diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/prod/argocd-apps-prod.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/prod/argocd-apps-prod.yaml
new file mode 100644
index 0000000..f801160
--- /dev/null
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/prod/argocd-apps-prod.yaml
@@ -0,0 +1,59 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: prod
+  labels:
+    name: prod
+    app.kubernetes.io/managed-by: argocd
+  annotations:
+    argocd.argoproj.io/sync-wave: "-1"
+    scheduler.alpha.kubernetes.io/node-selector: node-role.kubernetes.io/worker=
+---
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+  name: prod
+  namespace: prod
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  hard:
+    requests.cpu: "4"
+    requests.memory: "10Gi"
+    requests.storage: "100Mi"
+    limits.cpu: "16"
+    limits.memory: 24Gi
+    configmaps: "200"
+    resourcequotas: "1"
+    secrets: "200"
+    services: "200"
+    pods: "100"
+    persistentvolumeclaims: "40"
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: prod-common
+  namespace: prod
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector: {}
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress: []
+  egress:
+    - to:
+        - ipBlock:
+            # office-balancer.avroid.tech
+            cidr: 10.2.16.2/32
+      ports:
+        - port: 443
+          protocol: TCP
+    - ports:
+        - port: 53
+          protocol: TCP
+        - port: 53
+          protocol: UDP
diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/plantuml/argocd-apps-plantuml-app.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/prod/plantuml/argocd-apps-plantuml-app.yaml
similarity index 82%
rename from clusters/k8s-avroid-office.prod.local/namespaces/plantuml/argocd-apps-plantuml-app.yaml
rename to clusters/k8s-avroid-office.prod.local/namespaces/prod/plantuml/argocd-apps-plantuml-app.yaml
index 6e9a181..ee73274 100644
--- a/clusters/k8s-avroid-office.prod.local/namespaces/plantuml/argocd-apps-plantuml-app.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/prod/plantuml/argocd-apps-plantuml-app.yaml
@@ -10,17 +10,17 @@ spec:
   project: plantuml
   destination:
     server: https://kubernetes.default.svc
-    namespace: plantuml
+    namespace: prod
   sources:
     - repoURL: https://git.avroid.tech/K8s/k8s-configs.git
       targetRevision: master
       ref: values
-    - repoURL: https://stevehipwell.github.io/helm-charts/
-      chart: "plantuml"
+    - repoURL: https://nexus.avroid.tech/repository/devops-helm-proxy-helm/
+      chart: "stevehipwell/plantuml"
       targetRevision: 3.36.0
       helm:
         valueFiles:
-          - $values/clusters/k8s-avroid-office.prod.local/namespaces/plantuml/values.yaml
+          - $values/clusters/k8s-avroid-office.prod.local/namespaces/prod/plantuml/values-ovveride.yaml
   syncPolicy:
     automated:
       prune: true
@@ -39,11 +39,11 @@ metadata:
     - resources-finalizer.argocd.argoproj.io
 spec:
   sourceRepos:
-    - https://stevehipwell.github.io/helm-charts/
     - https://git.avroid.tech/K8s/k8s-configs.git
+    - https://nexus.avroid.tech/repository/devops-helm-proxy-helm/
   # Only permit applications to deploy to the guestbook namespace in the same cluster
   destinations:
-    - namespace: plantuml
+    - namespace: prod
       server: https://kubernetes.default.svc
   # Deny all cluster-scoped resources from being created, except for Namespace
   clusterResourceWhitelist:
diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/plantuml/argocd-apps-plantuml-namespace.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/prod/plantuml/argocd-apps-plantuml-namespace.yaml
similarity index 100%
rename from clusters/k8s-avroid-office.prod.local/namespaces/plantuml/argocd-apps-plantuml-namespace.yaml
rename to clusters/k8s-avroid-office.prod.local/namespaces/prod/plantuml/argocd-apps-plantuml-namespace.yaml
diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/prod/plantuml/argocd-apps-plantuml-network-policy.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/prod/plantuml/argocd-apps-plantuml-network-policy.yaml
new file mode 100644
index 0000000..b788451
--- /dev/null
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/prod/plantuml/argocd-apps-plantuml-network-policy.yaml
@@ -0,0 +1,18 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: plantuml-in
+  namespace: prod
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: plantuml
+  policyTypes:
+    - Ingress
+  ingress:
+    - ports:
+        - port: 80
+          protocol: TCP
diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/plantuml/values.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/prod/plantuml/values-ovveride.yaml
similarity index 100%
rename from clusters/k8s-avroid-office.prod.local/namespaces/plantuml/values.yaml
rename to clusters/k8s-avroid-office.prod.local/namespaces/prod/plantuml/values-ovveride.yaml