kubectl create namespace argocd
wget https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml -O argo-cd.yaml

sed -i -e 's?image: argoproj?image: dockerhub.azk8s.cn/argoproj?g'  -e 's?quay.io?quay.azk8s.cn?g' -e 's?k8s.gcr.io?gcr.azk8s.cn/google-containers?g'  argo-cd.yaml

kubectl apply -n argocd -f argo-cd.yaml

# expose service via lb or ingress

# use lb
# kubectl patch svc argocd-server -n argocd -p '{"spec": {"type": "LoadBalancer"}}'


# setup ingress 
# create secret
# kubectl create secret tls tls-cert-doamin-com --key server.key --cert server.crt

# ingress
cat > argo-cd-ingress.yaml <<-EOF 
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: argocd-server-ingress
  namespace: argocd
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
  rules:
  - host: argocd.domain.com
  - host: argocd
    http:
        paths:
        - path: /
          backend:
            serviceName: argocd-server
            servicePort: http
  tls:
  - secretName: tls-cert-domain-com

EOF

kubectl apply -f  argo-cd-ingress.yaml 

ingress-nginx need add --enable-ssl-passthrough args

kubectl edit DaemonSet/nginx-ingress-controller -n ingress-nginx

--enable-ssl-passthrough

open https://argocd

username: admin
password:

$(kubectl get pods -n argocd -o wide | grep 'argocd-server' | cut -d' ' -f 1)

two issues:

1. ingress-nginx health check processing https://github.com/argoproj/argo-cd/issues/1704
   workaround

kubectl edit cm/argocd-cm -n argocd

# append below data:

  resource.customizations: |
    extensions/Ingress:
        health.lua: |
          hs = {}
          hs.status = "Healthy"
          return hs

2. pull docker image from private registry auth failed, with imagePullSecrets in kubectl yaml
   error: no basic auth credentials
   if your app's namespace is golang, and imagePullSecrets is secret-private-registry

kubectl create secret generic secret-private-registry \
    --from-file=.dockerconfigjson=/root/.docker/config.json \
    --type=kubernetes.io/dockerconfigjson \
    -n golang

was not sueecess with kubectl yaml, but sync ok with helm yaml, then all projects get synced.