github.com/argoproj/argo-cd@v1.8.7/docs/operator-manual/webhook.md

github.com/argoproj/argo-cd@v1.8.7/docs/operator-manual/webhook.md (about)

     1  # Git Webhook Configuration
     2  
     3  ## Overview
     4  
     5  Argo CD polls Git repositories every three minutes to detect changes to the manifests. To eliminate
     6  this delay from polling, the API server can be configured to receive webhook events. Argo CD supports
     7  Git webhook notifications from GitHub, GitLab, Bitbucket, Bitbucket Server and Gogs. The following explains how to configure
     8  a Git webhook for GitHub, but the same process should be applicable to other providers.
     9  
    10  ### 1. Create The WebHook In The Git Provider
    11  
    12  In your Git provider, navigate to the settings page where webhooks can be configured. The payload
    13  URL configured in the Git provider should use the `/api/webhook` endpoint of your Argo CD instance
    14  (e.g. [https://argocd.example.com/api/webhook]). If you wish to use a shared secret, input an
    15  arbitrary value in the secret. This value will be used when configuring the webhook in the next step.
    16  
    17  ![Add Webhook](../assets/webhook-config.png "Add Webhook")
    18  
    19  !!! note
    20      When creating the webhook in Github, the "Content type" needs to be set to "application/json". The default value "application/x-www-form-urlencoded" is not supported by the library used to handle the hooks
    21  
    22  ### 2. Configure Argo CD With The WebHook Secret (Optional)
    23  
    24  Configuring a webhook shared secret is optional, since Argo CD will still refresh applications
    25  related to the Git repository, even with unauthenticated webhook events. This is safe to do since
    26  the contents of webhook payloads are considered untrusted, and will only result in a refresh of the
    27  application (a process which already occurs at three-minute intervals). If Argo CD is publicly
    28  accessible, then configuring a webhook secret is recommended to prevent a DDoS attack.
    29  
    30  In the `argocd-secret` kubernetes secret, configure one of the following keys with the Git
    31  provider's webhook secret configured in step 1.
    32  
    33  | Provider        | K8s Secret Key                   |
    34  |-----------------| ---------------------------------|
    35  | GitHub          | `webhook.github.secret`          |
    36  | GitLab          | `webhook.gitlab.secret`          |
    37  | BitBucket       | `webhook.bitbucket.uuid`         |
    38  | BitBucketServer | `webhook.bitbucketserver.secret` |
    39  | Gogs            | `webhook.gogs.secret`            |
    40  
    41  Edit the Argo CD kubernetes secret:
    42  
    43  ```bash
    44  kubectl edit secret argocd-secret -n argocd
    45  ```
    46  
    47  TIP: for ease of entering secrets, kubernetes supports inputting secrets in the `stringData` field,
    48  which saves you the trouble of base64 encoding the values and copying it to the `data` field.
    49  Simply copy the shared webhook secret created in step 1, to the corresponding
    50  GitHub/GitLab/BitBucket key under the `stringData` field:
    51  
    52  ```yaml
    53  apiVersion: v1
    54  kind: Secret
    55  metadata:
    56    name: argocd-secret
    57    namespace: argocd
    58  type: Opaque
    59  data:
    60  ...
    61  
    62  stringData:
    63    # github webhook secret
    64    webhook.github.secret: shhhh! it's a github secret
    65  
    66    # gitlab webhook secret
    67    webhook.gitlab.secret: shhhh! it's a gitlab secret
    68  
    69    # bitbucket webhook secret
    70    webhook.bitbucket.uuid: your-bitbucket-uuid
    71  
    72    # bitbucket server webhook secret
    73    webhook.bitbucketserver.secret: shhhh! it's a bitbucket server secret
    74  
    75    # gogs server webhook secret
    76    webhook.gogs.secret: shhhh! it's a gogs server secret
    77  ```
    78  
    79  After saving, the changes should take effect automatically.