We have seen about ArgoCD sync configuration and part of that we have understand Argo CD polls the Git repositories every 3minutes to detect the changes done on the repo. In case if you wish to change the delay to quicker, you can configure the webhook events to send the poll to API server. Argo CD supports Git webhook notifications from all major providers in the market like GitHub, GitLab, Bitbucket, Bitbucket Server and Gogs. The following explains how to configure a Git webhook for GitHub and Gitlab, same process can be applicable to other providers.
Create The Webhook in GitHub
Login to GITHUB repository and navigate to the settings page where webhooks can be configured. The payload URL configured in the Git provider should use the /api/webhook endpoint of your Argo CD instance ex:https://argocd.example.com/api/webhook. If you wish to use a shared secret, input an arbitrary value in the secret. This value will be used when configuring the webhook in the next step.
Please be noted:
- When creating the webhook in GitHub, the “Content type” needs to be set to “
application/json
“. The default value “application/x-www-form-urlencoded
” is not supported by the library used to handle the hooks - The webhook handler does not differentiate between branch events and tag events where the branch and tag names are the same. A hook event for a push to branch
x
will trigger a refresh for an app pointing at the same repo withtargetRevision:
refs/tags/x
. - If Argo CD is publicly accessible, then configuring a webhook secret is recommended to prevent a DDoS attack.
Configure Argo CD with The WebHook Secret
In the argocd-secret kubernetes secret, configure one of the following keys with the Git provider’s webhook secret configured in step 1.
Provider | K8s Secret Key |
GitHub | webhook.github.secret |
GitLab | webhook.gitlab.secret |
BitBucket | webhook.bitbucket.uuid |
BitBucketServer | webhook.bitbucketserver.secret |
Gogs | webhook.gogs.secret |
Edit the Argo CD kubernetes secret:
# kubectl edit secret argocd-secret -n argocd
TIP: for ease of entering secrets, kubernetes supports inputting secrets in the stringData field, which saves you the trouble of base64 encoding the values and copying it to the data field. Simply copy the shared webhook secret created in step 1, to the corresponding GitHub/GitLab/BitBucket key under the stringData field:
apiVersion: v1
kind: Secret
metadata:
name: argocd-secret
namespace: argocd
type: Opaque
data:
...
stringData:
# github webhook secret
webhook.github.secret: shhhh! it's a GitHub secret
# gitlab webhook secret
webhook.gitlab.secret: shhhh! it's a GitLab secret
# bitbucket webhook secret
webhook.bitbucket.uuid: your-bitbucket-uuid
# bitbucket server webhook secret
webhook.bitbucketserver.secret: shhhh! it's a Bitbucket server secret
# gogs server webhook secret
webhook.gogs.secret: shhhh! it's a gogs server secret
After saving, the changes should take effect automatically.
Once you have add the secret(optional), you can goto your repository and edit any manifest, in my case, I am editing https://github.com/foxutech/kubernetes/blob/main/argocd/sync/waves/manifests.yaml. Here I am trying to change the replicas and see how it goes.
When I make a change immediately the application on the ArgoCD changed to OutOfSync. Once you sync’ed you can see the webhook on the Github turned to green, as the payload has been updated.