diff --git a/src/aks-platform/05_argocd.tf b/src/aks-platform/05_argocd.tf
index be6dd2a..72baae4 100644
--- a/src/aks-platform/05_argocd.tf
+++ b/src/aks-platform/05_argocd.tf
@@ -81,7 +81,7 @@ module "argocd_pod_identity" {
 
   cluster_name        = module.aks[0].name
   resource_group_name = azurerm_resource_group.rg_aks.name
-  location            = var.location_westeurope
+  location            = var.location
   tenant_id           = data.azurerm_subscription.current.tenant_id
 
   identity_name = "argocd-pod-identity"
diff --git a/src/aks-platform/05_ingress.tf b/src/aks-platform/05_ingress.tf
index 4844130..8a3cf7e 100644
--- a/src/aks-platform/05_ingress.tf
+++ b/src/aks-platform/05_ingress.tf
@@ -25,7 +25,10 @@ module "nginx_ingress" {
   }
 
   values = [
-    "${templatefile("${path.module}/ingress/loadbalancer.yaml.tpl", { load_balancer_ip = var.ingress_load_balancer_ip })}"
+    templatefile("${path.module}/ingress/loadbalancer.yaml.tpl", {
+      load_balancer_ip    = var.ingress_load_balancer_ip
+      private_subnet_name = module.snet_aks.name
+    })
   ]
 
   set = [
diff --git a/src/aks-platform/ingress/loadbalancer.yaml.tpl b/src/aks-platform/ingress/loadbalancer.yaml.tpl
index 95df9e1..9f12a9b 100644
--- a/src/aks-platform/ingress/loadbalancer.yaml.tpl
+++ b/src/aks-platform/ingress/loadbalancer.yaml.tpl
@@ -1,4 +1,6 @@
 controller:
   service:
+    annotations:
       service.beta.kubernetes.io/azure-load-balancer-internal: "true"
       service.beta.kubernetes.io/azure-load-balancer-ipv4: ${load_balancer_ip}
+      service.beta.kubernetes.io/azure-load-balancer-internal-subnet: ${private_subnet_name}
diff --git a/src/core/01_network.tf b/src/core/01_network.tf
index a8613c5..aea91e3 100644
--- a/src/core/01_network.tf
+++ b/src/core/01_network.tf
@@ -45,7 +45,7 @@ module "vnet_ita_peering" {
   source_resource_group_name       = azurerm_resource_group.rg_ita_vnet.name
   source_virtual_network_name      = module.vnet_italy.name
   source_remote_virtual_network_id = module.vnet_italy.id
-  source_use_remote_gateways       = false
+  source_use_remote_gateways       = true
   source_allow_forwarded_traffic   = true
 
   target_resource_group_name       = azurerm_resource_group.rg_vnet.name