search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.41k stars 5.29k forks source link

Notifications Pub/Sub service #11702

Open lacarvalho91 opened 1 year ago

lacarvalho91 commented 1 year ago

Summary

Add support for Pub/Sub as a notifications service.

Motivation

We use Pub/Sub heavily for other things, there are resiliency benefits using a Google managed service like Pub/Sub. Putting these notifications on a messaging service like Pub/Sub would allow many consumers of this data to help us to democratize this data.

Proposal

As a new notifications service. It should also support using the Pub/Sub emulator for testing purposes.

This could be achieved without any changes by using a webhook service and the Pub/Sub REST API. But it would make for a better user experience if there was native support.

aleks-andr commented 10 months ago

Hi, first off I'd like to mention that we have a very similar use-case in our organization and it would be great to see something like this happen. In the meantime, you mention that this is achievable with the webhook service and Google's REST API but I've encountered a couple roadblocks that make this seem impossible:

  1. How to authorize the requests? We're using GKE with Workload Identity, so the credentials are one gcloud auth print-access-token command away but I don't see any way to provide auth headers to the webhook configuration other than "hardcoding" them in a secret or directly in the ConfigMap for the webhooks.

  2. Argo notification templates don't have a function to base64 encode a string (at the very least not a documented one). This is the encoding that the REST endpoint wants for the data field of a Pub/Sub message.

Do you happen to have a working example of this scenario? So far this appears to me as a problem that can't be solved natively in Argo, let's hope I'm just missing something 😁