/api/webhook.

Webhook configuration checklist
When creating a webhook for Argo CD, configure the provider with these minimum settings:- Payload URL: Argo CD server +
/api/webhook(for example,http://host.docker.internal/api/webhook) - HTTP method:
POST - Content-Type:
application/json - Optional: secret for payload signing (validate on Argo CD side)
- Trigger events: typically
push(or whatever events correspond to your workflow) - Optional: branch and/or path filters to avoid unnecessary deliveries

| Field | Recommended value | Notes |
|---|---|---|
| Payload URL | http://<ARGOCD_HOST>/api/webhook | Use the reachable host/port for your environment (see examples below). |
| HTTP method | POST | Required by Argo CD webhook receiver. |
| Content-Type | application/json | Argo CD expects JSON payloads. |
| Trigger events | push (or repo-specific events) | Filter to only relevant events to reduce noise. |
| Secret | Optional | Use payload signing if you require validation. |
- Argo CD Webhook docs: https://argo-cd.readthedocs.io/
- Gitea: https://gitea.io/
Dealing with self-signed TLS in demo environments
If your Argo CD server uses a self-signed certificate, some Git hosting services (including Gitea) may not deliver webhooks to it. For local labs and demos a common workaround is to run the Argo CD server in insecure mode (disable TLS) so the webhook endpoint is reachable over HTTP.Setting
server.insecure: "true" disables TLS on the Argo CD server. This is insecure and should only be used for local testing or demos — do not use this in production.server.insecure: "true":
data section:

Example: webhook target URL in a Docker-based demo
In the demo environment,host.docker.internal was used so the Gitea container (running on the host) could reach the Argo CD server. Example webhook target:
http://host.docker.internal/api/webhook
Adjust host and port to match your environment (for example, http://argocd.example.com/api/webhook).
Configure the webhook with:
- HTTP method:
POST - Content type:
application/json - Trigger events:
push(or other relevant events) - Optional: branch filter (e.g.
main) to restrict triggers


Watch the reconciliation in Kubernetes
Monitor pods in the application namespace while you trigger a change:POD_COUNT environment variable. Example patch: change replicas: 2 to replicas: 8.

To avoid unnecessary reconciliations (for example, when non-manifest files like
README.md or .gitignore are committed), configure branch or path filters in your Git provider’s webhook settings or limit triggers to commits that change manifest files. This reduces noise and conserves reconciliation resources.