diff --git a/_data/nav.yml b/_data/nav.yml index 7561d3818..6654d1ff7 100644 --- a/_data/nav.yml +++ b/_data/nav.yml @@ -21,7 +21,7 @@ - title: CI/CD quick starts url: "/ci-quickstart" sub-pages: - - title: CI pipeline quick start + - title: Pipeline quick start url: "/create-ci-pipeline" - title: Kubernetes deployment quick start url: "/deploy-to-kubernetes" @@ -48,7 +48,7 @@ -- title: Dashboards & Insights +- title: Dashboards & insights url: "/dashboards" pages: - title: Home dashboard @@ -58,7 +58,7 @@ -- title: CI/CD Guides +- title: CI/CD guides url: "/ci-cd-guides" pages: - title: Building your app @@ -439,7 +439,7 @@ url: "/what-is-the-codefresh-yaml" -- title: Workflows +- title: Argo Workflows url: "/workflows" pages: - title: Creating workflows @@ -453,7 +453,7 @@ - title: Sharing file systems url: "/sharing-file-system" -- title: CI/CD testing +- title: Testing url: "/testing" pages: - title: Unit tests @@ -471,23 +471,18 @@ - title: SonarQube scanning url: "/sonarqube-integration" -- title: Clients - url: "/clients" - pages: - - title: Download CLI - url: "/csdp-cli" - title: Installation url: "/installation" pages: - - title: Environments + - title: Options url: "/installation-options" - - title: Runtime architectures + - title: Architecture url: "/runtime-architecture" - - title: Codefresh Runner + - title: Runner url: "/codefresh-runner" - - title: On-Premises installation + - title: On-Premises url: "/codefresh-on-prem" - title: On-Premises upgrade url: "/codefresh-on-prem-upgrade" @@ -504,6 +499,8 @@ url: "/managed-cluster" - title: Add Git Sources to to GitOps Runtimes url: "/git-sources" + - title: Download/upgrade GitOps CLI + url: "/upgrade-gitops-cli" - title: Administration @@ -535,6 +532,8 @@ - title: Single Sign-On url: /single-sign-on pages: + - title: Single sign-on overview + url: /single-sign-on - title: Common configuration url: /team-sync - title: OpenID Connect diff --git a/_docs/administration/account-user-management/access-control.md b/_docs/administration/account-user-management/access-control.md index 3d55748c1..a4e745ae6 100644 --- a/_docs/administration/account-user-management/access-control.md +++ b/_docs/administration/account-user-management/access-control.md @@ -14,11 +14,11 @@ toc: true Codefresh provides several complementary ways for access control within an organization: -* **Role-based access**: [Role-based access](#users-and-administrators), restricts access to parts of the Codefresh UI intended for account administrators. For example, only an account administrator should be able to change integrations with [git providers]({{site.baseurl}}/docs/integrations/git-providers/) and [cloud services]({{site.baseurl}}/docs/deployments/kubernetes/add-kubernetes-cluster/). +* **Role-based access**: [Role-based access]({{site.baseurl}}/docs/administration/account-user-management/add-users/#users-in-codefresh), restricts access to parts of the Codefresh UI intended for account administrators. For example, only an account administrator should be able to change integrations with [git providers]({{site.baseurl}}/docs/integrations/git-providers/) and [cloud services]({{site.baseurl}}/docs/integrations/kubernetes/#connect-a-kubernetes-cluster). -* **Attribute-based access control (ABAC)**: Policy-based access control via attributes (ABAC), restricts access to [Kubernetes clusters and pipelines](#access-to-kubernetes-clusters-and-pipelines). This option allows account administrators to define exactly which teams have access to which clusters and pipelines. For example, access to production clusters can be granted only to a subset of trusted developers/operators. On the other hand, access to a QA/staging cluster can be less strict. +* **Attribute-based access control (ABAC)**: Policy-based access control via attributes (ABAC), restricts access to [Add Kubernetes clusters with policy attributes](##add-kubernetes-clusters-with-policy-attributes). This option allows account administrators to define exactly which teams have access to which clusters and pipelines. For example, you can grant access to production clusters only to a subset of trusted developers/operators. On the other hand, access to a QA/staging cluster can be less strict. -* **Git-repository access**: Restrict the Git repositories used to load [pipeline definitions](#pipeline-definition-restrictions). +* **Git-repository access**: Restrict the Git repositories used to load [pipeline definitions](##enabledisable-access-to-pipeline-yamls-by-source). ## Role-based access for users and administrators @@ -47,14 +47,14 @@ The table below lists the functionality available for role-based access. |View Docker images | `User` and `Admin`| |Inspect text reports | `User` and `Admin`| |[Git Integrations]({{site.baseurl}}/docs/integrations/git-providers/) | `Admin`| -|[External docker registry settings]({{site.baseurl}}/docs/docker-registries/external-docker-registries/) | `Admin`| -|[External Helm repositories]({{site.baseurl}}/docs/new-helm/add-helm-repository/) | `Admin`| -|[Cloud provider settings]({{site.baseurl}}/docs/deployments/kubernetes/add-kubernetes-cluster/) | `Admin`| +|[External Docker registry settings]({{site.baseurl}}/docs/integrations/docker-registries/) | `Admin`| +|[External Helm repositories]({{site.baseurl}}/docs/deployments/helm/add-helm-repository/) | `Admin`| +|[Cloud provider settings]({{site.baseurl}}/docs//integrations/kubernetes/#connect-a-kubernetes-cluster) | `Admin`| |[Cloud storage settings]({{site.baseurl}}/docs/testing/test-reports/#connecting-your-storage-account) | `Admin`| -|[Shared configuration]({{site.baseurl}}/docs/configure-ci-cd-pipeline/shared-configuration/) | `Admin`| +|[Shared configuration]({{site.baseurl}}/docs/pipelines/shared-configuration/) | `Admin`| |[API token generation]({{site.baseurl}}/docs/integrations/codefresh-api/#authentication-instructions) | `Admin`| -|[SSO Settings]({{site.baseurl}}/docs/administration/single-sign-on/) | `Admin`| -|[Runtime environment selection]({{site.baseurl}}/docs/configure-ci-cd-pipeline/pipelines/#pipeline-settings) | `Admin`| +|[SSO Settings]({{site.baseurl}}/docs/single-sign-on/) | `Admin`| +|[Runtime environment selection]({{site.baseurl}}/docs/pipelines/pipelines/#pipeline-settings) | `Admin`| |[Slack settings]({{site.baseurl}}/docs/integrations/notifications/slack-integration/) | `Admin`| |[Audit logs]({{site.baseurl}}/docs/administration/audit-logs/) | `Admin`| |ABAC for Kubernetes clusters | `Admin`| @@ -92,7 +92,7 @@ You can assign multiple tags to each cluster, making it easy to define multiple %} **Before you begin** -* If needed, [add a Kubernetes cluster]({{site.baseurl}}/docs/deployments/kubernetes/add-kubernetes-cluster/) +* If needed, [add a Kubernetes cluster]({{site.baseurl}}/docs//integrations/kubernetes/#connect-a-kubernetes-cluster) **How to** @@ -109,6 +109,8 @@ You can assign multiple tags to each cluster, making it easy to define multiple caption="Assigning tags to a cluster" max-width="60%" %} + +{:start="3"} 1. Click **Add** and type in the tag. 1. Continue to add tags and when finished, click **Save**. @@ -119,11 +121,11 @@ You can assign multiple tags to each cluster, making it easy to define multiple Similar to Kubernetes clusters, you can also add tags to specific pipelines. **Before you begin** -* If needed, [create a CI pipeline]({{site.baseurl}}/docs/pipelines/pipelines/) +* If needed, [create a pipeline]({{site.baseurl}}/docs/pipelines/pipelines/) **How to** -1. In the Codefresh UI, go to [Pipelines](https://g.codefresh.io/pipelines/all/){:target="\_blank"}. +1. In the Codefresh UI, from Pipelines in the sidebar, select [Pipelines](https://g.codefresh.io/pipelines/all/){:target="\_blank"}. 1. In the row with the target pipline, click the context menu for the pipeline, and then select **Edit tags**. 1. Type in the new tag, press Enter, and continue to add the tags you need. 1. When finished, click **Save**. @@ -149,7 +151,7 @@ For each rule you define, select: **Before you begin** -* Make sure you have [created at least one team]({{site.baseurl}}/docs/administration/add-users/#create-a-team-in-codefresh) +* Make sure you have [created at least one team]({{site.baseurl}}/docs/administration/account-user-management/add-users/#teams-in-codefresh) **How to** 1. In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **Account Settings**. @@ -177,23 +179,23 @@ For each rule you define, select: * `Update` - can see and edit existing allowed cluster resources (which means also perform [installation, removal and rollbacks of Helm charts]({{site.baseurl}}/docs/new-helm/helm-best-practices/)). Tags are managed from account settings, so this permission doesn’t apply to it currently. * `Delete` - cluster removal requires someone to be account administrator anyway so currently this permission isn’t really necessary. -For pipelines: +**For pipelines:** * `Create` - can only create new pipelines, not see, edit (which includes tagging them) or delete them. This permission should also go hand in hand with additional permissions like read/edit untagged pipelines. * `Read` - view allowed pipelines only. * `Update` - see and edit allowed pipelines only (including tagging them). * `Delete` - can delete allowed pipelines only. * `Run` - can run allowed pipelines only. -* `Approve` - resume pipelines that are waiting for manual [approval]({{site.baseurl}}/docs/codefresh-yaml/steps/approval/). -* `Debug` - allow the usage of the [pipeline debugger]({{site.baseurl}}/docs/configure-ci-cd-pipeline/debugging-pipelines/). +* `Approve` - resume pipelines that are waiting for manual [approval]({{site.baseurl}}/docs/pipelines/steps/approval/). +* `Debug` - allow the usage of the [pipeline debugger]({{site.baseurl}}/docs/pipelines/debugging-pipelines/). ## Git-repository access restrictions -By default, users can load pipeline definitions when [creating a pipeline]({{site.baseurl}}/docs/configure-ci-cd-pipeline/pipelines/), from the inline editor, or any private or public Git repository. +By default, users can load pipeline definitions when [creating a pipeline]({{site.baseurl}}/docs/pipelines/pipelines/), from the inline editor, or any private or public Git repository. -You can change the default behavior to restrict loading CI pipeline definitions from specific Git repositories or completely disable loading the definitions from all Git repositories. +You can change the default behavior to restrict loading pipeline definitions from specific Git repositories or completely disable loading the definitions from all Git repositories. ### Enable/disable access to pipeline YAMLs by source Enable or disable access to pipeline definition YAMLs based on the source of the YAML. These global settings are effective for all pipelines in the account and enables or disables that method of pipeline creation from the Codefresh UI. @@ -203,6 +205,7 @@ pipeline definitions from: * Any Git repository connected to Codefresh * **Any** public URL + 1. In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **Account Settings**. 1. From Configuration on the sidebar, select [**Pipeline Settings**](https://g.codefresh.io/account-admin/account-conf/pipeline-settings){:target="\_blank"}. @@ -215,8 +218,9 @@ pipeline definitions from: max-width="80%" %} +{:start="3"} 1. Turn on or off the options as needed. -1. Continue with + ### Define access to Git repositories for pipeline YAMLs If access to pipeline definitions are enabled for Git repositories, you can configure fine-grained restrictions through the integrations settings for your [Git provider]({{site.baseurl}}/docs/integrations/git-providers/). @@ -244,5 +248,5 @@ If access to pipeline definitions are enabled for Git repositories, you can conf ## Related articles -[Codefresh installation options]({{site.baseurl}}/docs/administration/installation-security/) +[Codefresh installation options]({{site.baseurl}}/docs/installation/installation-options/) [Managing your Kubernetes cluster]({{site.baseurl}}/docs/deployments/kubernetes/manage-kubernetes/) diff --git a/_docs/administration/account-user-management/add-users.md b/_docs/administration/account-user-management/add-users.md index 6177e2c3c..c511afe89 100644 --- a/_docs/administration/account-user-management/add-users.md +++ b/_docs/administration/account-user-management/add-users.md @@ -6,24 +6,26 @@ sub_group: account-user-management toc: true --- -Once you have created a Codefresh account, you can add any number of users to collaborate on repositories, workflows, and pipelines, and teams of users. +Once you have created a Codefresh account, you can add any number of users to collaborate on repositories, workflows, and pipelines, and teams of users. + + You can then create teams in Codefresh to group users who share a common denominator, such as the same permissions, access to the same functionality, or roles. Teams make it easy for administrators to both define and manage items shared by multiple users in an orgranization. ## Users in Codefresh -Adding a user requires assigning a role to define access to account resources, and optionally, selecting an SSO provider for the user: +Adding a user to an account requires assigning a role to define access to account resources, and optionally, selecting an SSO provider for the user: * **Role**: Defines the user's access level to the resources in the account. * **User**: The default. With this role, users can work with your repositories and pipelines, but cannot change settings on clusters, docker registries, git integrations, shared configurations etc. - * **Administrator**: User with this role have full access to your account and can change all your settings, so make sure that they are trusted colleagues. + * **Administrator**: With this role, users have full access to accounts, and can change all settings, so make sure that they are trusted colleagues. For guidelines on access control, see [Access control]({{site.baseurl}}/docs/administration/account-user-management/access-control/). * **SSO**: By default, SSO is not enabled for users. If required, explicitly select the SSO provider. For an overview of SSO, see [Single Sign on]({{site.baseurl}}/docs/single-sign-on/). ### Add a user to a Codefresh account 1. In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **Account Settings**. -1. On the sidebar, from Access & Collaboration, select [**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}. +1. On the sidebar, from Access & Collaboration select [**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}. 1. Select **Users**, and then select **+ [Add User]**. 1. Type the **User's email address**, and click **Invite**. @@ -45,10 +47,10 @@ Once you add a user to your Codefresh account, you can do the following to manag ## Teams in Codefresh -Teams are users who share the same permissions, roles, or as required and defined according to company processes. Teams allow you to enforce access control through ABAC (Attribute Based Access Control). +Teams are users who share the same permissions, roles, or requirements defined according to company processes. Teams allow you to enforce access control through ABAC (Attribute Based Access Control). By default, there are two teams: * Users -* Admins with users [invited as collaborators]({{site.baseurl}}/docs/accounts/assign-a-user-to-a-team/) +* Admins with users [invited as collaborators](#assign-a-user-to-a-team) > Only Enterprise customers can add new teams. Other Codefresh plans can only use the predefined *Users* and *Admin* teams. [Contact us](https://codefresh.io/contact-us/){:target="\_blank"} to upgrade to an Enterprise plan. @@ -84,10 +86,11 @@ As an administrator, you can optionally define session timeouts to automatically > The maximum duration for inactivity is 30 days. Inactive users are warned 15 minutes before they are logged out. -1. In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **Account Settings**. +1. In the Codefresh UI, on the toolbar, click the **Settings** icon, and then select **Account Settings**. 1. On the sidebar, from Access & Collaboration, select [**Users & Teams**](https://g.codefresh.io/account-admin/collaborators/users){:target="\_blank"}. 1. Select **Security**. 1. For **User Session**, add the timeout duration in minutes/hours/days. +1. To restrict invitations to specific email domains, below User Invitations, turn on **Restrict inviting additional users..** and then in the **Email domains**, type in the domains to allow, one per line. {% include image.html lightbox="true" @@ -98,18 +101,14 @@ As an administrator, you can optionally define session timeouts to automatically max-width="90%" %} -{:start="5"} -1. To restrict invitations to specific email domains, in the **Email domains** field below User Invitations, type in the domains to allow, one per line. - ## Troubleshoot add users -* [User is prompted to enter an organization name](https://support.codefresh.io/hc/en-us/articles/360020177959-User-is-prompted-to-enter-an-organization-name) -* [Account invitation not permitting login](https://support.codefresh.io/hc/en-us/articles/360015251000-Account-invitation-not-permitting-login) - +* [User is prompted to enter an organization name](https://support.codefresh.io/hc/en-us/articles/360020177959-User-is-prompted-to-enter-an-organization-name){:target="\_blank"} +* [Account invitation not permitting login](https://support.codefresh.io/hc/en-us/articles/360015251000-Account-invitation-not-permitting-login){:target="\_blank"} ## Related articles [Access control]({{site.baseurl}}/docs/administration/account-user-management/access-control/) [Single Sign on]({{site.baseurl}}/docs/single-sign-on/) -[OAuth authentication for Git providers]({{site.baseurl}}/docs/administration/account-user-management/oauth-setup) +[Setting up OAuth authentication for Git providers]({{site.baseurl}}/docs/administration/account-user-management/oauth-setup) diff --git a/_docs/administration/account-user-management/audit.md b/_docs/administration/account-user-management/audit.md index 0fa2d9d9f..02cd4c79c 100644 --- a/_docs/administration/account-user-management/audit.md +++ b/_docs/administration/account-user-management/audit.md @@ -1,6 +1,6 @@ --- -title: "Audit logs" -description: "Get a list of all actions in Codefresh" +title: "Auditing actions in Codefresh" +description: "Getlogs of all actions in Codefresh" group: administration sub_group: account-user-management redirect_from: @@ -13,7 +13,7 @@ The time frames covered by audit logs depends on the pricing tier of your Codefr The audit log includes: * UI actions from users -* [CLI](https://codefresh-io.github.io/cli/) invocations +* [CLI](https://codefresh-io.github.io/cli/){:target="\_blank"} invocations * Any [external integrations]({{site.baseurl}}/docs/integrations/codefresh-api/) used with Codefresh You can: @@ -106,6 +106,6 @@ Export all audited events, both Audits and Triggers, to a `CSV` file, for offli ## Related articles -[Codefresh installation options]({{site.baseurl}}/docs/installation/installation-security/) +[Codefresh installation options]({{site.baseurl}}/docs/installation/installation-options/) [Configuring access Control]({{site.baseurl}}/docs/administration/account-user-management/access-control/) -[Codefresh API]({{site.baseurl}}/docs/integrations/codefresh-api/) +[Codefresh API integration]({{site.baseurl}}/docs/integrations/codefresh-api/) diff --git a/_docs/administration/account-user-management/create-codefresh-account.md b/_docs/administration/account-user-management/create-codefresh-account.md index 158246684..8c71fc327 100644 --- a/_docs/administration/account-user-management/create-codefresh-account.md +++ b/_docs/administration/account-user-management/create-codefresh-account.md @@ -9,7 +9,7 @@ redirect_from: - /docs/getting-started/ - /docs/getting-started/introduction/ --- -Before you can do anything in Codefresh such as building and deploying your applications, you need to create a Codefresh account. +Before you can do create pipelines, build, and deploy applications in Codefresh, you need to create a Codefresh account. Creating an account in Codefresh is free (no credit card is required) and can be done in three simple steps @@ -23,7 +23,7 @@ max-width="90%" %} ## Step 1: Select your Identity Provider -As the first step in setting up ypur account in Codefresh, select the identity provider (IdP) to use. +As the first step in setting up your account in Codefresh, select the identity provider (IdP) to use. Codefresh currently supports the following IdPs: * GitHub * Bitbucket @@ -37,9 +37,9 @@ If you need an IdP that is not in the list, please [contact us](https://codefres >NOTES: For Git repositories, the login method is less important, as you can Git repositories through [Git integrations]({{site.baseurl}}/docs/integrations/git-providers/), regardless of your sign-up process. - If you multiple sign-up methods, as long as you use the same email address in all the sign-ups, Codefresh automatically redirects you to the account dashboard. + If you have multiple sign-up methods, as long as you use the same email address for all sign-ups, Codefresh automatically redirects you to the account dashboard. -1. Go to the [Codefresh Sign Up page](https://g.codefresh.io/signup). +1. Go to the [Codefresh Sign Up page](https://g.codefresh.io/signup){:target="\_blank"}. {% include @@ -54,7 +54,7 @@ max-width="40%" {:start="2"} 1. Select the IdP for sign-up. -1. Continue with [Step 2: Accept the permissions request](#step2-accept-the-permissions-request) +1. Continue with [Step 2: Accept the permissions request](#step2-accept-the-permissions-request). @@ -62,8 +62,7 @@ max-width="40%" After you select the IdP (identity provider), Codefresh requests permission to access your basic details, and for Git providers, to access your Git repositories. The Permissions window that is displayed differs according to the IdP selected in the previous step. -Don't worry, Codefresh will not do anything without your explicit approval, so don't be scared by the permissions shown -in the request window. The permissions requested by Codefresh are needed in order to build and deploy your projects. +Don't worry, Codefresh will not do anything without your explicit approval. Codefresh needs the permissions to build and deploy your projects. 1. Do any of the following: * For GitHub: To continue, click **Authorize codefresh-io**. @@ -212,8 +211,10 @@ We can establish a VPN / tunnel to your network or discuss options for an on-pre [Adding users and teams]({{site.baseurl}}/docs/administration/account-user-management/add-users/) [Configuring access control]({{site.baseurl}}/docs/administration/account-user-management/access-control/) [Codefresh IP addresses]({{site.baseurl}}/docs/administration/account-user-management/platform-ip-addresses/) -[Create a basic pipeline]({{site.baseurl}}/docs/getting-started/create-a-basic-pipeline/) -[Pipeline examples]({{site.baseurl}}/docs/example-catalog/ci-examples/) -[Deploy to Kubernetes]({{site.baseurl}}/docs/getting-started/deployment-to-kubernetes-quick-start-guide/) +[CI pipeline quick start]({{site.baseurl}}/docs/quick-start/ci-quickstart/create-a-basic-pipeline/) +[Kubernetes deployment quick start]({{site.baseurl}}/docs/quick-start/ci-quickstart/deploy-to-kubernetes) +[Pipeline examples]({{site.baseurl}}/docs/example-catalog/ci-examples/) + + diff --git a/_docs/administration/account-user-management/hosted-authorize-orgs.md b/_docs/administration/account-user-management/hosted-authorize-orgs.md index 4e98f0945..26f971d42 100644 --- a/_docs/administration/account-user-management/hosted-authorize-orgs.md +++ b/_docs/administration/account-user-management/hosted-authorize-orgs.md @@ -1,14 +1,15 @@ --- title: "Authorize organizations/projects" description: "" -group: runtime +group: administration +sub_group: account-user-management toc: true --- If your Git provider has an OAuth application for Codefresh, you need to authorize access to the app's organizations/projects to see them in Codefresh. > Authorization is per organization. -### Authorize organizations in GitHub +## Authorize organizations in GitHub Request or grant access to the organizations defined for the OAuth Codefresh application. @@ -26,5 +27,5 @@ caption="Authorize Codefresh organizations in GitHub" max-width="70%" %} -### Related articles -[Connect Git provider]({{site.baseurl}}/docs/runtime/hosted-runtime/#2-connect-git-provider) +## Related articles +[Connect Git provider]({{site.baseurl}}/docs/installation/gitops/hosted-runtime/#2-connect-git-provider) diff --git a/_docs/administration/account-user-management/oauth-setup.md b/_docs/administration/account-user-management/oauth-setup.md index 632cf4a72..90d3f6320 100644 --- a/_docs/administration/account-user-management/oauth-setup.md +++ b/_docs/administration/account-user-management/oauth-setup.md @@ -1,5 +1,5 @@ --- -title: "Seting up OAuth2 for Git providers" +title: "Setting up OAuth2 for Git providers" description: "" group: administration sub_group: account-user-management @@ -26,10 +26,10 @@ Codefresh supports OAuth2 or personal access tokens (PATs) for authentication: OAuth2 is the preferred authentication mechanism, supported for popular Git providers such as GitHub, GitHub Enterprise, GitLab Cloud and Server, and Bitbucket Cloud and Server. You have the option to use the default predefined Codefresh OAuth Application, or a custom Oauth2 Application for Codefresh in your Git provider account. Hosted runtime accounts automatically use Codefresh's predefined OAuth Application. - To use a custom Oauth2 Application for Codefresh, first create the application in your Git provider account, then create a secret on your K8s cluster, and finally configure OAuth2 access for the custom application in Authentication > Settings. See [Create a custom OAuth2 Application for Git provider](#create-a-custom-oauth2-provider-account) in this article. + To use a custom Oauth2 Application for Codefresh, first create the application in your Git provider account, then create a secret on your K8s cluster, and finally configure OAuth2 access for the custom application in Authentication > Settings. See [Create a custom OAuth2 Application for Git provider](#create-a-custom-oauth2-application-for-git-provider) in this article. * Token-based authentication using PAT - With token-based authentication, users must generate personal access tokens from their Git providers with the required scopes and enter their personal access tokens when prompted to authorize access. See [Authorize Git access in Codefresh]({{site.baseurl}}/docs/administration/user-settings/#authorize-git-access-in-codefresh). + With token-based authentication, users must generate personal access tokens from their Git providers with the required scopes and enter their personal access tokens when prompted to authorize access. See [Authorize Git access in Codefresh]({{site.baseurl}}/docs/administration/user-self-management/user-settings/#authorize-git-access-in-codefresh). @@ -99,7 +99,7 @@ Create and register an OAuth App under your organization to authorize Codefresh. where: `` is the IP address or URL of the ingress host in the runtime cluster. - > OAuth2 is not supported for hybrid runtimes with Bitbucket Cloud as the Git provider. Users can authorize access with their [Git personal access tokens](({{site.baseurl}}/docs/administration/user-settings/#authorize-git-access-in-codefresh)) in such cases. + > OAuth2 is not supported for hybrid runtimes with Bitbucket Cloud as the Git provider. Users can authorize access with their [Git personal access tokens](({{site.baseurl}}/docs/administration/user-self-management/user-settings/#authorize-git-access-in-codefresh)) in such cases. {:start="2"} @@ -220,7 +220,7 @@ For a Git provider and a runtime account, select the authentication mechanism: C ## Related articles -[Adding users and teams]({{site.baseurl}}/_docs/administration/account-user-management/add-users/) +[Adding users and teams]({{site.baseurl}}/docs/administration/account-user-management/add-users/) [Configuring access control]({{site.baseurl}}/docs/administration/account-user-management/access-control/) [Codefresh IP addresses]({{site.baseurl}}/docs/administration/account-user-management/platform-ip-addresses/) \ No newline at end of file diff --git a/_docs/administration/account-user-management/platform-ip-addresses.md b/_docs/administration/account-user-management/platform-ip-addresses.md index aa8e73ef6..369586fe9 100644 --- a/_docs/administration/account-user-management/platform-ip-addresses.md +++ b/_docs/administration/account-user-management/platform-ip-addresses.md @@ -13,7 +13,7 @@ You can register multiple external clusters to the Codefresh Runner and GitOps R In addition, managed clusters registered to Hosted GitOps Runtimes must be configured with a set of specific IP addresses to authorize access. -## Codefresh platform IPs (updated July 31st 2021) +## Codefresh platform IPs (updated January 2023) All the IPs are NAT gateways, and need to enable specific IPs instead of ranges. @@ -64,8 +64,8 @@ If you haven't configured your clusters with the required IPs, use the links bel [GKE (Google Kubernetes Engine)](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters){:target="\_blank"} -## What to read next +## Related articles [Codefresh Runner installation]({{site.baseurl}}/docs/installation/codefresh-runner/) -[Set up a Hosted GitOps Runtime]({{site.baseurl}}/docs/installation/hosted-runtime/) -[Install Hybrid GitOps Runtimes]({{site.baseurl}}/docs/runtime/hybrid-gitops/) +[Set up a Hosted GitOps Runtime]({{site.baseurl}}/docs/installation/gitops/hosted-runtime/) +[Install Hybrid GitOps Runtimes]({{site.baseurl}}/docs/installation/gitops/hybrid-gitops/) \ No newline at end of file diff --git a/_docs/administration/user-self-management/user-settings.md b/_docs/administration/user-self-management/user-settings.md index 32a9bbf97..1b656d617 100644 --- a/_docs/administration/user-self-management/user-settings.md +++ b/_docs/administration/user-self-management/user-settings.md @@ -1,5 +1,5 @@ --- -title: "Manage personal user settings" +title: "Managing personal user settings" description: "Manage your personal settings" group: administration sub_group: user-self-management @@ -16,7 +16,7 @@ As a Codefresh user, you can manage several settings in your personal account, i > To manage Git personal access tokens for GitOps, see [Managing PATs]({{site.baseurl}}/docs/administration/user-self-management/manage-pats). ## Access user settings -* In the Codefresh UI, on the toolbar, click the **Settings** icon and then select **User Settings** (https://g.codefresh.io/user/settings){:target="\_blank"}. +* In the Codefresh UI, on the toolbar, click the **Settings** icon and then select [**User Settings**](https://g.codefresh.io/user/settings){:target="\_blank"}. ## Email notifications for pipeline builds @@ -25,7 +25,7 @@ Configure the email notifications you want to receive for builds based on the bu > By default, email notifications for builds are disabled for _all users_. * In **Notifications**, define the email address and select the notifications: - * Email address for the notifications. By default, it's the same address you used to [sign up]({{site.baseurl}}/docs/administration/account-user-management/create-a-codefresh-account/). + * Email address for the notifications. By default, it's the same address you used to [sign up]({{site.baseurl}}/docs/administration/account-user-management/create-codefresh-account/). * Select the build statuses for which to receive notifications. @@ -108,7 +108,6 @@ max-width="80%" ## Related articles -[Manage Git PATs]({{site.baseurl}}/docs/administration/manage-pats) -[Single Sign on]({{site.baseurl}}/docs/administration/single-sign-on/) +[Single Sign on]({{site.baseurl}}/docs/single-sign-on/) diff --git a/_docs/reference/behind-the-firewall.md b/_docs/installation/behind-the-firewall.md similarity index 74% rename from _docs/reference/behind-the-firewall.md rename to _docs/installation/behind-the-firewall.md index b01ba1388..d29206b95 100644 --- a/_docs/reference/behind-the-firewall.md +++ b/_docs/installation/behind-the-firewall.md @@ -1,6 +1,6 @@ --- title: "Runner installation behind firewalls" -description: "Run Codefresh Pipelines in your own secure infrastructure" +description: "Run Codefresh pipelines in your own secure infrastructure" group: installation redirect_from: - /docs/enterprise/behind-the-firewall/ @@ -8,16 +8,16 @@ toc: true --- -As described in [installation options]({{site.baseurl}}/docs/installation/installation-options/) Codefresh offers CI/CD and GitOps installation environments, each with its own installation options. -This articles focuses on the CI/CD Hybrid installation option with the Codefresh Runner and its advantages. +As described in [installation options]({{site.baseurl}}/docs/installation/installation-options/) Codefresh offers Runner and GitOps installations. +This articles focuses on the Runner installation option and its advantages. -## Running Codefresh CI/CD in secure environments +## Running Codefresh in secure environments -Codefresh CI/CD has an on-premises installation in which the Codefresh CI/CD platform is installed on the customer's premises. While +Codefresh has an on-premises installation in which the Codefresh platform is installed on the customer's premises. While this solution is very effective as far as security is concerned, it places a lot of overhead on the customer, as all updates and improvements done in the platform must also be transferred to the customer premises. -Hybrid CI/CD places a Codefresh Runner within the customer premises, and the UI (and management platform) stays in the Codefresh SaaS. +Hybrid Runner installs the Runner within the customer premises, while the UI (and management platform) stays in Codefresh. Here is the overall architecture: @@ -47,17 +47,17 @@ Regarding security of services: Regarding firewall security: - 1. Uni-directional, outgoing communication between the Codefresh Runner and Codefresh CI/CD Platform. The Runner polls the Codefresh platform for jobs. - 1. Codefresh SaaS never connects to the customer network. No ports need to be open in the customer firewall for the runner to work. - 1. The Codefresh Runner is fully open-sourced, so its code can be scrutinized by any stakeholder. + 1. Uni-directional, outgoing communication between the Runner and Codefresh. The Runner polls the platform for jobs. + 1. Codefresh never connects to the customer network. No ports need to be open in the customer firewall for the runner to work. + 1. Codefresh Runner is fully open-sourced, so its code can be scrutinized by any stakeholder. -## Using secure services in your CI pipelines +## Using secure services in your pipelines -After installing the [Codefresh Runner]({{site.baseurl}}/docs/installation/codefresh-runner/) on your private Kubernetes cluster in your infrastructure, all CI pipelines in the private Kubernetes cluster have access to all other internal services that are network reachable. +After installing the [Codefresh Runner]({{site.baseurl}}/docs/installation/codefresh-runner/) on your private Kubernetes cluster in your infrastructure, all pipelines in the private Kubernetes cluster have access to all other internal services that are network reachable. -You can easily create CI pipelines that: +You can easily create pipelines that: * Use databases internal to the company * Run integration tests against services internal to the company @@ -66,16 +66,16 @@ You can easily create CI pipelines that: * Deploy to any other cluster accessible in the secure network * Create infrastructure such as machines, load balancers, auto-scaling groups etc. - Any of these CI pipelines will work out the box without extra configuration. In all cases, + Any of these pipelines will work out the box without extra configuration. In all cases, all data stays witin the private local network and does not exit the firewall. - >Notice that [long-running compositions]({{site.baseurl}}/docs/pipelines/steps/composition/) (preview test environments) are not yet available via the Codefresh build runner. + >Notice that [long-running compositions]({{site.baseurl}}/docs/pipelines/steps/composition/) (preview test environments) are not yet available via the Codefresh Runner. ### Checking out code from a private GIT repository -To check out code from your private Git repository, you need to connect first to Codefresh via [GIT integrations]({{site.baseurl}}/docs/integrations/git-providers/). However, once you define your GIT provider as *on premise* you also +To check out code from your private Git repository, you need to connect first to Codefresh via [Git integrations]({{site.baseurl}}/docs/integrations/git-providers/). However, once you define your GIT provider as *on premise* you also need to mark it as *behind the firewall* as well: {% include image.html @@ -87,7 +87,7 @@ need to mark it as *behind the firewall* as well: max-width="100%" %} -Once you do that save your provider and make sure that it has the correct tags. The name you used for the git provider will also be used in the pipeline. You cannot "test the connection" because +Once you do that save your provider and make sure that it has the correct tags. The name you used for the Git provider will also be used in the pipeline. You cannot "test the connection" because the Codefresh SAAS doesn't have access to your on-premises GIT repository. {% include image.html @@ -100,7 +100,7 @@ the Codefresh SAAS doesn't have access to your on-premises GIT repository. %} To check out code just use a [clone step]({{site.baseurl}}/docs/pipelines/steps/git-clone/) like any other clone operation. -The only thing to remember is that the GIT URL must be fully qualified. You need to [create a pipeline]({{site.baseurl}}/docs/pipelines/pipelines/#pipeline-creation-modes) on it its own from the *Pipelines* section of the left sidebar (instead of one adding a git repository to Codefresh) +The only thing to remember is that the Git URL must be fully qualified. You need to [create a pipeline]({{site.baseurl}}/docs/pipelines/pipelines/#pipeline-creation-modes) on it its own from the *Pipelines* section of the left sidebar (instead of one adding a Git repository to Codefresh) @@ -123,17 +123,17 @@ steps: {% endraw %} {% endhighlight %} -Once you trigger the CI pipeline, the Codefresh builder will communicate with your private GIT instance and checks out code. +Once you trigger the pipeline, the Codefresh Build Runtimes communicates with your private Git instance and checks out code. >Note that currently there is a limitation on the location of the `codefresh.yml` file. Only the [inline mode]({{site.baseurl}}/docs/pipelines/pipelines/#writing-codefresh-yml-in-the-gui) is supported. Soon we will allow the loading of the pipeline from the Git repository itself. You can also use a [network proxy]({{site.baseurl}}/docs/pipelines/steps/git-clone/#using-git-behind-a-proxy) for the Git clone step. -#### Adding triggers from private GIT repositories +#### Adding triggers from private Git repositories -In the previous section we have seen how a CI pipeline can check out code from an internal Git repository. We also need to set up a trigger, -so that every time a commit or any other supported event occurs, the Codefresh CI pipeline is triggered automatically. +In the previous section we have seen how a pipeline can check out code from an internal Git repository. We also need to set up a trigger, +so that every time a commit or any other supported event occurs, the Codefresh pipeline is triggered automatically. If you have installed the [optional app-proxy]({{site.baseurl}}/docs/installation/codefresh-runner/#optional-installation-of-the-app-proxy), adding a trigger can be done exactly like the SAAS version of Codefresh, using only the Codefresh UI. @@ -144,7 +144,7 @@ If you haven't installed the app-proxy, then adding a Git trigger is a two-step > To support triggers based on PR (Pull Request) events, it is mandatory to install `app-proxy`. -For the Codefresh side, follow the usual instructions for creating a [basic git trigger]({{site.baseurl}}/docs/configure-ci-cd-pipeline/triggers/git-triggers/). +For the Codefresh side, follow the usual instructions for creating a [basic Git trigger]({{site.baseurl}}/docs/pipelines/triggers/git-triggers/). Once you select your GIT provider, you need to manually enter your username and repository that you wish to trigger the build. @@ -173,9 +173,9 @@ Once that is done, Codefresh will show you the webhook endpoint along with a sec This concludes the setup on the Codefresh side. The final step is create a webhook call on the side of your GIT provider. The instructions are different per GIT provider: -* [GitHub webhooks](https://developer.github.com/webhooks/) -* [GitLab webhooks](https://docs.gitlab.com/ee/user/project/integrations/webhooks.html) -* [Stash webhooks](https://confluence.atlassian.com/bitbucketserver/managing-webhooks-in-bitbucket-server-938025878.html) +* [GitHub webhooks](https://developer.github.com/webhooks/){:target="\_blank"} +* [GitLab webhooks](https://docs.gitlab.com/ee/user/project/integrations/webhooks.html){:target="\_blank"} +* [Stash webhooks](https://confluence.atlassian.com/bitbucketserver/managing-webhooks-in-bitbucket-server-938025878.html){:target="\_blank"} In all cases make sure that the payload is JSON, because this is what Codefresh expects. @@ -186,10 +186,9 @@ After the setup is finished, the Codefresh pipeline will be executed every time ### Accessing an internal docker registry -To access an internal registry just follow the instructions for [adding registries]({{site.baseurl}}/docs/docker-registries/external-docker-registries/) . Like GIT repositories -you need to mark the Docker registry as *Behind the firewall*. +To access an internal registry just follow the instructions for [adding registries]({{site.baseurl}}/docs/integrations/docker-registries/). Like Git repositories, you need to mark the Docker registry as *Behind the firewall*. -Once that is done, use the [push step]({{site.baseurl}}/docs/codefresh-yaml/steps/push/) as usual with the name you gave to the registry during the integration setup. +Once that is done, use the [push step]({{site.baseurl}}/docs/pipelines/steps/push/) as usual with the name you gave to the registry during the integration setup. `YAML` @@ -219,9 +218,9 @@ steps: ### Deploying to an internal Kubernetes cluster -To connect a cluster that is behind the firewall follow the [connecting cluster guide]({{site.baseurl}}/docs/deploy-to-kubernetes/add-kubernetes-cluster/), paying attention to the following two points: +To connect a cluster that is behind the firewall follow the [connecting cluster guide]({{site.baseurl}}/docs/integrations/kubernetes/#connect-a-kubernetes-cluster), paying attention to the following two points: -1. Your cluster should be added as a [Custom provider]({{site.baseurl}}/docs/deploy-to-kubernetes/add-kubernetes-cluster/#adding-any-other-cluster-type-not-dependent-on-any-provider) +1. Your cluster should be added as a _Adding any other cluster type (not dependent on any provider_. 1. You need to mark the cluster as internal by using the toggle switch. @@ -240,9 +239,8 @@ The cluster where the runner works on should have network connectivity with the >Notice that the service account used in the cluster configuration is completely independent from the privileges granted to the Codefresh build runner. The privileges needed by the runner are only used to launch Codefresh pipelines within your cluster. The Service account used in the "custom provider" setting should have the needed privileges for deployment. -Once your cluster is connected you can use any of the familiar deployment methods such as the [dedicated deploy step]({{site.baseurl}}/docs/deploy-to-kubernetes/deployment-options-to-kubernetes/) or [custom kubectl commands]({{site.baseurl}}/docs/deploy-to-kubernetes/custom-kubectl-commands/). +Once your cluster is connected you can use any of the familiar deployment methods such as the [dedicated deploy step]({{site.baseurl}}/docs/deployments/kubernetes/deployment-options-to-kubernetes/) or [custom kubectl commands]({{site.baseurl}}/docs/deployments/kubernetes/custom-kubectl-commands/). ## Related articles -[Codefresh installation options]({{site.baseurl}}/docs/installation/installation-options/) [Google marketplace integration]({{site.baseurl}}/docs/integrations/ci-integrations/google-marketplace/) [Managing your Kubernetes cluster]({{site.baseurl}}/docs/deployments/kubernetes/manage-kubernetes/) diff --git a/_docs/installation/gitops/hosted-runtime.md b/_docs/installation/gitops/hosted-runtime.md index 11bd496ea..ec2c0f126 100644 --- a/_docs/installation/gitops/hosted-runtime.md +++ b/_docs/installation/gitops/hosted-runtime.md @@ -293,16 +293,16 @@ max-width="70%" 1. Configure access to the IP addresses required. See [Codefresh IP addresses]({{site.baseurl}}/docs/administration/platform-ip-addresses/). If you could not connect a cluster, you may not have the latest version of the CLI: -[Upgrade the GitOps CLI]({{site.baseurl}}/docs/clients/upgrade-gitops-cli/). +[Upgrade the GitOps CLI]({{site.baseurl}}/docs/installation/gitops/upgrade-gitops-cli/). You have completed setting up your Hosted GitOps Runtime. You are ready to create applications, and connect third-party CI tools for image enrichment. ### (Optional) Create application Optional. Create an application in Codefresh, deploy it to the cluster, and track deployment and performance in the Applications dashboard. -1. Follow our quick-start to create and deploy the `codefresh-guestbook` application. Start with [Create application resources]({{site.baseurl}}/docs/getting-started/quick-start/create-app-specs/). +1. Follow our quick-start to create and deploy the `codefresh-guestbook` application. Start with [Create application resources]({{site.baseurl}}/docs/quick-start/gitops-quickstart/create-app-specs/). OR - Create your own application. See [Create an application]({{site.baseurl}}/docs/deployment/create-application/) + Create your own application. See [Create an application]({{site.baseurl}}/docs/deployments/gitops/create-application/) {:start="2"} 2. In the Codefresh UI, view your application in the [Applications dashboard](https://g.codefresh.io/2.0/applications-dashboard){:target="\_blank"}. @@ -310,7 +310,7 @@ Optional. Create an application in Codefresh, deploy it to the cluster, and trac ## (Optional) Connect CI Optional. Integrate Codefresh with the third-party tools you use for CI to enrich image information in deployments. -[Image enrichment with integrations]({{site.baseurl}}/docs/integrations/image-enrichment-overview/) +[Image enrichment with integrations]({{site.baseurl}}/docs/gitops-integrations/image-enrichment-overview/) ### Related articles [Monitoring & managing GitOps Runtimes]({{site.baseurl}}/docs/installation/gitops/monitor-manage-runtimes/) diff --git a/_docs/installation/gitops/monitor-manage-runtimes.md b/_docs/installation/gitops/monitor-manage-runtimes.md index d67609286..53f6db8c6 100644 --- a/_docs/installation/gitops/monitor-manage-runtimes.md +++ b/_docs/installation/gitops/monitor-manage-runtimes.md @@ -27,7 +27,7 @@ View Runtime components and information in List or Topology view formats to mana Manage provisioned GitOps Runtimes: * [Add managed clusters to GitOps Runtimes]({{site.baseurl}}/docs/installation/gitops/managed-cluster/) * [Add and manage Git Sources for GitOps Runtimes]({{site.baseurl}}/docs/installation/gitops/git-sources/) -* [Upgrade GitOps CLI](#hybrid-gitops-upgrade-provisioned-runtimes) +* [Upgrade GitOps CLI]({{site.baseurl}}/docs/installation/gitops/upgrade-gitops-cli/) * Upgrade Hybrid GitOps Runtimes * Uninstall GitOps Runtimes @@ -106,7 +106,6 @@ Here is a description of the information in the Topology view. ## Managing provisioned GitOps Runtimes * [Reset shared configuration repository for GitOps Runtimes](#reset-shared-configuration-repository-for-gitops-runtimes) -* [(Hybrid GitOps) Upgrade GitOps CLI](#hybrid-gitops-upgrade-gitops-cli) * [(Hybrid GitOps) Upgrade provisioned Runtimes](#hybrid-gitops-upgrade-provisioned-runtimes) * [Uninstall provisioned GitOps Runtimes](#uninstall-provisioned-gitops-runtimes) * [Update Git tokens for Runtimes](#update-git-tokens-for-runtimes) @@ -124,22 +123,6 @@ Uninstall all the existing runtimes in your account, and then run the reset comm * Run: `cf config --reset-shared-config-repo` -### (Hybrid GitOps) Upgrade GitOps CLI -Upgrade the CLI to the latest version to prevent Runtime installation errors. - -1. Check the version of the CLI you have installed: - `cf version` -1. Compare with the [latest version](https://github.com/codefresh-io/cli-v2/releases){:target="\_blank"} released by Codefresh. -1. Select and run the appropriate command: - -{: .table .table-bordered .table-hover} -| Download mode | OS | Commands | -| -------------- | ----------| ----------| -| `curl` | MacOS-x64 | `curl -L --output - https://github.com/codefresh-io/cli-v2/releases/latest/download/cf-darwin-amd64.tar.gz | tar zx && mv ./cf-darwin-amd64 /usr/local/bin/cf && cf version`| -| | MacOS-m1 |`curl -L --output - https://github.com/codefresh-io/cli-v2/releases/latest/download/cf-darwin-arm64.tar.gz | tar zx && mv ./cf-darwin-arm64 /usr/local/bin/cf && cf version` | -| | Linux - X64 |`curl -L --output - https://github.com/codefresh-io/cli-v2/releases/latest/download/cf-linux-amd64.tar.gz | tar zx && mv ./cf-linux-amd64 /usr/local/bin/cf && cf version` | -| | Linux - ARM | `curl -L --output - https://github.com/codefresh-io/cli-v2/releases/latest/download/cf-linux-arm64.tar.gz | tar zx && mv ./cf-linux-arm64 /usr/local/bin/cf && cf version`| -| `brew` | N/A| `brew tap codefresh-io/cli && brew install cf2`| ### (Hybrid GitOps) Upgrade provisioned Runtimes diff --git a/_docs/clients/upgrade-gitops-cli.md b/_docs/installation/gitops/upgrade-gitops-cli.md similarity index 100% rename from _docs/clients/upgrade-gitops-cli.md rename to _docs/installation/gitops/upgrade-gitops-cli.md diff --git a/_docs/installation/installation-options.md b/_docs/installation/installation-options.md index 908c507ad..067c40960 100644 --- a/_docs/installation/installation-options.md +++ b/_docs/installation/installation-options.md @@ -1,17 +1,16 @@ --- -title: "Installation environments" -description: "Understand Runner and GitOps installation options" +title: "Installation options" +description: "Understand Codefresh installation options" group: installation toc: true --- -To be changed and updated for ProjectOne The Codefresh platform supports three different installation options, all compliant with Soc2. * Hybrid Runner - The Runner installation is the hybrid installation mode for Codefresh pipelines. The Codefresh UI runs in the Codefresh cloud, and the builds run on customer premises. - The Runner combines flexibility with security, and is Enterprise customers looking for a "behind-the-firewall" solution. For a detailed look, read [Runner installation behind firewalls]({{site.baseurl}}/docs/reference/behind-the-firewall). - Pipelines created in Codefresh fetch code from your Git repository, packages/compiles the code, and deploys the final artifact to a target environment. + The Runner installation is the hybrid installation mode for Codefresh pipelines. The Codefresh UI runs in the Codefresh cloud, and the builds run on customer premises. The Runner combines flexibility with security, and is optimal for Enterprise customers looking for a "behind-the-firewall" solution. + See [Hybrid Runner](#hybrid-runner). + * On-premises On-premises installation is for customers who want full control over their environments. Both the UI and builds run on the Kubernetes cluster in an environment fully managed by you as our customer. @@ -20,11 +19,11 @@ The Codefresh platform supports three different installation options, all compli - * GitOps GitOps installation is a full-featured solution for application deployments and releases. Powered by the Argo Project, Codefresh uses Argo CD, Argo Workflows, Argo Events, and Argo Rollouts, extended with unique functionality and features essential for enterprise deployments. - GitOps installations support Hosted and Hybrid options. + GitOps installations support Hosted and Hybrid options. + See [GitOps](#gitops).