Skip to content

GitHub Webhook → Flux

Configures GitHub to ping Flux on every push so reconciliation happens immediately instead of waiting for the next polling interval.

Setup

  1. Get the webhook URL from the Flux Receiver:
kubectl -n flux-system get receivers.notification.toolkit.fluxcd.io

The URL column contains the public path (e.g. /hook/<token>); concatenate it with the public ingress (https://flux-webhook.${SECRET_DOMAIN}).

  1. Get the shared secret:
kubectl -n flux-system describe secret github-webhook-token
  1. In GitHub → repo Settings → Webhooks → Add webhook:
  2. Payload URL: https://flux-webhook.${SECRET_DOMAIN}/hook/<token>
  3. Content type: application/json
  4. Secret: paste the value from step 2
  5. SSL verification: Enable
  6. Which events: Just the push event
  7. Active: checked

Verifying

After pushing a commit, the webhook delivery should show a 200 OK in GitHub → Webhooks → Recent Deliveries. On the cluster side:

kubectl -n flux-system logs deploy/notification-controller --tail=50 | grep -i webhook

Successful trigger looks like handling event ...source.toolkit.fluxcd.io/v1. Failed deliveries usually mean the secret doesn't match or the public URL is wrong.

  • Cluster Rebuild — among the post-rebuild tasks, the KUBECONFIG Actions secret also needs refreshing.