fluxcd / flux-recv Goto Github PK
View Code? Open in Web Editor NEWWebhook receiver for Flux v1
License: Apache License 2.0
Webhook receiver for Flux v1
License: Apache License 2.0
Hey there ๐
We're using Bitbucket Server and we'd like flux-recv to support it. Bitbucket Server (and probably Cloud too) supports push events webhooks (see here).
I could implement the handler myself once I have time but if anyone wants to jump in, feel free.
Hey,
We have flux deployed on all of our clusters and have been looking for a way to get the flux git source synced instantly instead of waiting for the 5m interval auto-sync method.
The issue is we have deployed our Flux deployments based on the Helm Chart, we're trying to figure out how to get this to work, without manually modifying the deployment created by Helm.
I was thinking of 2 solutions and would like to know if they are possible:
Have the flux-recv added as an optional config to the main Flux helm chart
I hope that's on the future plans, but I'm sure it wont be immediate
Deploying the flux-recv as an individual deployment, on the same namespace on the flux deployment, notifying it on changes
This seems to be the faster solution, although we couldn't find a parameter or a way to tell the flux-recv that flux isn't available in localhost:3030 and is available via its service at http://flux:3030
Thanks! Shahar
It seems that when I receive a webhook from github it throws the following error.
{"level":"error","ts":"2022-01-05T07:01:11.885Z","logger":"receiver-server","msg":"unable to validate payload","reconciler kind":"Receiver","name":"github-receiver","namespace":"flux-system","error":"the GitHub signature header is invalid, err: payload signature check failed"}
secretGenerator:
- name: fluxrecv-config
files:
- github.key
- fluxrecv.yaml
generatorOptions:
disableNameSuffixHash: true
Add support for git repository synchronization from Azure DevOps webhook:
https://docs.microsoft.com/en-us/azure/devops/service-hooks/services/webhooks?view=azure-devops
Should support the following events with payload set to none or minimal:
Happy to implement but wanted to reach out to the flux community first.
Hi I'm wondering if I could create a helm chart to install this into a cluster that already has flux installed (or should I go and update the helm chart in flux to accommodate this?)
This could be supported in 1 of 2 ways:
I was wondering if there is a way currently to disable scheduled syncing in flux and only use webhooks to trigger the sync? If not seems like a good feature to have for doing things like gating the manifest application by waiting for a webhook.
Would be great to have support for harbor webhook format:
Example:
{
"event_type": "pushImage",
"events": [
{
"project": "prj",
"repo_name": "repo1",
"tag": "latest",
"full_name": "prj/repo1",
"trigger_time": 158322233213,
"image_id": "9e2c9d5f44efbb6ee83aecd17a120c513047d289d142ec5738c9f02f9b24ad07",
"project_type": "Private"
}
]
}
It should be possible to set Authorization header: https://github.com/goharbor/harbor/blob/master/src/jobservice/job/impl/notification/webhook_job.go#L94
GKE ingress configures a load balancer with a health check to the flux-recv port. The requirements for the health check are that a 200 response is returned: https://cloud.google.com/kubernetes-engine/docs/concepts/ingress#health_checks
A Service exposed through an Ingress must respond to health checks from the load balancer. Any container that is the final destination of load-balanced traffic must do one of the following to indicate that it is healthy:
- Serve a response with an HTTP 200 status to GET requests on the / path.
- Configure an HTTP readiness probe. Serve a response with an HTTP 200 status to GET requests on the path specified by the readiness probe. The Service exposed through an Ingress must point to the same container port on which the readiness probe is enabled.
Since the load balancer does not have the webhook secret all response are either 401 or 404s. Can a health check endpoint be added which returns a 200 response.
With DockerHub and Harbor added we already have a pretty broad list of supported registry vendors. Support for Quay.io is however still missing, and they are known for having a pretty aggressive rate limit in place.
Quay.io sends out a repository push payload in the following format:
{
"name": "repository",
"repository": "mynamespace/repository",
"namespace": "mynamespace",
"docker_url": "quay.io/mynamespace/repository",
"homepage": "https://quay.io/repository/mynamespace/repository",
"updated_tags": [
"latest"
]
}
disableNameSuffixHash is on the same indent as generatorOptions
Current:
secretGenerator:
- name: fluxrecv-config
files:
- github.key
- fluxrecv.yaml
generatorOptions:
disableNameSuffixHash: true
Correct:
secretGenerator:
- name: fluxrecv-config
files:
- github.key
- fluxrecv.yaml
generatorOptions:
disableNameSuffixHash: true
Would like to add support for handling GCR pubsub notifications for image repository updates based on:
https://cloud.google.com/container-registry/docs/configuring-notifications
and:
https://cloud.google.com/pubsub/docs/push
GCR has some pretty tight limits around API requests and some setups where a single GCR registry used by many clusters is hitting the limits pretty hard. Using this webhook receiver, GCR users could disable long polling entirely using --exclude-images and rely on the webhook receiver to update the image cache.
The implementation should support the following payloads:
It should also support authentication token validation from google if configured to do so.
I'm happy to implement this, but wanted to reach out to the community for thoughts before doing so.
My team uses Nexus for our Docker Registry. Support for Nexus Repository Manager 3 webhooks would be great!
- name: recv
image: fluxcd/flux-recv:0.2.0
imagePullPolicy: IfNotPresent
args:
- --config=/etc/fluxrecv/fluxrecv.yaml
ports:
- containerPort: 8080
It appears that one cannot run flux-recv unless it is a sidecar because it connects to localhost:3030
.
I see how to overwrite it. However, this is a bit indirect. It would be better to expose the API as an env variable don't you think?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.