrap/argocd/ingress.yaml; do
+    basefile=$(basename "${cfg}")
+    component=$(basename "$(dirname "${cfg}")")
+    outfile="${UC_DEPLOY_CLUSTER}/${component}/${basefile}"
+
+    mkdir -p "${UC_DEPLOY_CLUSTER}/${component}"
+    if [ ! -f "${outfile}" ]; then
+        template "${UC_REPO}/${cfg}" "${outfile}"
+    else
+        echo "You have ${outfile} already, not overwriting"
+    fi
+done
+
+
 echo "Creating app-of-apps config"
 template "${UC_REPO_APPS}/app-of-apps.yaml" "${UC_DEPLOY_CLUSTER}/app-of-apps.yaml"