Open csantanapr opened 2 weeks ago
For solution 3 using webhook gitea is allowed by default to send webhook to external IPs, not internal IPs it needs to be configure with ALLOWED_HOST_LIST
here is a branch shows how to change https://github.com/cnoe-io/idpbuilder/compare/main...csantanapr:idpbuilder:gitea-webhook-argocd?expand=1
Here are the docs on how to configure webhook in gitea https://docs.gitea.com/administration/config-cheat-sheet?_highlight=allowed_hos#webhook-webhook
I am inclined to go with option 2 but we should also allow for 3 if end users choose to do so.
For 2:
For 3:
Option 1 is also a valid approach IMO. We can set it to lower by default to at least lower the feedback loop speed without code changes. I think we should take a PR on this. 90 seconds to start maybe? What do you think? @csantanapr
lets make it 60s that's the default for some k8s controllers
Have you searched for this feature request?
Problem Statement
idpbuilder uses the default config for argocd refresh timeout 3 minutes. This is too much time for the local development lifecycle loop, specially when running idpbuilder with
--no-exit
watch mode.The sync of the manifest is fast from local folder to gitea in seconds, but then the argocd needs to be force the refresh manually if you don't want to wait the 3 minutes everytime to verify the change.
Possible Solution
There are a few possible solutions
argocd.argoproj.io/refresh
for application andargocd.argoproj.io/application-set-refresh
for applicationsets the docs states that it will refresh the appset it might not refresh the apps being generated.https://gitea.cnoe.localtest.me:8443/giteaAdmin/idpbuilder-localdev-my-app-manifests
but argocd app is configure with different onehttp://my-gitea-http.gitea.svc.cluster.local:3000/giteaAdmin/idpbuilder-localdev-my-app-manifests.git
It might be possible to get this working if are able to have argocd use a valid https with a valid ssl cert for gitea something we are considering usingcert-manager
to have all communication to use https with valid certificates and internal cluster DNS and IP addresses.Alternatives Considered
No response