Argo-cd: Enhance inferring logic of URL protocol for resource's external URLs

Hi,
I may have misunderstood things but I think the annotation nginx.ingress.kubernetes.io/secure-backends refers to the backend service, not the exposed url. If true the communication inside the cluster between the ingress controller and the service is secured. So it should'nt be used while building an external URL.
While building the external URL, could the TLS section be sufficient to determine the protocol : If a tls is specified, it is https, otherwise it is http ?

The best way to do this is probably through a specific, argo-cd namespace annotation. Otherwise the team could spend a lot of time trying to determine which fields to use and still not get it right.

Since in https://kubernetes.io/docs/concepts/services-networking/ingress/#what-is-ingress it states that

An Ingress does not expose arbitrary ports or protocols. Exposing services other than HTTP and HTTPS to the internet typically uses a service of type Service.Type=NodePort or Service.Type=LoadBalancer.

I think the port should be
1) http (Port 80) as a default
2) https (Port 443) if tls is defined in ingress
3) other arbitrary port is hard or impossible to guess since it is very specific to the ingress controller. Maybe an argocd specific annotation is needed in the ingress object (not global in the namespace, because it can be different in each ingress)

Many of our services open an arbitary port (3000 for example) but the ingress listens on HTTP:80/HTTPS:443 yet the external url uses a mix of the service port and the Ingress address and comes out looking like http://service.example.com:3000/ingress/path rather than http://service.example.com/ingress/path