You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Codefresh integrates with the Git provider defined for the GitOps Runtime to sync repositories to your clusters, implementing Git-based operations when creating resources such as applications, and enriching images with valuable information.
Codefresh integrates withGitHub Cloud asthe Git provider defined for the GitOps Runtime to sync repositories to your clusters, implementing Git-based operations when creating resources such as applications, and enriching images with valuable information.
As the account administrator, you can select the authentication method for the account associated with the Runtime.
Users in the account can then authorize access to the Git provider through the defined mechanism.
Users in the account can then authorize access toGitHub asthe Git provider through the defined mechanism.
{% if page.collection != site.gitops_collection %}
{% include
image.html
lightbox="true"
Expand All
@@ -26,30 +25,15 @@ Users in the account can then authorize access to the Git provider through the d
Codefresh supports OAuth2 or personal access tokens (PATs) for authentication:
* **OAuth2 with Codefresh OAuth Application or custom OAuth2 Application**
OAuth2 is the preferred authentication mechanism, supported forpopular Git providers such asGitHub, GitHub Enterprise, GitLab Cloud and Server, and Bitbucket Cloud and Server.
OAuth2 is the preferred authentication mechanism, supported for GitHub.
You have the option to use the default predefined Codefresh OAuth Application, or a custom Oauth2 Application for Codefresh in your Git provider account.
To use a custom Oauth2 Application for Codefresh, first create the application in yourGit provider account, then create a secret on your K8s cluster, and finally configure OAuth2 access for the custom application in Authentication > Settings. <br>
To use a custom Oauth2 Application for Codefresh, first create the application in yourGitHub account, then create a secret on your K8s cluster, and finally configure OAuth2 access for the custom application in Authentication > Settings. <br>
See [Create a custom OAuth2 Application for Git provider](#create-a-custom-oauth2-application-for-git-provider) in this article.
* **Token-based authentication using PAT**
With token-based authentication, users must generate personal access tokensfrom theirGit providers with the required scopes and enter their personal access tokens when prompted to authorize access.<br>
With token-based authentication, users must generate personal access tokensfor theirGitHub accounts with the required scopes and enter their personal access tokens when prompted to authorize access.<br>
See [Authorize Git access in Codefresh]({{site.baseurl}}/docs/administration/user-self-management/user-settings/#git-provider-private-access).
{% endif %}
{% if page.collection == site.gitops_collection %}
Codefresh supports OAuth2 or personal access tokens (PATs) for authentication:
* **OAuth2 with Codefresh OAuth Application or custom OAuth2 Application**
OAuth2 is the preferred authentication mechanism for GitHub. You have the option to use the default predefined Codefresh OAuth Application, or a custom Oauth2 Application for Codefresh in your Git provider account.
To use a custom Oauth2 Application for Codefresh, first create the application in your Git provider account, then create a secret on your K8s cluster, and finally configure OAuth2 access for the custom application in Authentication > Settings. <br>
See [Create a custom OAuth2 Application for Git provider](#create-a-custom-oauth2-application-for-git-provider) in this article.
* **Token-based authentication using PAT**
With token-based authentication, users must generate personal access tokens with the required scopes in their GitHub accounts, and enter their personal access tokens when prompted to authorize access.<br>
See [Authorize Git access in Codefresh]({{site.baseurl}}/docs/administration/user-self-management/user-settings/#git-provider-private-access).
{% endif %}
## Authentication for Git providers and Runtime accounts
Expand All
@@ -72,16 +56,7 @@ As the account administrator, you can change the authentication method for a Git
## Create a custom OAuth2 Application for Git provider
Create a custom OAuth2 Application for Codefresh in your Git provider account with the correct scopes, and set up authentication for the same within Codefresh. Users can then authorize access to the Git provider using OAuth2, instead of a personal access token.
{% if page.collection != site.gitops_collection %}
Supported Git providers:
* GitHub and GitHub Enterprise
* GitLab Cloud and GitLab Server
* Bitbucket Cloud (hosted) and Bitbucket Data Center (hybrid)
{% endif %}
<br>
Create a custom OAuth2 Application for Codefresh in your GitHub account with the correct scopes, and set up authentication for the same within Codefresh. Users can then authorize access using OAuth2, instead of a personal access token.
To set up OAuth2 authorization in Codefresh, you must:
Expand All
@@ -94,48 +69,27 @@ To set up OAuth2 authorization in Codefresh, you must:
### Step 1: Create a custom OAuth2 Application in Git
Create and register an OAuth App under your organization to authorize Codefresh.
1. Follow the step-by-step instructions for your Git provider:
`<ingressHost>` is the IP address or URL of the ingress host in the runtime cluster.
>**NOTE**
OAuth2 is not supported for hybrid runtimes with Bitbucket Cloud as the Git provider. Users can authorize access with their [Git personal access tokens]({{site.baseurl}}/docs/administration/user-self-management/user-settings/#authorize-git-access-in-codefresh) in such cases.
{% endif %}
{:start="1"}
1. For [GitHub](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app){:target="\_blank"}, do the following:
* For **Authorization callback URL**, enter this value:
`<ingressHost>` is the IP address or URL of the ingress host in the Runtime cluster as defined in your `values.yaml`. <br>
For tunnel-based access modes, run the command `codefresh runtime list` to retrieve the correct host.
* Make sure **Enable Device Flow** is _not_ selected.
* Select **Register application**.<br>
The client ID is automatically generated, and you are prompted to generate the client secret.
* Select **Generate a new client secret**, and copy the generated secret.
{:start="2"}
1. Note down the following, as you will need them to create the K8s secret for the Git OAuth2 application:
* GitHub: Application ID from the URL, Client ID, and the client secret
* GitLab Cloud and Server: Application ID and Secret
* Bitbucket Data Center: Key and Secret
1. Note down the following, as you will need them to create the K8s secret for the Git OAuth2 application:<br>
* Application ID from the URL, Client ID, and the client secret
<br>
### Step 2: Create a K8s secret resource in the runtime cluster
Create a K8s secret in theruntime cluster, using the example below as a guideline. You must define the application ID (`appId`), client ID (`clientId`) and the client secret (`clientSecret`) from the OAuth2 Application you created in yourGit provider, and the Git URL (`url`).
Create a K8s secret in theRuntime cluster, using the example below as a guideline. You must define the application ID (`appId`), client ID (`clientId`) and the client secret (`clientSecret`) from the OAuth2 Application you created in yourGitHub account, and the Git URL (`url`).
>**NOTE**
All fields in the secret _must be_ encoded in `base64`.
Expand All
@@ -145,11 +99,8 @@ Create a K8s secret in the runtime cluster, using the example below as a guideli
##### Before you begin
Make sure you have the following handy:
* GitHub: Application ID from the URL, Client ID, and the client secret
{% if page.collection != site.gitops_collection %}
* GitLab Cloud and Server: Application ID and Secret
* Bitbucket Data Center: Key and Secret
{% endif %}
* Application ID from the URL, Client ID, and the client secret
##### How to
Expand DownExpand Up
@@ -199,7 +150,7 @@ The values for all the settings in the ConfigMap are the `keys` in the secret fi
If you have managed clusters registered to the selected Runtime, the authentication account is available to all the clusters.
{{site.data.callout.end}}
The settings pageis opened in **Form** mode.
The settings pageopens in **Form** mode.
{% include
image.html
Expand All
@@ -211,7 +162,7 @@ The values for all the settings in the ConfigMap are the `keys` in the secret fi
max-width="50%"
%}
{:start="4"}
{:start="5"}
1. Configure the settings for the **Git OAuth2 Application**, either in **Form** or in **YAML** modes:
* **Secret Name**: The name of the K8s secret file you created in the runtime cluster.
* **Secret Namespace**: The namespace in the runtime cluster where you created the K8s secret.
Expand All
@@ -220,7 +171,7 @@ The values for all the settings in the ConfigMap are the `keys` in the secret fi
* **Client Secret**: The `key` representing the client secret in the K8s secret. For example, `clientSecret`.
* **URL**: The `key` representing the Git provider URL in the K8s secret. For example, `url`.
{:start="5"}
{:start="6"}
1. Click **Commit**.
The Commit Changes panel shows a summary of the settings and the final version of the YAML manifest in read-only mode.
Expand All
@@ -234,7 +185,7 @@ The values for all the settings in the ConfigMap are the `keys` in the secret fi
max-width="50%"
%}
{:start="6"}
{:start="7"}
1. From the **Select Git Source** list, select the Git Source in which to store the manifest for the `ConfigMap` you are creating.
The list displays all the Git Sources created for the selected runtime.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Sorry, this file is invalid so it cannot be displayed.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
