This repository has been archived by the owner on Jul 15, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 279
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d267799
commit 64d7774
Showing
2 changed files
with
63 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
# Git Generator Webhook Configuration | ||
|
||
## Overview | ||
|
||
When using a Git generator, ApplicationSet polls Git repositories every three minutes to detect changes. To eliminate | ||
this delay from polling, the ApplicationSet webhook server can be configured to receive webhook events. ApplicationSet supports | ||
Git webhook notifications from GitHub and GitLab. The following explains how to configure a Git webhook for GitHub, but the same process should be applicable to other providers. | ||
|
||
!!! note | ||
ApplicationSet exposes the webhook server as a service of type ClusterIP. An Ingress resource needs to be created to expose this service to the webhook source. | ||
|
||
### 1. Create The WebHook In The Git Provider | ||
|
||
In your Git provider, navigate to the settings page where webhooks can be configured. The payload | ||
URL configured in the Git provider should use the `/api/webhook` endpoint of your ApplicationSet instance | ||
(e.g. `https://applicationset.example.com/api/webhook`). If you wish to use a shared secret, input an | ||
arbitrary value in the secret. This value will be used when configuring the webhook in the next step. | ||
|
||
![Add Webhook](./assets/webhook-config.png "Add Webhook") | ||
|
||
!!! note | ||
When creating the webhook in GitHub, the "Content type" needs to be set to "application/json". The default value "application/x-www-form-urlencoded" is not supported by the library used to handle the hooks | ||
|
||
### 2. Configure ApplicationSet With The WebHook Secret (Optional) | ||
|
||
Configuring a webhook shared secret is optional, since ApplicationSet will still refresh applications | ||
generated by Git generators, even with unauthenticated webhook events. This is safe to do since | ||
the contents of webhook payloads are considered untrusted, and will only result in a refresh of the | ||
application (a process which already occurs at three-minute intervals). If ApplicationSet is publicly | ||
accessible, then configuring a webhook secret is recommended to prevent a DDoS attack. | ||
|
||
In the `argocd-secret` kubernetes secret, include the Git provider's webhook secret configured in step 1. | ||
|
||
Edit the Argo CD kubernetes secret: | ||
|
||
```bash | ||
kubectl edit secret argocd-secret -n argocd | ||
``` | ||
|
||
TIP: for ease of entering secrets, kubernetes supports inputting secrets in the `stringData` field, | ||
which saves you the trouble of base64 encoding the values and copying it to the `data` field. | ||
Simply copy the shared webhook secret created in step 1, to the corresponding | ||
GitHub/GitLab/BitBucket key under the `stringData` field: | ||
|
||
```yaml | ||
apiVersion: v1 | ||
kind: Secret | ||
metadata: | ||
name: argocd-secret | ||
namespace: argocd | ||
type: Opaque | ||
data: | ||
... | ||
|
||
stringData: | ||
# github webhook secret | ||
webhook.github.secret: shhhh! it's a github secret | ||
|
||
# gitlab webhook secret | ||
webhook.gitlab.secret: shhhh! it's a gitlab secret | ||
``` | ||
After saving, please restart the ApplicationSet pod for the changes to take effect. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.