ArgoCD Operations¶

ArgoCD manages GitOps deployments for the cluster. This document covers operational procedures for ArgoCD.

GitHub Webhook Configuration¶

ArgoCD receives push notifications from GitHub via webhook to trigger immediate syncs (instead of waiting for polling).

GitHub (org webhook) → Cloudflare Tunnel → ArgoCD Server
     push event         argocd-wh.fzymgc.net    /api/webhook

Prerequisites: - Cloudflare Tunnel deployed and healthy - ArgoCD running with webhook secret configured

Step 1: Get webhook secret from Vault

vault kv get -field=webhook.github.secret secret/fzymgc-house/cluster/argocd

Step 2: Configure GitHub organization webhook

Field	Value
Payload URL	`https://argocd-wh.fzymgc.net/api/webhook`
Content type	`application/json`
Secret	(paste from Step 1)
Events	"Just the push event"
Active	✅

Step 3: Verify webhook delivery

Push to any fzymgc-house repository
Check webhook deliveries at: https://github.com/organizations/fzymgc-house/settings/hooks
Look for green checkmark and 200 response

Test	Command	Expected
DNS resolves	`dig argocd-wh.fzymgc.net`	CNAME to cfargotunnel.com
Endpoint reachable	`curl -I https://argocd-wh.fzymgc.net/api/webhook`	400 (missing payload) or 200
Webhook delivery	Push to repo, check GitHub	Green ✓, 200 response
ArgoCD refresh	Check app sync after push	Immediate (not 3-min delay)

Symptom	Cause	Fix
401/403 response	Webhook secret mismatch	Verify secret in Vault matches GitHub config
404 response	Tunnel route missing	Check Cloudflare Tunnel ingress config
502 response	ArgoCD unreachable	Check argocd-server pod status
No sync after push	Repo URL mismatch	Verify Application repo URL matches webhook source

Check ArgoCD logs for webhook activity:

kubectl logs -n argocd -l app.kubernetes.io/name=argocd-server --tail=100 | rg -i webhook

To revert to polling-only mode:

No ArgoCD configuration changes required.

URL	Purpose
https://argocd.fzymgc.house	Web UI
https://argocd-wh.fzymgc.net/api/webhook	GitHub webhook endpoint