Feature: faster refresh for argocd apps using gitea

[csantanapr]

Have you searched for this feature request?

• [X] I searched but did not find similar requests

Problem Statement

idpbuilder uses the default config for argocd refresh timeout 3 minutes. This is too much time for the local development lifecycle loop, specially when running idpbuilder with --no-exit watch mode.

The sync of the manifest is fast from local folder to gitea in seconds, but then the argocd needs to be force the refresh manually if you don't want to wait the 3 minutes everytime to verify the change.

Possible Solution

There are a few possible solutions

1. change the default timeout of 3 minutes to something lower in the seconds time range
2. every time idpbuilder reconciles a change on git to refresh the argocd via adding refresh annotation argocd.argoproj.io/refresh for application and argocd.argoproj.io/application-set-refresh for applicationsets the docs states that it will refresh the appset it might not refresh the apps being generated.
3. allow and configure gitea to send a webhook to argocd. I tested this and currently is not possible as the repo URL don't match, the webhook sends https://gitea.cnoe.localtest.me:8443/giteaAdmin/idpbuilder-localdev-my-app-manifests but argocd app is configure with different one http://my-gitea-http.gitea.svc.cluster.local:3000/giteaAdmin/idpbuilder-localdev-my-app-manifests.git It might be possible to get this working if are able to have argocd use a valid https with a valid ssl cert for gitea something we are considering using cert-manager to have all communication to use https with valid certificates and internal cluster DNS and IP addresses.

Alternatives Considered

No response

[csantanapr]

For solution 3 using webhook gitea is allowed by default to send webhook to external IPs, not internal IPs it needs to be configure with ALLOWED_HOST_LIST here is a branch shows how to change https://github.com/cnoe-io/idpbuilder/compare/main...csantanapr:idpbuilder:gitea-webhook-argocd?expand=1

Here are the docs on how to configure webhook in gitea https://docs.gitea.com/administration/config-cheat-sheet?_highlight=allowed_hos#webhook-webhook

[nabuskey]

I am inclined to go with option 2 but we should also allow for 3 if end users choose to do so.

For 2:

• We can probably just process them here: https://github.com/cnoe-io/idpbuilder/blob/cb0bd302caeddd0ee06a2733f8064ecaa1243e86/pkg/controllers/localbuild/controller.go#L128. Get argo apps or appsets, if annotations are not present, annotate.
• If there is a sync operation already happening, we need to make sure they are either terminated properly or wait (could take several minutes).
• We may also need to be careful not to refresh apps too often. This means we should possibly check commit hash on gitea and what is reconciled by argocd.

For 3:

• We need internal DNS to resolve correctly for core package endpoints. https://github.com/cnoe-io/idpbuilder/issues/243#issuecomment-2103879759. Likely we will need to import additional config files for CoreDNS so others can overwrite the main config file safely.
• Valid certificate for ingress-nginx. https://github.com/cnoe-io/idpbuilder/issues/293. We likely will need certificate manager.

Option 1 is also a valid approach IMO. We can set it to lower by default to at least lower the feedback loop speed without code changes. I think we should take a PR on this. 90 seconds to start maybe? What do you think? @csantanapr

[csantanapr]

lets make it 60s that's the default for some k8s controllers