Create the ingress with tls passthrough support

Tls is terminated on the ArgoCD server, not on ingress

charts/argo-cd/templates/argocd-server-ingress.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.ingress.enabled -}}
+{{- $ingressPath := .Values.ingress.path -}}
+{{- $servicePortHttps := .Values.server.servicePortHttps -}}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: argocd-server
+  labels: 
+    app.kubernetes.io/name: {{ include "argo-cd.name" . }}
+    helm.sh/chart: {{ include "argo-cd.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
+{{- with .Values.ingress.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+  rules:
+  {{- range .Values.ingress.hosts }}
+    - host: {{ . | quote }}
+      http:
+        paths:
+          - path: {{ $ingressPath }}
+            backend:
+              serviceName: argocd-server
+              servicePort: {{ $servicePortHttps }}
+  {{- end }}
+{{- end }}

charts/argo-cd/values.yaml

@@ -43,6 +43,17 @@ dexServer:
     tag: v0.11.0
     pullPolicy: Always
 
+# terminate tls at ArgoCD level
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+    # nginx.ingress.kubernetes.io/ssl-passthrough: "true"
+  path: /
+  hosts:
+    - argocd.example.com
+
 # Standard Argo CD installation with cluster-admin access. 
 # Set this true if you plan to use Argo CD to deploy applications in the same cluster that 
 #     Argo CD runs in (i.e. kubernetes.svc.default).