diff --git a/argo1/templates/haproxy-ingress.yaml b/argo1/templates/istio-base.yaml
similarity index 59%
rename from argo1/templates/haproxy-ingress.yaml
rename to argo1/templates/istio-base.yaml
index ed55e13..0748f48 100644
--- a/argo1/templates/haproxy-ingress.yaml
+++ b/argo1/templates/istio-base.yaml
@@ -1,25 +1,25 @@
-# {{ if (index .Values "haproxy-ingress").enabled }}
+# {{ if (index .Values "istio-base").enabled }}
 ---
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: "{{ .Release.Name }}-haproxy-ingress"
+  name: "{{ .Release.Name }}-istio-base"
   namespace: argocd
   finalizers:
     - resources-finalizer.argocd.argoproj.io
 spec:
   project: default
   source:
-    chart: haproxy-ingress
-    repoURL: https://haproxy-ingress.github.io/charts
-    targetRevision: 0.14.2
+    chart: base
+    repoURL: https://istio-release.storage.googleapis.com/charts
+    targetRevision: 1.18.1
     helm:
       values: |-
-        {{ (index .Values "haproxy-ingress").values | nindent 8 }}
-      releaseName: haproxy-ingress
+        {{ (index .Values "istio-base").values | default "{}" | nindent 8 }}
+      releaseName: istio-base
   destination:
     server: "https://kubernetes.default.svc"
-    namespace: haproxy-ingress
+    namespace: istio-system
   syncPolicy:
     automated:
       prune: true
diff --git a/argo1/templates/istiod.yaml b/argo1/templates/istiod.yaml
new file mode 100644
index 0000000..bcaf680
--- /dev/null
+++ b/argo1/templates/istiod.yaml
@@ -0,0 +1,35 @@
+# {{ if (index .Values "istiod").enabled }}
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: "{{ .Release.Name }}-istiod"
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    chart: istiod
+    repoURL: https://istio-release.storage.googleapis.com/charts
+    targetRevision: 1.18.1
+    helm:
+      values: |-
+        {{ (index .Values "istiod").values | default "{}" | nindent 8 }}
+      releaseName: istiod
+  destination:
+    server: "https://kubernetes.default.svc"
+    namespace: istio-system
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: 10
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 3m0s
+# {{- end }}
diff --git a/argo1/values.yaml b/argo1/values.yaml
index 83dd919..8b247c8 100644
--- a/argo1/values.yaml
+++ b/argo1/values.yaml
@@ -13,36 +13,6 @@ cert-manager:
     ingressShim.defaultIssuerName: zerossl
     installCRDs: "true"
 
-haproxy-ingress:
-  enabled: true
-  values: |-
-    controller:
-      config:
-        fronting-proxy-port: "81"
-        use-proxy-protocol: "true"
-      extraArgs:
-        watch-ingress-without-class: ""
-      ingressClass: haproxy
-      ingressClassResource:
-        default: true
-        enabled: true
-        parameters: {}
-      logs:
-        enabled: true
-      metrics:
-        enabled: true
-      service:
-        annotations:
-          metallb.universe.tf/allow-shared-ip: 172.16.17.81
-          metallb.universe.tf/loadBalancerIPs: 172.16.17.81
-        type: LoadBalancer
-      stats:
-        enabled: true
-      tcp:
-        "81": ""
-    serviceAccount:
-      create: true
-
 argo-cd:
   crds:
     install: false
@@ -161,10 +131,12 @@ external-secrets:
           timeoutSeconds: 1
           periodSeconds: 5
 
+istio-base: {enabled: true}
+istiod: {enabled: true}
 metallb: {enabled: true}
 pgo: {enabled: true}
 secrets: {enabled: true}
 sealed-secrets: {enabled: true}
-template-operator: {enabled: true}
 stakater-reloader: {enabled: true}
+template-operator: {enabled: true}
 trust-manager: {enabled: true}