Argo-tunnel and loadbalancer for kubectl

I would like to use argo to create a load balancer for the k8s control plane e.g. k8s.mydomain.com which balances the load to one of the 2 master nodes.

I wonder if then I still can add my cluster in gitlab as described here i.e. gitlab requires an api url:

API URL (required) - It’s the URL that GitLab uses to access the Kubernetes API. Kubernetes exposes several APIs, we want the “base” URL that is common to all of them. For example, https://kubernetes.example.com rather than https://kubernetes.example.com/api/v1 .

To my understanding, when using an argo-tunnel, I also have to use cloudflared to connect to the tunnel as described at kubectl. Thus providing an api-url to gitlab would not work as gitlab does not use cloudflared.

I am right or do I need cloudflared only in case I enable Cloudflare Access?

I addition I also wonder what I generally miss, cause I followed the guideline and when I run kubeone get ns I can see the following

ERROR[2020-11-02T11:24:13+01:00] failed to connect to https://kube.mydomain.com with error: websocket: bad handshake

I run the following argo-config on both master nodes of my cluster

hostname: "kube.mycompany.com"
url: tcp://kubernetes.internal:6443
lb_pool: kube
socks5: true