diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/kube-prometheus-stack/kube-prometheus-stack/argocd-apps-kube-prometheus-stack-app.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/kube-prometheus-stack/kube-prometheus-stack/argocd-apps-kube-prometheus-stack-app.yaml
index cbb1501..c67da8e 100644
--- a/clusters/k8s-avroid-office.prod.local/namespaces/kube-prometheus-stack/kube-prometheus-stack/argocd-apps-kube-prometheus-stack-app.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/kube-prometheus-stack/kube-prometheus-stack/argocd-apps-kube-prometheus-stack-app.yaml
@@ -8,6 +8,11 @@ metadata:
     - resources-finalizer.argocd.argoproj.io
 spec:
   project: kube-prometheus-stack
+  destination:
+    - namespace: kube-prometheus-stack
+      server: https://kubernetes.default.svc
+    - namespace: kube-system
+      server: https://kubernetes.default.svc
   sources:
     - repoURL: https://git.avroid.tech/K8s/k8s-configs.git
       targetRevision: master
@@ -39,6 +44,12 @@ spec:
   sourceRepos:
     - https://git.avroid.tech/K8s/k8s-configs.git
     - https://nexus.avroid.tech/repository/devops-helm-proxy-helm/
+  # Only permit applications to deploy to the guestbook namespace in the same cluster
+  destinations:
+    - namespace: kube-prometheus-stack
+      server: https://kubernetes.default.svc
+    - namespace: kube-system
+      server: https://kubernetes.default.svc
   # Deny all cluster-scoped resources from being created, except for Namespace
   clusterResourceWhitelist:
     - group: ''