diff --git a/09-ingress-gitea.yaml b/09-ingress-gitea.yaml
new file mode 100755
index 0000000..00dcf6e
--- /dev/null
+++ b/09-ingress-gitea.yaml
@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: gitea-ingress
+  namespace: gitea
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: "50m"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "10"
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - gitea.cyanburu.com
+    secretName: gitea-tls
+  rules:
+  - host: gitea.cyanburu.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: gitea-http
+            port:
+              number: 3000
diff --git a/10-ingress-argocd.yaml b/10-ingress-argocd.yaml
new file mode 100755
index 0000000..e5d33b9
--- /dev/null
+++ b/10-ingress-argocd.yaml
@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: argocd-ingress
+  namespace: argocd
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "60"
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "10"
+spec:
+  ingressClassName: nginx
+  tls:
+  - hosts:
+    - argo.cyanburu.com
+    secretName: argocd-tls
+  rules:
+  - host: argo.cyanburu.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: argocd-server
+            port:
+              number: 443
diff --git a/README.md b/README.md
index 71db4de..499621f 100755
--- a/README.md
+++ b/README.md
@@ -12,24 +12,29 @@
 
 ```
 사용자 (외부 인터넷)
-    ↓ https://cyanburu.com (443)
+    ├── https://cyanburu.com       → Web Portal
+    ├── https://gitea.cyanburu.com → Gitea
+    └── https://argo.cyanburu.com  → ArgoCD
+         ↓
 MSI 라우터 (포트포워딩 80/443)
-    ↓
-Nginx Ingress Controller  ← TLS 종료, 라우팅
-    ↓
+         ↓
+Nginx Ingress Controller  ← TLS 종료, 도메인별 라우팅
+         ↓
 cert-manager              ← Let's Encrypt 인증서 자동 발급/갱신
-    ↓
-Kubernetes - web-portal 네임스페이스
-  ├── Nginx Frontend  (ClusterIP: 80)
-  ├── FastAPI Backend (ClusterIP: 8000)
-  └── PostgreSQL DB   (ClusterIP: 5432)
-      ↑
+         ↓
+Kubernetes 네임스페이스별 서비스
+  ├── web-portal
+  │     ├── Nginx Frontend  (ClusterIP: 80)
+  │     ├── FastAPI Backend (ClusterIP: 8000)
+  │     └── PostgreSQL DB   (ClusterIP: 5432)
+  ├── gitea
+  │     └── Gitea           (ClusterIP: 3000)
+  └── argocd
+        └── ArgoCD Server   (ClusterIP: 443)
+            ↑
 개발자 (git push)
     ↓
-Gitea (192.168.10.101:30000)
-  └── Container Registry (이미지 저장)
-    ↓
-ArgoCD 자동 감지 & 배포 (192.168.10.101:30080)
+Gitea → ArgoCD 자동 감지 & 배포
 ```
 
 ---
@@ -48,6 +53,7 @@ ArgoCD 자동 감지 & 배포 (192.168.10.101:30080)
 | Ingress | Nginx Ingress Controller |
 | TLS | cert-manager + Let's Encrypt |
 | Domain | cyanburu.com (후이즈) |
+| 서브도메인 | gitea.cyanburu.com, argo.cyanburu.com |
 
 ---
 
@@ -77,7 +83,9 @@ nginx-portal/
 
 k8s/ 폴더 내 추가 파일:
 ├── 07-clusterissuer.yaml        # Let's Encrypt ClusterIssuer
-└── 08-ingress.yaml              # Nginx Ingress 규칙 + TLS 설정
+├── 08-ingress.yaml              # Web Portal Ingress (cyanburu.com)
+├── 09-ingress-gitea.yaml        # Gitea Ingress (gitea.cyanburu.com)
+└── 10-ingress-argocd.yaml       # ArgoCD Ingress (argo.cyanburu.com)
 ```
 
 > ⚠️ `06-argocd-app.yaml` 은 반드시 `k8s/` 폴더 **밖**에 위치해야 합니다.
@@ -251,11 +259,24 @@ kubectl get certificate -n web-portal
 # READY: True 확인
 ```
 
-### 12단계. 접속 확인
-```
-https://cyanburu.com
+### 12단계. 서브도메인 Ingress 적용 (Gitea, ArgoCD)
+```bash
+kubectl apply -f 09-ingress-gitea.yaml
+kubectl apply -f 10-ingress-argocd.yaml
+
+# 인증서 발급 확인
+kubectl get certificate -n gitea
+kubectl get certificate -n argocd
 ```
 
+### 13단계. 접속 확인
+
+| 서비스 | URL |
+|--------|-----|
+| Web Portal | `https://cyanburu.com` |
+| Gitea | `https://gitea.cyanburu.com` |
+| ArgoCD | `https://argo.cyanburu.com` |
+
 ---
 
 ## 🔄 이후 배포 방법 (코드 수정 시)
@@ -341,7 +362,12 @@ location /api/auth/login {
 ### HTTPS / TLS
 - cert-manager가 Let's Encrypt 인증서를 **자동으로 갱신** (만료 30일 전)
 - HTTP 접속 시 자동으로 HTTPS로 리다이렉트 (`ssl-redirect: "true"`)
-- 인증서 상태 확인: `kubectl get certificate -n web-portal`
+- 인증서 상태 확인:
+```bash
+kubectl get certificate -n web-portal   # cyanburu.com
+kubectl get certificate -n gitea        # gitea.cyanburu.com
+kubectl get certificate -n argocd       # argo.cyanburu.com
+```
 
 ---
 
@@ -630,3 +656,8 @@ git config --global user.name "계정명"
 - **CoreDNS** 내부 도메인 등록 (헤어핀 NAT 우회)
 - **HTTPS 자동 리다이렉트** 적용
 - 최종 접속 URL: `https://cyanburu.com`
+
+#### 서브도메인 연결
+- **gitea.cyanburu.com** → Gitea (Let's Encrypt 인증서 자동 발급)
+- **argo.cyanburu.com** → ArgoCD (Let's Encrypt 인증서 자동 발급)
+- CoreDNS에 서브도메인 내부 IP 등록 (헤어핀 NAT 우회)
diff --git a/coredns-patch.yaml b/coredns-patch.yaml
new file mode 100755
index 0000000..ddd3869
--- /dev/null
+++ b/coredns-patch.yaml
@@ -0,0 +1,32 @@
+data:
+  Corefile: |
+    cyanburu.com {
+        hosts {
+            192.168.10.101 cyanburu.com
+            fallthrough
+        }
+        cache 30
+    }
+    .:53 {
+        errors
+        health {
+            lameduck 5s
+        }
+        ready
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+            pods insecure
+            fallthrough in-addr.arpa ip6.arpa
+            ttl 30
+        }
+        prometheus :9153
+        forward . /etc/resolv.conf {
+            max_concurrent 1000
+        }
+        cache 30 {
+            disable success cluster.local
+            disable denial cluster.local
+        }
+        loop
+        reload
+        loadbalance
+    }