Version 3.0.0

Ingress — ArgoCD

Exposing Argo CD via Ingress enables external HTTP/HTTPS access to the cluster using a dedicated hostname. The tdp-argo chart uses the Ingress configuration from the upstream argo-cd chart, under the tdp-argo.server.ingress prefix.

Prerequisites

Ingress Controller installed in the cluster (e.g., NGINX).
DNS entry pointing to the Ingress Controller IP (or local /etc/hosts for testing).
Certificate issuance: optional, via cert-manager for automatic TLS.

Public URL

Ensure that the URL used by users matches tdp-argo.configs.cm.url (e.g., https://<host>), which is required for Dex/LDAP and correct links in the UI.

Configuration example

Ingress vs Gateway API

TDPConfiguration.gateway.ingress and TDPConfiguration.gateway.gatewayApi are mutually exclusive. Enable only one of them.

Check the current keys in the values.yaml of tdp-argo / argo-cd; a common pattern from the upstream chart is:

TDPConfiguration:
  gateway:
    ingress:
      enabled: true

tdp-argo:
  server:
    ingress:
      ingressClassName: <ingress-class>
      hostname: <host>
      tls: true
      annotations:
        cert-manager.io/cluster-issuer: "letsencrypt-prod"

Replace <ingress-class> with the name of the Ingress Controller in the environment (verify with kubectl get ingressclass) and <host> with a domain you control.

Annotations (cert-manager, SSL redirect, etc.) depend on your Ingress Controller; configure them according to the controller you use.

Access after configuration

Obtain the external IP of the Ingress Controller:

Terminal input

kubectl get svc -A -l app.kubernetes.io/name=ingress-nginx \
  -o jsonpath='{.items[0].status.loadBalancer.ingress[0].ip}'

Add the hostname to DNS or to the /etc/hosts file:
```
<INGRESS_IP>   <host>
```
Access https://<host> (or http:// if TLS is not configured).

Alternatives

LoadBalancer on the server Service, when supported.
Port-forward for testing: kubectl port-forward svc/<release>-argocd-server -n <namespace> 8080:80

Troubleshooting

Issue	Cause	Solution
SSO/LDAP with wrong URL	`configs.cm.url` does not match the host	Adjust `tdp-argo.configs.cm.url` to the actual host
Ingress not created	`server.ingress.enabled: false`, chart template, or incorrect `ingressClassName`	Check `server.ingress` keys in the exact chart version, whether the template is enabled, and whether `ingressClassName` matches the Ingress Controller used in the cluster
TLS fails	Incorrect Issuer or Secret	Verify cert-manager and the TLS Secret and controller annotations

Prerequisites​

Public URL​

Configuration example​

Access after configuration​

Alternatives​

Troubleshooting​