localurl:/gitops/gitops-runtimes/runtime-install-with-existing-argo-cd/

-title:Install GitOps Runtime with new Argo CD

localurl:/gitops/gitops-runtimes/hybrid-gitops-helm-installation/

-title:Troubleshooting Runtime installation

localurl:/gitops/gitops-runtimes/runtime-troubleshooting/

-title:Administration

localurl:/gitops/administration/account-user-management/create-codefresh-account/

-title:Adding users and teams

localurl:/gitops/administration/account-user-management/add-users/

-title:Set up OAuth2 for GitOps

localurl:/gitops/administration/account-user-management/oauth-setup/

-title:Access control for GitOps

localurl:/gitops/administration/account-user-management/gitops-abac/

-title:User settings

url:"/hybrid-gitops-helm-installation"

-title:Configure GitOps Runtime

url:"/runtime-configuration"

-title:Troubleshoot installation

url:"/runtime-troubleshooting"

-title:Runtime values file validation

url:"/gitops-values-yaml-validation"

-title:Ingress and service-mesh access modes

url:"/service-accounts"

-title:Configuring access control for GitOps

url:"/gitops-abac"

-title:Setting up OAuth2 for GitOps

url:"/oauth-setup"

-title:Authorize access to organizations/projects

url:"/hosted-authorize-orgs"

-title:Single Sign-On

localurl:/docs/installation/gitops/runtime-install-with-existing-argo-cd/

-title:Install GitOps Runtime with new Argo CD

localurl:/docs/installation/gitops/hybrid-gitops-helm-installation/

-title:Troubleshooting Runtime installation

localurl:/docs/installation/gitops/runtime-troubleshooting/

-title:Administration

-title:Install GitOps Runtime with existing Argo CD

url:"/runtime-install-with-existing-argo-cd"

-title:Install GitOps Runtime with new Argo CD

url:"/hybrid-gitops-helm-installation"

url:"/hybrid-gitops-helm-installation"

-title:Troubleshoot installation

url:"/runtime-troubleshooting"

-title:On-premises GitOps Runtime

url:"/on-prem-gitops-runtime-install"

-title:Runtime values file validation

{:start="2"}

1. Note down the following, as you will need them to create the K8s secret for the Git OAuth2 application:

* GitHub: Application ID from the URL, Client ID, and the client secret

{% if page.collection != site.gitops_collection %}

* GitLab Cloud and Server: Application ID and Secret

* Bitbucket Data Center: Key and Secret

<br>

As a user in Codefresh, you must authorize access to your Git provider accounts and authenticate Git-based actions from Codefresh clients, per provisioned GitOps Runtime. This is done through the Git user token, which is an access token unique to each user. For more details, including required scopes and how the Git user token differs from the Git Runtime token, see[Git tokens in Codefresh]({{site.baseurl}}/docs/security/git-tokens/).

The authorization mode depends on the authorization method set up by your account admin:

***OAuth2**

If your admin has set up authentication with OAuth2, you can authorize access using OAuth2.

For OAuth2, the administrator pre-configures the permissions and expiry date. Once you supply your credentials for authorization, you are automatically directed to the Git Personal Tokens page.

{% if page.collection != site.gitops_collection %}

Make sure you have:

* For Bitbucket only, your Bitbucket account username

* If needed, a_user access token_ from your Git provider with the required scopes:

*[GitHub](#generate-github-user-access-tokens)

*[GitLab](#generate-gitlab-user-access-tokens)

*[Bitbucket](#generate-bitbucket-user-access-tokens)

{% endif %}

{% if page.collection== site.gitops_collection %}

* Make sure you have a_user access token_ with the required scopes for[GitHub](#generate-github-user-access-tokens)

{% endif %}

1. In the Codefresh UI, on the toolbar, click your avatar, and then select**Git Personal Access Token**.

1. Complete the verification if required, as when two-factor authentication is configured, for example.

* For**Git user tokens**:

1. Expand**Advanced authorization options**.

{% if page.collection != site.gitops_collection %}

1. For Bitbucket, enter your**Bitbucket username**.

{% endif %}

1. In the**Personal Access Token** field, paste the token you generated.

{%

{:start="4"}

1. Click**Add Token**.

In the Git Personal Access Tokens list, you can see that the new token is assigned to the GitOps Runtime.

{% endif %}

{% if page.collection == site.gitops_collection %}

Codefresh GitOps does not officially support fine-grained tokens, or tokens with custom scopes. If you are using such tokens, make sure you turn off validation for Git tokens in the`values.yaml` file, as described in[Skipping token values.yaml]({{site.baseurl}}/docs/security/git-tokens#skipping-token-validation-in-valuesyaml).

Authorize Git access to GitOps Runtimes through Git user access tokens from your Git provider.

If you have access to more than one GitOps Runtime in the same or in different accounts, you can use the same Git user token for all the Runtimes you have access to._You must however authorize access for each GitOps Runtime individually_.

* Make sure you have a_user access token_ with the required scopes for[GitHub](#generate-github-user-access-tokens)

1. In the Codefresh UI, on the toolbar, click your avatar, and then select**Git Personal Access Token**.

1. Select the GitOps Runtime to authenticate to, and then click**Add Token**.

1. For**Git user tokens**:

1. Expand**Advanced authorization options**.

1. In the**Personal Access Token** field, paste the token you generated.

{%

include

image.html

lightbox="true"

file="/images/runtime/gitops-user-authorize-runtime-access.png"

url="/images/runtime/gitops-user-authorize-runtime-access.png"

alt="Authorize access to GitOps Runtime with OAuth/Git user token"

caption="Authorize access to GitOps Runtime with OAuth/Git user token"

max-width="50%"

%}

{:start="4"}

1. Click**Add Token**.

In the Git Personal Access Tokens list, you can see that the new token is assigned to the GitOps Runtime.

{% endif %}

Once you authorize access to one or more GitOps Runtimes through OAuth or Git user tokens, the GitOps Runtimes and their associated tokens are listed in the Git Personal Access Tokens page.

Once you authorize access to one or more GitOps Runtimes through{% if page.collection != site.gitops_collection %}OAuth or{% endif %} Git user tokens, the GitOps Runtimes and their associated tokens are listed in the Git Personal Access Tokens page.

You can manage Git user tokens for any GitOps Runtime, without affecting the GitOps Runtime at the account-level. Deleting the Git user token for a GitOps Runtime will deny_you_ access to the Git repositories, Git Sources and other resources associated with that Runtime, while the Runtime itself is not affected.

If you have turned on notifications for GitOps Runtimes, Codefresh alerts you toGitOps Runtimes with invalid or expired Git personal access tokens.

If you have turned on notifications for GitOps Runtimes, Codefresh alerts you tothose Runtimes with invalid or expired Git personal access tokens.

You can turn off these notifications for selectively for Runtimes for which these alerts are less critical.

Drag a product or application with changes to the target environment to promote it. Customize the Promotion Settings to control promotion behavior for the environment.

This method is best for quick promotions to test changes within a specific environment, typically in internal environments.

Watch this video:

{::nomarkdown}<img src=../../../images/icons/video-play-icon-blue.svg?display=inline-block>{:/}[Drag-and-drop promotions](https://www.youtube.com/watch?v=4isYoutmRco){:target="\_blank"}

<iframewidth="560"height="315"src="https://www.youtube.com/embed/4isYoutmRco?si=DYKHnarfK2Wx6rNI"title="YouTube video player"frameborder="0"allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"referrerpolicy="strict-origin-when-cross-origin"allowfullscreen></iframe>

The Git Source connects to a Git repository within your organization, serving as an easy way to manage the deployment and configuration of Argo CD applications on clusters.

The Git repository referenced by the Git Source stores application manifests and other resources which are always synced to the cluster. Codefresh manages the Git Source itself as an Argo CD application.

Watch this video:

{::nomarkdown}{% if page.collection != site.gitops_collection %}<img src=../../../../images/icons/video-play-icon-blue.svg?display=inline-block>{% endif %}{% if page.collection == site.gitops_collection %}<img src=../../../images/icons/video-play-icon-blue.svg?display=inline-block>{% endif %}{:/}[Git Sources in Runtimes](https://www.youtube.com/watch?v=StKxdCcOIQc&t=2s){:target="\_blank"}

<iframewidth="560"height="315"src="https://www.youtube.com/embed/StKxdCcOIQc?si=s3tc2tcq7fwxBUbz"title="YouTube video player"frameborder="0"allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"referrerpolicy="strict-origin-when-cross-origin"allowfullscreen></iframe>

You can install one GitOps Runtime per cluster. To add more, each Runtime must be on a separate cluster and have a unique name.

{% if page.collection != site.gitops_collection %}

{% endhighlight %}

When using token with custom scopes, or GitHub's fine-grained tokens (currently not officially supported by Codefresh),_skip token validation_ to avoid validation failures during installation.

When using token with custom scopes, or GitHub's fine-grained tokens (currently not officially supported by Codefresh),_for Runtime version v0.18.0 or lower, skip token validation_ to avoid validation failures during installation.

Add the`skipGitPermissionValidation` flag to your`values.yaml` file:

* Add the`skipGitPermissionValidation` flag to your`values.yaml` file:

app-proxy: