feat: Argocd notification self service (#16488)

* self service notification Signed-off-by: May Zhang <may_zhang@intuit.com> * revert back the changes for redis-ha Signed-off-by: May Zhang <may_zhang@intuit.com> * revert back the changes for redis-ha Signed-off-by: May Zhang <may_zhang@intuit.com> * update notification engine Signed-off-by: May Zhang <may_zhang@intuit.com> * re-trigger build Signed-off-by: May Zhang <may_zhang@intuit.com> * self service notification Signed-off-by: May Zhang <may_zhang@intuit.com> * revert back the changes for redis-ha Signed-off-by: May Zhang <may_zhang@intuit.com> * revert back the changes for redis-ha Signed-off-by: May Zhang <may_zhang@intuit.com> * update notification engine Signed-off-by: May Zhang <may_zhang@intuit.com> * re-trigger build Signed-off-by: May Zhang <may_zhang@intuit.com> * fix conflict Signed-off-by: May Zhang <may_zhang@intuit.com> * fix conflict Signed-off-by: May Zhang <may_zhang@intuit.com> * fix conflict Signed-off-by: May Zhang <may_zhang@intuit.com> * fix conflict Signed-off-by: May Zhang <may_zhang@intuit.com> * update notification enginer version Signed-off-by: May Zhang <may_zhang@intuit.com> * update notification enginer version Signed-off-by: May Zhang <may_zhang@intuit.com> * fixing go tidy Signed-off-by: May Zhang <may_zhang@intuit.com> * fixing go tidy Signed-off-by: May Zhang <may_zhang@intuit.com> * fixing go tidy Signed-off-by: May Zhang <may_zhang@intuit.com> * fixing go tidy Signed-off-by: May Zhang <may_zhang@intuit.com> * fixing go tidy Signed-off-by: May Zhang <may_zhang@intuit.com> * add back checkAppNotInAdditionalNamespaces Signed-off-by: May Zhang <may_zhang@intuit.com> * add cm and secret to clusterRole Signed-off-by: May Zhang <may_zhang@intuit.com> * if applicationNamespaces is not used, then use namespaced appClient Signed-off-by: May Zhang <may_zhang@intuit.com> * fix merge conflict Signed-off-by: May Zhang <may_zhang@intuit.com> * fix doc and test based on review Signed-off-by: May Zhang <may_zhang@intuit.com> * self service notification Signed-off-by: May Zhang <may_zhang@intuit.com> * revert back the changes for redis-ha Signed-off-by: May Zhang <may_zhang@intuit.com> * revert back the changes for redis-ha Signed-off-by: May Zhang <may_zhang@intuit.com> * update notification engine Signed-off-by: May Zhang <may_zhang@intuit.com> * re-trigger build Signed-off-by: May Zhang <may_zhang@intuit.com> * fix conflict Signed-off-by: May Zhang <may_zhang@intuit.com> * self service notification Signed-off-by: May Zhang <may_zhang@intuit.com> * revert back the changes for redis-ha Signed-off-by: May Zhang <may_zhang@intuit.com> * revert back the changes for redis-ha Signed-off-by: May Zhang <may_zhang@intuit.com> * update notification engine Signed-off-by: May Zhang <may_zhang@intuit.com> * re-trigger build Signed-off-by: May Zhang <may_zhang@intuit.com> * fix conflict Signed-off-by: May Zhang <may_zhang@intuit.com> * fix conflict Signed-off-by: May Zhang <may_zhang@intuit.com> * fix conflict Signed-off-by: May Zhang <may_zhang@intuit.com> * update notification enginer version Signed-off-by: May Zhang <may_zhang@intuit.com> * update notification enginer version Signed-off-by: May Zhang <may_zhang@intuit.com> * fixing go tidy Signed-off-by: May Zhang <may_zhang@intuit.com> * fixing go tidy Signed-off-by: May Zhang <may_zhang@intuit.com> * fixing go tidy Signed-off-by: May Zhang <may_zhang@intuit.com> * fixing go tidy Signed-off-by: May Zhang <may_zhang@intuit.com> * fixing go tidy Signed-off-by: May Zhang <may_zhang@intuit.com> * add back checkAppNotInAdditionalNamespaces Signed-off-by: May Zhang <may_zhang@intuit.com> * add cm and secret to clusterRole Signed-off-by: May Zhang <may_zhang@intuit.com> * if applicationNamespaces is not used, then use namespaced appClient Signed-off-by: May Zhang <may_zhang@intuit.com> * fix doc and test based on review Signed-off-by: May Zhang <may_zhang@intuit.com> * disable defining and using secrets within notification templates for self-service Signed-off-by: May Zhang <may_zhang@intuit.com> * tweaks Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * fix docs formatting Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> * more docs and Procfile update for local run convenience Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> --------- Signed-off-by: May Zhang <may_zhang@intuit.com> Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com> Co-authored-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
2026-02-20 01:28:45 +01:00 · 2023-11-30 13:40:33 -08:00
parent 27e927be82
commit 19fa5b9418
17 changed files with 220 additions and 55 deletions
--- a/3
+++ b/3
@@ -9,4 +9,5 @@ git-server: test/fixture/testrepos/start-git.sh
 helm-registry: test/fixture/testrepos/start-helm-registry.sh
 dev-mounter: [[ "$ARGOCD_E2E_TEST" != "true" ]] && go run hack/dev-mounter/main.go --configmap argocd-ssh-known-hosts-cm=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} --configmap argocd-tls-certs-cm=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} --configmap argocd-gpg-keys-cm=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source}
 applicationset-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-applicationset-controller $COMMAND --loglevel debug --metrics-addr localhost:12345 --probe-addr localhost:12346 --argocd-repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}"
-notification: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_BINARY_NAME=argocd-notifications $COMMAND --loglevel debug"
+notification: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_BINARY_NAME=argocd-notifications $COMMAND --loglevel debug --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --self-service-notification-enabled=${ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED:-'false'}"
+
--- a/cmd/argocd-notification/commands/controller.go
+++ b/cmd/argocd-notification/commands/controller.go
@@ -43,19 +43,20 @@ func addK8SFlagsToCmd(cmd *cobra.Command) clientcmd.ClientConfig {

 func NewCommand() *cobra.Command {
 	var (
-		clientConfig              clientcmd.ClientConfig
-		processorsCount           int
-		namespace                 string
-		appLabelSelector          string
-		logLevel                  string
-		logFormat                 string
-		metricsPort               int
-		argocdRepoServer          string
-		argocdRepoServerPlaintext bool
-		argocdRepoServerStrictTLS bool
-		configMapName             string
-		secretName                string
-		applicationNamespaces     []string
+		clientConfig                   clientcmd.ClientConfig
+		processorsCount                int
+		namespace                      string
+		appLabelSelector               string
+		logLevel                       string
+		logFormat                      string
+		metricsPort                    int
+		argocdRepoServer               string
+		argocdRepoServerPlaintext      bool
+		argocdRepoServerStrictTLS      bool
+		configMapName                  string
+		secretName                     string
+		applicationNamespaces          []string
+		selfServiceNotificationEnabled bool
 	)
 	var command = cobra.Command{
 		Use:   "controller",
@@ -139,7 +140,7 @@ func NewCommand() *cobra.Command {
 			log.Infof("serving metrics on port %d", metricsPort)
 			log.Infof("loading configuration %d", metricsPort)

-			ctrl := notificationscontroller.NewController(k8sClient, dynamicClient, argocdService, namespace, applicationNamespaces, appLabelSelector, registry, secretName, configMapName)
+			ctrl := notificationscontroller.NewController(k8sClient, dynamicClient, argocdService, namespace, applicationNamespaces, appLabelSelector, registry, secretName, configMapName, selfServiceNotificationEnabled)
 			err = ctrl.Init(ctx)
 			if err != nil {
 				return fmt.Errorf("failed to initialize controller: %w", err)
@@ -163,5 +164,6 @@ func NewCommand() *cobra.Command {
 	command.Flags().StringVar(&configMapName, "config-map-name", "argocd-notifications-cm", "Set notifications ConfigMap name")
 	command.Flags().StringVar(&secretName, "secret-name", "argocd-notifications-secret", "Set notifications Secret name")
 	command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces that this controller should send notifications for")
+	command.Flags().BoolVar(&selfServiceNotificationEnabled, "self-service-notification-enabled", env.ParseBoolFromEnv("ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED", false), "Allows the Argo CD notification controller to pull notification config from the namespace that the resource is in. This is useful for self-service notification.")
 	return &command
 }
--- a/cmd/argocd/commands/admin/notifications.go
+++ b/cmd/argocd/commands/admin/notifications.go
@@ -36,7 +36,7 @@ func NewNotificationsCommand() *cobra.Command {
 		"notifications",
 		"argocd admin notifications",
 		applications,
-		settings.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm"), func(clientConfig clientcmd.ClientConfig) {
+		settings.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm", false), func(clientConfig clientcmd.ClientConfig) {
 			k8sCfg, err := clientConfig.ClientConfig()
 			if err != nil {
 				log.Fatalf("Failed to parse k8s config: %v", err)
--- a/docs/operator-manual/app-any-namespace.md
+++ b/docs/operator-manual/app-any-namespace.md
@@ -15,7 +15,10 @@ Some manual steps will need to be performed by the Argo CD administrator in orde

 !!! note
    This feature is considered beta as of now. Some of the implementation details may change over the course of time until it is promoted to a stable status. We will be happy if early adopters use this feature and provide us with bug reports and feedback.
-    
+
+
+One additional advantage of adopting applications in any namespace is to allow end-users to configure notifications for their Argo CD application in the namespace where Argo CD application is running in. See notifications [namespace based configuration](notifications/index.md#namespace-based-configuration) page for more information.
+
 ## Prerequisites

 ### Cluster-scoped Argo CD installation
--- a/docs/operator-manual/argocd-cmd-params-cm.yaml
+++ b/docs/operator-manual/argocd-cmd-params-cm.yaml
@@ -210,3 +210,5 @@ data:
  notificationscontroller.log.level: "info"
  # Set the logging format. One of: text|json (default "text")
  notificationscontroller.log.format: "text"
+  # Enable self-service notifications config. Used in conjunction with apps-in-any-namespace. (default "false")
+  notificationscontroller.selfservice.enabled: "false"
--- a/docs/operator-manual/notifications/index.md
+++ b/docs/operator-manual/notifications/index.md
@@ -45,3 +45,71 @@ So you can just use them instead of reinventing new ones.
    ```

 Try syncing an application to get notified when the sync is completed.
+
+## Namespace based configuration
+
+A common installation method for Argo CD Notifications is to install it in a dedicated namespace to manage a whole cluster. In this case, the administrator is the only
+person who can configure notifications in that namespace generally. However, in some cases, it is required to allow end-users to configure notifications
+for their Argo CD applications. For example, the end-user can configure notifications for their Argo CD application in the namespace where they have access to and their Argo CD application is running in.
+
+This feature is based on applications in any namespace. See [applications in any namespace](../app-any-namespace.md) page for more information.
+
+In order to enable this feature, the Argo CD administrator must reconfigure the argocd-notification-controller workloads to add  `--application-namespaces` and `--self-service-notification-enabled` parameters to the container's startup command.
+`--application-namespaces` controls the list of namespaces that Argo CD applications are in. `--self-service-notification-enabled` turns on this feature.
+
+The startup parameters for both can also be conveniently set up and kept in sync by specifying
+the `application.namespaces` and `notificationscontroller.selfservice.enabled` in the argocd-cmd-params-cm ConfigMap instead of changing the manifests for the respective workloads. For example:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-cmd-params-cm
+data:
+  application.namespaces: app-team-one, app-team-two
+  notificationscontroller.selfservice.enabled: true
+```
+
+To use this feature, you can deploy configmap named `argocd-notifications-cm` and possibly a secret `argocd-notifications-secret` in the namespace where the Argo CD application lives.
+
+When it is configured this way the controller will send notifications using both the controller level configuration (the configmap located in the same namespaces as the controller) as well as
+the configuration located in the same namespace where the Argo CD application is at.
+
+Example: Application team wants to receive notifications using PagerDutyV2, when the controller level configuration is only supporting Slack.
+
+The following two resources are deployed in the namespace where the Argo CD application lives.
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: argocd-notifications-cm
+data:
+  service.pagerdutyv2: |
+    serviceKeys:
+      my-service: $pagerduty-key-my-service
+...
+```
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: argo-cd-notification-secret
+type: Opaque
+data:
+  pagerduty-key-my-service: <pd-integration-key>
+```
+
+When an Argo CD application has the following subscriptions, user receives application sync failure message from pager duty.
+```yaml
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  annotations:
+    notifications.argoproj.io/subscribe.on-sync-failed.pagerdutyv2: "<serviceID for Pagerduty>"
+```
+
+!!! note
+    When the same notification service and trigger are defined in controller level configuration and application level configuration,
+    both notifications will be sent according to its own configuration.
+
+[Defining and using secrets within notification templates](templates.md/#defining-and-using-secrets-within-notification-templates) function is not available when flag `--self-service-notification-enable` is on.
--- a/examples/k8s-rbac/argocd-server-applications/argocd-notifications-controller-rbac-clusterrole.yaml
+++ b/examples/k8s-rbac/argocd-server-applications/argocd-notifications-controller-rbac-clusterrole.yaml
@@ -16,4 +16,13 @@ rules:
  - list
  - watch
  - update
-  - patch
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
--- a/manifests/base/notification/argocd-notifications-controller-deployment.yaml
+++ b/manifests/base/notification/argocd-notifications-controller-deployment.yaml
@@ -54,6 +54,12 @@ spec:
                  key: application.namespaces
                  name: argocd-cmd-params-cm
                  optional: true
+            - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED
+              valueFrom:
+                configMapKeyRef:
+                  key: notificationscontroller.selfservice.enabled
+                  name: argocd-cmd-params-cm
+                  optional: true
          workingDir: /app
          livenessProbe:
            tcpSocket:
--- a/manifests/ha/install.yaml
+++ b/manifests/ha/install.yaml
@@ -22472,6 +22472,12 @@ spec:
              key: application.namespaces
              name: argocd-cmd-params-cm
              optional: true
+        - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED
+          valueFrom:
+            configMapKeyRef:
+              key: notificationscontroller.selfservice.enabled
+              name: argocd-cmd-params-cm
+              optional: true
        image: quay.io/argoproj/argocd:latest
        imagePullPolicy: Always
        livenessProbe:
--- a/manifests/ha/namespace-install.yaml
+++ b/manifests/ha/namespace-install.yaml
@@ -1859,6 +1859,12 @@ spec:
              key: application.namespaces
              name: argocd-cmd-params-cm
              optional: true
+        - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED
+          valueFrom:
+            configMapKeyRef:
+              key: notificationscontroller.selfservice.enabled
+              name: argocd-cmd-params-cm
+              optional: true
        image: quay.io/argoproj/argocd:latest
        imagePullPolicy: Always
        livenessProbe:
--- a/manifests/install.yaml
+++ b/manifests/install.yaml
@@ -21567,6 +21567,12 @@ spec:
              key: application.namespaces
              name: argocd-cmd-params-cm
              optional: true
+        - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED
+          valueFrom:
+            configMapKeyRef:
+              key: notificationscontroller.selfservice.enabled
+              name: argocd-cmd-params-cm
+              optional: true
        image: quay.io/argoproj/argocd:latest
        imagePullPolicy: Always
        livenessProbe:
--- a/manifests/namespace-install.yaml
+++ b/manifests/namespace-install.yaml
@@ -954,6 +954,12 @@ spec:
              key: application.namespaces
              name: argocd-cmd-params-cm
              optional: true
+        - name: ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED
+          valueFrom:
+            configMapKeyRef:
+              key: notificationscontroller.selfservice.enabled
+              name: argocd-cmd-params-cm
+              optional: true
        image: quay.io/argoproj/argocd:latest
        imagePullPolicy: Always
        livenessProbe:
--- a/notification_controller/controller/controller.go
+++ b/notification_controller/controller/controller.go
@@ -63,19 +63,27 @@ func NewController(
 	registry *controller.MetricsRegistry,
 	secretName string,
 	configMapName string,
+	selfServiceNotificationEnabled bool,
 ) *notificationController {
 	var appClient dynamic.ResourceInterface
+
 	namespaceableAppClient := client.Resource(applications)
 	appClient = namespaceableAppClient
+
 	if len(applicationNamespaces) == 0 {
 		appClient = namespaceableAppClient.Namespace(namespace)
 	}
-
 	appInformer := newInformer(appClient, namespace, applicationNamespaces, appLabelSelector)
 	appProjInformer := newInformer(newAppProjClient(client, namespace), namespace, []string{namespace}, "")
-	secretInformer := k8s.NewSecretInformer(k8sClient, namespace, secretName)
-	configMapInformer := k8s.NewConfigMapInformer(k8sClient, namespace, configMapName)
-	apiFactory := api.NewFactory(settings.GetFactorySettings(argocdService, secretName, configMapName), namespace, secretInformer, configMapInformer)
+	var notificationConfigNamespace string
+	if selfServiceNotificationEnabled {
+		notificationConfigNamespace = v1.NamespaceAll
+	} else {
+		notificationConfigNamespace = namespace
+	}
+	secretInformer := k8s.NewSecretInformer(k8sClient, notificationConfigNamespace, secretName)
+	configMapInformer := k8s.NewConfigMapInformer(k8sClient, notificationConfigNamespace, configMapName)
+	apiFactory := api.NewFactory(settings.GetFactorySettings(argocdService, secretName, configMapName, selfServiceNotificationEnabled), namespace, secretInformer, configMapInformer)

 	res := &notificationController{
 		secretInformer:    secretInformer,
@@ -83,19 +91,30 @@ func NewController(
 		appInformer:       appInformer,
 		appProjInformer:   appProjInformer,
 		apiFactory:        apiFactory}
-	res.ctrl = controller.NewController(namespaceableAppClient, appInformer, apiFactory,
-		controller.WithSkipProcessing(func(obj v1.Object) (bool, string) {
-			app, ok := (obj).(*unstructured.Unstructured)
-			if !ok {
-				return false, ""
-			}
-			if checkAppNotInAdditionalNamespaces(app, namespace, applicationNamespaces) {
-				return true, "app is not in one of the application-namespaces, nor the notification controller namespace"
-			}
-			return !isAppSyncStatusRefreshed(app, log.WithField("app", obj.GetName())), "sync status out of date"
-		}),
-		controller.WithMetricsRegistry(registry),
-		controller.WithAlterDestinations(res.alterDestinations))
+	skipProcessingOpt := controller.WithSkipProcessing(func(obj v1.Object) (bool, string) {
+		app, ok := (obj).(*unstructured.Unstructured)
+		if !ok {
+			return false, ""
+		}
+		if checkAppNotInAdditionalNamespaces(app, namespace, applicationNamespaces) {
+			return true, "app is not in one of the application-namespaces, nor the notification controller namespace"
+		}
+		return !isAppSyncStatusRefreshed(app, log.WithField("app", obj.GetName())), "sync status out of date"
+	})
+	metricsRegistryOpt := controller.WithMetricsRegistry(registry)
+	alterDestinationsOpt := controller.WithAlterDestinations(res.alterDestinations)
+
+	if !selfServiceNotificationEnabled {
+		res.ctrl = controller.NewController(namespaceableAppClient, appInformer, apiFactory,
+			skipProcessingOpt,
+			metricsRegistryOpt,
+			alterDestinationsOpt)
+	} else {
+		res.ctrl = controller.NewControllerWithNamespaceSupport(namespaceableAppClient, appInformer, apiFactory,
+			skipProcessingOpt,
+			metricsRegistryOpt,
+			alterDestinationsOpt)
+	}
 	return res
 }

@@ -118,6 +137,7 @@ func (c *notificationController) alterDestinations(obj v1.Object, destinations s
 }

 func newInformer(resClient dynamic.ResourceInterface, controllerNamespace string, applicationNamespaces []string, selector string) cache.SharedIndexInformer {
+
 	informer := cache.NewSharedIndexInformer(
 		&cache.ListWatch{
 			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
--- a/notification_controller/controller/controller_test.go
+++ b/notification_controller/controller/controller_test.go
@@ -110,26 +110,30 @@ func TestInit(t *testing.T) {
 	k8sClient := k8sfake.NewSimpleClientset()
 	appLabelSelector := "app=test"

-	nc := NewController(
-		k8sClient,
-		dynamicClient,
-		nil,
-		"default",
-		[]string{},
-		appLabelSelector,
-		nil,
-		"my-secret",
-		"my-configmap",
-	)
+	selfServiceNotificationEnabledFlags := []bool{false, true}
+	for _, selfServiceNotificationEnabled := range selfServiceNotificationEnabledFlags {
+		nc := NewController(
+			k8sClient,
+			dynamicClient,
+			nil,
+			"default",
+			[]string{},
+			appLabelSelector,
+			nil,
+			"my-secret",
+			"my-configmap",
+			selfServiceNotificationEnabled,
+		)

-	assert.NotNil(t, nc)
+		assert.NotNil(t, nc)

-	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
-	defer cancel()
+		ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
+		defer cancel()

-	err = nc.Init(ctx)
+		err = nc.Init(ctx)

-	assert.NoError(t, err)
+		assert.NoError(t, err)
+	}
 }

 func TestInitTimeout(t *testing.T) {
@@ -152,6 +156,7 @@ func TestInitTimeout(t *testing.T) {
 		nil,
 		"my-secret",
 		"my-configmap",
+		false,
 	)

 	assert.NotNil(t, nc)
--- a/server/notification/notification_test.go
+++ b/server/notification/notification_test.go
@@ -70,7 +70,7 @@ func TestNotificationServer(t *testing.T) {
 	argocdService, err := service.NewArgoCDService(kubeclientset, testNamespace, mockRepoClient)
 	require.NoError(t, err)
 	defer argocdService.Close()
-	apiFactory := api.NewFactory(settings.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm"), testNamespace, secretInformer, configMapInformer)
+	apiFactory := api.NewFactory(settings.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm", false), testNamespace, secretInformer, configMapInformer)

 	t.Run("TestListServices", func(t *testing.T) {
 		server := NewServer(apiFactory)
--- a/server/server.go
+++ b/server/server.go
@@ -288,7 +288,7 @@ func NewServer(ctx context.Context, opts ArgoCDServerOpts) *ArgoCDServer {
 	secretInformer := k8s.NewSecretInformer(opts.KubeClientset, opts.Namespace, "argocd-notifications-secret")
 	configMapInformer := k8s.NewConfigMapInformer(opts.KubeClientset, opts.Namespace, "argocd-notifications-cm")

-	apiFactory := api.NewFactory(settings_notif.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm"), opts.Namespace, secretInformer, configMapInformer)
+	apiFactory := api.NewFactory(settings_notif.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm", false), opts.Namespace, secretInformer, configMapInformer)

 	dbInstance := db.NewDB(opts.Namespace, settingsMgr, opts.KubeClientset)
 	logger := log.NewEntry(log.StandardLogger())
--- a/util/notification/settings/settings.go
+++ b/util/notification/settings/settings.go
@@ -12,17 +12,20 @@ import (
 	service "github.com/argoproj/argo-cd/v2/util/notification/argocd"
 )

-func GetFactorySettings(argocdService service.Service, secretName, configMapName string) api.Settings {
+func GetFactorySettings(argocdService service.Service, secretName, configMapName string, selfServiceNotificationEnabled bool) api.Settings {
 	return api.Settings{
 		SecretName:    secretName,
 		ConfigMapName: configMapName,
 		InitGetVars: func(cfg *api.Config, configMap *v1.ConfigMap, secret *v1.Secret) (api.GetVars, error) {
+			if selfServiceNotificationEnabled {
+				return initGetVarsWithoutSecret(argocdService, cfg, configMap, secret)
+			}
 			return initGetVars(argocdService, cfg, configMap, secret)
 		},
 	}
 }

-func initGetVars(argocdService service.Service, cfg *api.Config, configMap *v1.ConfigMap, secret *v1.Secret) (api.GetVars, error) {
+func getContext(cfg *api.Config, configMap *v1.ConfigMap, secret *v1.Secret) (map[string]string, error) {
 	context := map[string]string{}
 	if contextYaml, ok := configMap.Data["context"]; ok {
 		if err := yaml.Unmarshal([]byte(contextYaml), &context); err != nil {
@@ -32,6 +35,28 @@ func initGetVars(argocdService service.Service, cfg *api.Config, configMap *v1.C
 	if err := ApplyLegacyConfig(cfg, context, configMap, secret); err != nil {
 		return nil, err
 	}
+	return context, nil
+}
+
+func initGetVarsWithoutSecret(argocdService service.Service, cfg *api.Config, configMap *v1.ConfigMap, secret *v1.Secret) (api.GetVars, error) {
+	context, err := getContext(cfg, configMap, secret)
+	if err != nil {
+		return nil, err
+	}
+
+	return func(obj map[string]interface{}, dest services.Destination) map[string]interface{} {
+		return expression.Spawn(&unstructured.Unstructured{Object: obj}, argocdService, map[string]interface{}{
+			"app":     obj,
+			"context": injectLegacyVar(context, dest.Service),
+		})
+	}, nil
+}
+
+func initGetVars(argocdService service.Service, cfg *api.Config, configMap *v1.ConfigMap, secret *v1.Secret) (api.GetVars, error) {
+	context, err := getContext(cfg, configMap, secret)
+	if err != nil {
+		return nil, err
+	}

 	return func(obj map[string]interface{}, dest services.Destination) map[string]interface{} {
 		return expression.Spawn(&unstructured.Unstructured{Object: obj}, argocdService, map[string]interface{}{