Webhooks
Argo CD polls Git repositories every three minutes to detect changes to the manifests. To eliminate this delay from polling, the Argo CD API server can be configured to receive webhook events from any of the following services:
The webhook handler doesn't differentiate between branch events and tag events where the branch and tag names are the same.
A hook event for a push to branch x will trigger a refresh for an app pointing to the same repo with targetRevision: refs/tags/x.
Configuring webhooks
The webhook should be configured using the appropriate Git provider user interface. For any Git provider, you would need to configure a payload URL, content type, and optional shared secret.
The payload URL is your Argo CD instance hostname followed by /api/webhook path. For example
https://my-argocd-instance.cd.akuity.cloud/api/webhook. The content type should be application/json.
ApplicationSet generator webhooks use the same payload URL.
Configuring shared secrets
Configuring a webhook shared secret is optional since Argo CD treats all webhooks as nothing more than untrusted cues to refresh configuration from a trusted source (a process that already occurs at three-minute intervals). However, if access to your Argo CD instance is not narrowly restricted to clients with specific IPs or within specific CIDR ranges, then configuring a webhook secret is recommended to prevent the possibility of DDoS attacks:
-
Navigate to Argo CD → your instance → Settings → Webhooks.
-
For each Git provider you wish to configure, click the corresponding button and specify a shared secret.
-
Click Save.
After a shared secret is added, it will never be displayed again in the dashboard, but can be redefined or removed.