Skip to content

Argo CD Image Updater

Command "webhook"

Argo CD Image Updater

Overview
Getting started
Getting started
- Installation
- Testing
- Command Line and Configuration Reference
  Command Line and Configuration Reference
  - Introduction
  - Command "completion"
  - Command "help"
  - Command "run"
  - Command "template"
  - Command "test"
  - Command "version"
  - Command "webhook" Command "webhook"
    Table of contents
    
    Command "webhook"
    
    Synopsis
    
    Description
    
    Flags
Basics
Basics
Configuration
Configuration
Contributing
Contributing
Examples
Releases ⧉
Roadmap ⧉

Command "webhook"

Command "webhook"¶

Synopsis¶

argocd-image-updater webhook [flags]

Description¶

Starts a server that listens for webhook events from container registries. When an event is received, it can trigger an image update check for the affected images.

Supported Registries:

Docker Hub
GitHub Container Registry (GHCR)
Quay
Harbor

Flags¶

--application-namespace namespace

Specifies the Kubernetes namespace in which Argo CD Image Updater will manage Argo CD Applications when using the Kubernetes-based Application API. By default, applications in all namespaces are considered. This flag can be used to limit scope to a single namespace for performance, security, or organizational reasons.

--applications-api api kind

API kind that is used to manage Argo CD applications ('kubernetes' or 'argocd') (default "kubernetes")

Can also be set using the APPLICATIONS_API environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

--argocd-auth-token token

Use token for authenticating to the Argo CD API. This token must be a base64 encoded JWT, as generated by Argo CD.

The token can also be set using the ARGOCD_TOKEN environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

--argocd-grpc-web

If this flag is given, use the gRPC-web protocol to connect to the Argo CD API. This can be useful if your Argo CD API is behind a proxy that does not support HTTP/2, or only accept HTTP/2 on the front end.

Can also be set using the ARGOCD_GRPC_WEB environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

--argocd-insecure

If specified, the certificate of the Argo CD API server is not verified. Useful if you are using a self-signed TLS certificate for the Argo CD API server. As the name implies, this is an insecure setting and should not be used for production systems.

Can also be set using the ARGOCD_INSECURE environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

-argocd-namespace namespace

namespace where ArgoCD runs in (current namespace by default)

--argocd-plaintext

If specified, use an unencrypted HTTP connection to the ArgoCD API instead of TLS.

Can also be set using the ARGOCD_PLAINTEXT environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

--argocd-server-addr server address

Connect to the Argo CD API server at server address. server address must be a valid IP address or DNS host name, optionally with a port specification delimited using a colon, i.e. 10.23.42.5 or argocd-server.argocd:8080. If no port given, the protocol default will be used: Port 80 for plaintext connections, and port 443 for TLS connections.

Can also be set using the ARGOCD_SERVER environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

--disable-kube-events

Disable kubernetes events

Can also be set with the IMAGE_UPDATER_KUBE_EVENTS environment variable.

--disable-kubernetes

If running locally, and you do not have a working connection to any Kubernetes cluster, this flag will prevent Argo CD Image Updater from creating a client to interact with Kubernetes. When Kubernetes access is disabled, pull secrets for images can only be specified from an environment variable.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for this native ArgoCD client configuration flag.

--docker-webhook-secret secret

Secret for validating Docker Hub webhooks.

Can also be set with the DOCKER_WEBHOOK_SECRET environment variable.

--ghcr-webhook-secret secret

Secret for validating GitHub container registry secrets.

Can also be set with the GHCR_WEBHOOK_SECRET environment variable.

--git-commit-email email

E-Mail address to use for Git commits (default "noreply@argoproj.io")

Can also be set using the GIT_COMMIT_EMAIL environment variable.

--git-commit-message-path path

Path to a template to use for Git commit messages (default "/app/config/commit.template")

--git-commit-sign-off

Whether to sign-off git commits

--git-commit-signing-key key

GnuPG key ID or path to Private SSH Key used to sign the commits

Can also be set using the GIT_COMMIT_SIGNING_KEY environment variable.

--git-commit-signing-method method

Method used to sign Git commits ('openpgp' or 'ssh') (default "openpgp")

Can also be set using the GIT_COMMIT_SIGNING_METHOD environment variable.

--git-commit-user user

Username to use for Git commits (default "argocd-image-updater")

Can also be set using the GIT_COMMIT_USER environment variable.

--harbor-webhook-secret secret

Secret for validating Harbor webhooks

Can also be set with the HARBOR_WEBHOOK_SECRET environment variable.

-h, --help

help for run

--kubeconfig path

Specify the Kubernetes client config file to use when running outside a Kubernetes cluster, i.e. ~/.kube/config. When specified, Argo CD Image Updater will use the currently active context in the configuration to connect to the Kubernetes cluster.

--loglevel level

Set the log level to level, where level can be one of trace, debug, info, warn or error.

Can also be set using the IMAGE_UPDATER_LOGLEVEL environment variable.

--match-application-label selector

Only process applications that have a valid annotation and match the given label selector. The selector is a string that matches the standard kubernetes label selector syntax. For e.g., custom.label/name=xyz would be a valid label that can be supplied through this parameter. Any applications carrying this exact label will be considered as candidates for image updates. This parameter currently does not support pattern matching on label values (e.g customer.label/name=*-staging). You can specify equality, inequality, or set based requirements or a combination. For e.g., app,app!=foo,custom.label/name=xyz,customer in (a,b,c)

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for these application matching flag.

--match-application-name pattern

Only process applications that have a valid annotation and matches the given pattern. The pattern is a simple glob pattern and supports file system style wildcards, i.e. *-staging would match any application name with a suffix of -staging. Can be specified multiple times to define more than one pattern, from which at least one has to match.

DEPRECATED: This flag has been removed in the CRD branch and will be deprecated and removed in a future release. The CRD branch introduces a new architecture that eliminates the need for these application matching flag.

--max-concurrency number

Process a maximum of number applications concurrently. To disable concurrent application processing, specify a number of 1.

--quay-webhook-secret secret

Secret for validating Quay webhooks

Can also be set with the QUAY_WEBHOOK_SECRET environment variable.

--registries-conf-path path

Load the registry configuration from file at path. Defaults to the path /app/config/registries.conf. If no configuration should be loaded, and the default configuration should be used instead, specify the empty string, i.e. --registries-conf-path="".

--webhook-port int

Port to listen on for webhook events (default 8080)

Can also be set with the WEBHOOK_PORT environment variable.

--webhook-ratelimit-allowed numRequests

The number of allowed requests in an hour for webhook rate limiting, setting to 0 means that the rate limiting is disabled.

Can also be set with the WEBHOOK_RATELIMIT_ALLOWED environment variable.