Webhook Triggers

Playbooks can also be triggered via webhooks. When a webhook is configured, mission-control listens on the specified endpoint and any calls to the endpoint triggers the playbook. By default, the webhook calls are not protected via authentication. However, there are various authentication methods available.

/webhook/<webhook-path>

webhook-trigger.yaml

apiVersion: mission-control.flanksource.com/v1
kind: Playbook
metadata:
  name: create-file-on-webhook
spec:
  description: Create a file specified by the webhook
  components:
    - type: KubernetesCluster
  'on':
    webhook:
      path: my-webhook
      authentication:
        basic:
          username:
            value: my-username
          password:
            value: my-password
  parameters:
    - name: path
      label: Absolute path of the file to create
  actions:
    - name: Create the file
      exec:
        script: touch {{.params.path}}

Spec

A webhook can simply be defined by a path - which must be unique.

Field	Description	Scheme	Required
path	Unique endpoint for the webhook.	string	true
authentication	Specify approvers of approval.	[]Authentication

Authentication

Field	Description	Scheme	Required
basic	Basic Auth	BasicAuth
github	Github Auth	GithubAuth
svix	Svix Auth	SvixAuth
jwt	JWT Auth	JWTAuth

note

If multiple authentication methods are specified, all of them will be used.

Basic Auth

Field	Description	Scheme	Required
username	Username	types.EnvVar	true
password	Path	types.EnvVar	true

Github Auth

If the webhook is being called by Github, you can use GitHub's webhook verification to ensure that the webhook calls are really from GitHub.

Field	Description	Scheme	Required
token	Secret token for the webhook	types.EnvVar	true

Svix Auth

Field	Description	Scheme	Required
secret	Signing secret	types.EnvVar	true
verifyTimestamp	Specify the tolerance for the timestamp verification	string

JWT Auth

Field	Description	Scheme	Required
jwksUri	JWKS URI	string	true