Webhooks#
For instant deployments on push, configure webhooks in your Git provider.
Enable Webhook Ingress#
Enable webhooks in your Helm values. A webhook secret is required for HMAC signature validation:
webhook:
enabled: true
domain: "webhook.pages.example.com"
clusterIssuer: "letsencrypt-prod"
# Required: set a secret for HMAC validation
secret: "your-webhook-secret-here"
# Or reference an existing secret:
# secretRef:
# name: "my-webhook-secret"
# key: "webhook-secret"This creates the IngressRoute and Certificate automatically. The same secret must be configured in your Git provider’s webhook settings.
Webhook Endpoints#
| Provider | URL |
|---|---|
| Forgejo/Gitea | https://webhook.pages.example.com/webhook/forgejo |
| GitHub | https://webhook.pages.example.com/webhook/github |
| Manual sync | POST /sync/{namespace}/{name} (requires X-API-Key header) |
Configure in Forgejo/Gitea#
- Go to Repository → Settings → Webhooks → Add Webhook
- URL:
https://webhook.pages.example.com/webhook/forgejo - Content Type:
application/json - Secret: Use the same secret configured in
webhook.secret - Events: Push events
Configure in GitHub#
- Go to Repository → Settings → Webhooks → Add webhook
- Payload URL:
https://webhook.pages.example.com/webhook/github - Content type:
application/json - Secret: Use the same secret configured in
webhook.secret - Events: Just the push event
Manual Sync#
Trigger a manual sync using the site’s sync token:
# Get the sync token from the StaticSite status
TOKEN=$(kubectl get staticsite my-website -n pages -o jsonpath='{.status.syncToken}')
# Trigger sync with authentication
curl -H "X-API-Key: $TOKEN" -X POST https://webhook.pages.example.com/sync/pages/my-websiteTroubleshooting#
Webhook not triggering:
Check the syncer logs:
kubectl logs -n kup6s-pages -l app=pages-syncerVerify the webhook secret matches in both Helm values and Git provider settings
Check the IngressRoute exists:
kubectl get ingressroute -n kup6s-pagesTest manually with curl to verify connectivity