You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _docs/administration/account-user-management/service-accounts.md
+12-2Lines changed: 12 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -93,14 +93,24 @@ max-width="90%"
93
93
{: .table .table-bordered .table-hover}
94
94
| Service Account Setting| Description|
95
95
| ------------------------| ----------------|
96
-
|**Name**| The name of the service account. <br>The**Admin** label to the right of the name indicates that the service account has been assigned an admin role.NIMA: what is the added value of admin role?|
96
+
|**Name**| The name of the service account. <br>The**Admin** label to the right of the name indicates that the service account has been assigned an admin role.|
97
97
|**API Keys**| The number of API keys assigned to the service account. <br>Selecting a service account displays the API keys generated for that account. Modify selected scopes by clicking Edit, or delete the API key.|
98
98
|**Teams**| The names of the teams the service account is assigned to.|
99
99
|**Status**| Indicates if the service account is currently active (**Enabled**) or inactive (**Disabled**). You may want to disable a service account to invalidate its API keys without having to remove the service account, and simply reenable when needed.|
100
100
|**Actions**| The options available to manage the service account through its context menu: {::nomarkdown}<ul><li><b>Edit</b>: Modify the settings of the service account, including adding/removing teams, enabling/disabling admin role.</li><li><b>Delete</b>: Delete the service account, including all the API keys defined for the account. This means that actions through the Codefresh API or CLI that require these keys will fail.</li></ul>{:/}|
101
101
102
+
##Authenticating to Amazon ECR with service account
103
+
104
+
Authenticate to Amazon ECR registries with credentials from the service account instead of the Access Key ID and Secret Access Key.
105
+
This allows pipelines to seamlessly authenticate to Amazon ECR via service account credentials, enhancing security and simplifying access management.
106
+
107
+
There are two requirements:
108
+
1. Set the option to authenticate via service accounts at the account level for pipelines. See[Advanced options for pipelines]({{site.baseurl}}/docs/pipelines/configuration/pipeline-settings/#advanced-options-for-pipelines).
109
+
1. Configure Amazon ECR integration to use service account credentials. See[Amazon ECR Container Registry pipeline integration]({{site.baseurl}}/docs/integrations/docker-registries/amazon-ec2-container-registry/).
110
+
102
111
103
112
##Related articles
104
-
[Access control for pipelines]({{site.baseurl}}/docs/administration/account-user-management/access-control/)
113
+
[Access control for pipelines]({{site.baseurl}}/docs/administration/account-user-management/access-control/)
Copy file name to clipboardExpand all lines: _docs/pipelines/configuration/pipeline-settings.md
+13-13Lines changed: 13 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ toc: true
9
9
---
10
10
11
11
12
-
As a Codefresh account administrator, you can define[global settings for pipelines] which are inherited by all new pipelines created in the account. Users can still override specific settings for individual pipelines.
12
+
As a Codefresh account administrator, you can define global settings for pipelines which are inherited by all new pipelines created in the account. Users can still override specific settings for individual pipelines.
13
13
14
14
##Account-level pipeline settings
15
15
@@ -26,7 +26,7 @@ As a Codefresh account administrator, you can define [global settings for pipeli
26
26
||[Memory usage warning for pipeline builds](#memory-usage-warning-for-pipeline-builds)| Enable alerts when pipelines reach/exceed the threshold.|
27
27
||[Default behavior for build step](#default-behavior-for-build-step)| Configure push image options for build steps.|
|Other|[Advanced options for pipelines](#advanced-options-for-pipelines)| Configureoptionsforbuild approvalandpipeline volumes.|
29
+
|Advanced options|[Advanced options for pipelines](#advanced-options-for-pipelines)| Configurethe default behaviorforvolumes, concurrent builds,andauthentication for Amazon ECR integrations, and more.|
30
30
|Argo Workflows|[Enable pipelines with Argo Workflows]({{site.baseurl}}/docs/workflows/create-pipeline/)| Create pipelines based on Argo Workflows.|
31
31
32
32
@@ -239,7 +239,7 @@ This behavior is simply a convenience feature for legacy pipelines.
239
239
Users can still use a[`push` step]({{site.baseurl}}/docs/pipelines/steps/push/) to always push an image to a registry regardless of what was chosen in the`build` step.
240
240
{{site.data.callout.end}}
241
241
242
-
##Default behavior for`pending-approval` step
242
+
##Default behavior for`pending-approval` step
243
243
Configure if manual confirmation is required after clicking the Approve or Reject buttons for[pending-approval steps]({{site.baseurl}}/docs/pipelines/steps/approval/). When required, a confirmation prompt is displayed on clicking Approve or Reject.
244
244
***None**: No manual intervention required on clicking either Approve or Reject.
245
245
***All**: Require manual intervention for both Approve and Reject.
@@ -249,28 +249,28 @@ Configure if manual confirmation is required after clicking the Approve or Rejec
249
249
250
250
##Advanced options for pipelines
251
251
252
-
Configure the default settings that definetheadvanced behavior for pipelines.
252
+
Configure the default settings that define advanced behavior for pipelines.
253
253
254
254
255
-
* Manage shared volumes for builds pending approval
255
+
***Manage shared volumes for builds pending approval**
256
256
Define if to[retain or discard]({{site.baseurl}}/docs/pipelines/steps/approval/#keeping-the-shared-volume-after-an-approval) the volume when a pipeline build is pending approval.
257
257
258
258
>**NOTE**
259
259
This option_affects pipeline resources and/or billing in the case of SaaS pricing_.
260
260
It will also affect users of existing pipelines that depend on this behavior.
261
-
Once you either enable or disable this option for an account, werecomend leaving it unchanged.
261
+
Once you either enable or disable this option for an account, werecommend leaving it unchanged.
262
262
263
-
* Concurrency policy forbuild pending approval
264
-
Determines whetherpipelines pending approval are[included or excluded from the concurrency count]({{site.baseurl}}/docs/pipelines/steps/approval/#define-concurrency-limits).
Determines whetherpipeline builds pending approval are[included or excluded from the concurrency count]({{site.baseurl}}/docs/pipelines/steps/approval/#define-concurrency-limits).
265
265
266
-
* ServiceAccountfor Amazon ECR authentication
267
-
Define the[Service Account]({{site.baseurl}}/docs/integrations/docker-registries/amazon-ec2-container-registry/#setting-up-ecr-integration---service-account) for Amazon ECRintegration.
Set the default registry from which to pull images for all_Public Marketplace Steps_.
271
-
You can select any[Docker Registry]({{site.baseurl}}/docs/integrations/docker-registries/) integrationsetup in Codefresh.
271
+
You can select any[Docker Registry]({{site.baseurl}}/docs/integrations/docker-registries/) integrationthat has been set up in Codefresh.
272
272
273
-
Example: Public Marketplace Step image is defined to use Docker Hub. If you select a`quay.io` integration, all Public Marketplace Step images are pulled from`quay.io` instead of from Docker Hub.
273
+
Example: Public Marketplace Step image is defined to use Docker Hub. If you select a`quay.io` integration as the Public Marketplace Registry, all Public Marketplace Step images are pulled from`quay.io` instead of from Docker Hub.
274
274
275
275
>**NOTE**
276
276
The selected registry affects only custom or typed steps.<br>