diff --git a/docs/continuous-delivery/deploy-srv-diff-platforms/aws/aws-sam-deployments.md b/docs/continuous-delivery/deploy-srv-diff-platforms/aws/aws-sam-deployments.md index a89ef685d03..91fbc598c22 100644 --- a/docs/continuous-delivery/deploy-srv-diff-platforms/aws/aws-sam-deployments.md +++ b/docs/continuous-delivery/deploy-srv-diff-platforms/aws/aws-sam-deployments.md @@ -33,7 +33,7 @@ For details on AWS support in Harness, including tooling, limitations, and repos - Currently, you cannot add artifacts to your Harness SAM service. - You can manage whether Harness performs the SAM build within an ephemeral Docker container in a Kubernetes cluster using the `--use-container` option in the Harness SAM Build step. You can manage the Kubernetes settings for these steps as needed. For more information, go to [AWS documentation](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-cli-command-reference-sam-build.html#ref-sam-cli-build-options). - Harness doesn't support a controlled AWS SAM Rollback after a deployment pipeline failure occurs. AWS SAM will deploy the lambda function and if it fails during stack creation, cloudformation will roll it back. After a succesful AWS SAM deployment, Harness is not able to initiate a rollback, due to the AWS SAM cli's limitation to trigger rollback on demand. -- Currently, OIDC-enabled AWS connectors are not supported for AWS SAM deployments. +- OIDC-enabled AWS connectors are now supported for AWS SAM deployments. ## Demo Video diff --git a/docs/continuous-delivery/deploy-srv-diff-platforms/google-cloud-functions/google-functions.md b/docs/continuous-delivery/deploy-srv-diff-platforms/google-cloud-functions/google-functions.md index c7077d7bf99..9fc4ec606c8 100644 --- a/docs/continuous-delivery/deploy-srv-diff-platforms/google-cloud-functions/google-functions.md +++ b/docs/continuous-delivery/deploy-srv-diff-platforms/google-cloud-functions/google-functions.md @@ -38,7 +38,18 @@ Harness supports the following: - For Google Cloud Functions 2nd gen, Harness does not support [Google Cloud Source Repository](https://cloud.google.com/functions/docs/deploy#from-source-repo) at this time. Only Google Cloud Storage is supported. - For Google Cloud Functions 1st gen, Harness supports both Google Cloud Storage and Google Cloud Source. -- Currently, the OIDC connectivity mode is not compatible with Google Cloud Functions. You can't deploy Google Cloud Functions with OIDC-enabled GCP connectors. +- We support OpenID Connect (OIDC) authentication in Google Cloud Functions, enabling seamless integration with OIDC-compliant identity providers for enhanced security and user management. + +To configure OIDC authentication in GCP, navigate to account/project settings. + +Select **New Connector**, select **GCP** + +In the details tab, select **OIDC** + +Enter the necessary details like **Workload Pool ID**, **Provider ID**, **Project ID** and **Service Account Email** + +![](static/gcp-oidc.png) + ## Deployment summary diff --git a/docs/continuous-delivery/deploy-srv-diff-platforms/google-cloud-functions/static/gcp-oidc.png b/docs/continuous-delivery/deploy-srv-diff-platforms/google-cloud-functions/static/gcp-oidc.png new file mode 100644 index 00000000000..2063396137b Binary files /dev/null and b/docs/continuous-delivery/deploy-srv-diff-platforms/google-cloud-functions/static/gcp-oidc.png differ diff --git a/docs/continuous-delivery/deploy-srv-diff-platforms/helm/native-helm-quickstart.md b/docs/continuous-delivery/deploy-srv-diff-platforms/helm/native-helm-quickstart.md index 0ea67d10fca..f13dec3f83c 100644 --- a/docs/continuous-delivery/deploy-srv-diff-platforms/helm/native-helm-quickstart.md +++ b/docs/continuous-delivery/deploy-srv-diff-platforms/helm/native-helm-quickstart.md @@ -336,6 +336,23 @@ The options avialable to you to specify a Helm chart store depend on whether or - **Via Cloud Provider**. Contains the ECR connector option. This connector is specifically designed for AWS ECR to help you overcome the limitation of having to regenerate the ECR registry authentication token every 12 hours. The ECR connector option uses an AWS connector and regenerates the required authentication token if the token has expired. - For details on using different authentication types (access key, delegate IAM, and IRSA), go to [Add an AWS connector](/docs/platform/connectors/cloud-providers/add-aws-connector). +:::info + +We now support OpenID Connect (OIDC) authentication in Native Helm, enabling seamless integration with OIDC-compliant identity providers for enhanced security and user management. + +To configure OIDC authentication in Kubernetes, navigate to account/project settings. + +Select **New Connector**, select **Kubernetes cluster**. + +In the details tab, select **Specify master URL and credentials**. + +Enter the Master URL. + +In the **Authentication**, select **OpenID Connect** and fill in the necessary details. + +![](static/kubernetes-oidc-support.png) +::: + ### Helm commands performance analysis Harness interacts with helm charts and repositories by using various helm commands. When these commands are run in parallel along with a large helm repository, they can leave a significant CPU footprint on the Harness Delegate. Below is the summary of a few vulnerable helm commands which Harness uses: diff --git a/docs/continuous-delivery/deploy-srv-diff-platforms/helm/static/kubernetes-oidc-support.png b/docs/continuous-delivery/deploy-srv-diff-platforms/helm/static/kubernetes-oidc-support.png new file mode 100644 index 00000000000..65495dc10ce Binary files /dev/null and b/docs/continuous-delivery/deploy-srv-diff-platforms/helm/static/kubernetes-oidc-support.png differ diff --git a/docs/continuous-delivery/deploy-srv-diff-platforms/kubernetes/define-your-kubernetes-target-infrastructure.md b/docs/continuous-delivery/deploy-srv-diff-platforms/kubernetes/define-your-kubernetes-target-infrastructure.md index f1d94fbb798..125afce2fdb 100644 --- a/docs/continuous-delivery/deploy-srv-diff-platforms/kubernetes/define-your-kubernetes-target-infrastructure.md +++ b/docs/continuous-delivery/deploy-srv-diff-platforms/kubernetes/define-your-kubernetes-target-infrastructure.md @@ -467,6 +467,23 @@ To add an **Infrastructure Definition** with the Rancher connection method, do t +:::info + +We now support OpenID Connect (OIDC) authentication in Kubernetes, enabling seamless integration with OIDC-compliant identity providers for enhanced security and user management. + +To configure OIDC authentication in Kubernetes, navigate to account/project settings. + +Select **New Connector**, select **Kubernetes cluster** + +In the details tab, select **Specify master URL and credentials** + +Enter the Master URL + +In the **Authentication**, select **OpenID Connect** and fill in the necessary details. + +![](static/kubernetes-oidc-support.png) +::: + ## Dynamically provisioned infrastructure Here is a summary of the steps to dynamically provision the target infrastructure for a deployment: diff --git a/docs/continuous-delivery/deploy-srv-diff-platforms/kubernetes/static/kubernetes-oidc-support.png b/docs/continuous-delivery/deploy-srv-diff-platforms/kubernetes/static/kubernetes-oidc-support.png new file mode 100644 index 00000000000..65495dc10ce Binary files /dev/null and b/docs/continuous-delivery/deploy-srv-diff-platforms/kubernetes/static/kubernetes-oidc-support.png differ diff --git a/docs/continuous-delivery/deploy-srv-diff-platforms/serverless/serverless-lambda-cd-quickstart.md b/docs/continuous-delivery/deploy-srv-diff-platforms/serverless/serverless-lambda-cd-quickstart.md index 3e3ccd67240..58e4da58625 100644 --- a/docs/continuous-delivery/deploy-srv-diff-platforms/serverless/serverless-lambda-cd-quickstart.md +++ b/docs/continuous-delivery/deploy-srv-diff-platforms/serverless/serverless-lambda-cd-quickstart.md @@ -76,7 +76,7 @@ Review [Harness Key Concepts](/docs/platform/get-started/key-concepts) to esta - View and copy the API Key and Secret to a temporary place. You'll need them when setting up the Harness AWS Connector later in this quickstart. - **Full Admin Access:** click on **Attach existing policies directly**. Search for and select **AdministratorAccess** then click **Next: Review**. Check to make sure everything looks good and click **Create user**. - **Limited Access:** click on **Create policy**. Select the **JSON** tab, and add the JSON using the following code from the [Serverless gist](https://gist.github.com/ServerlessBot/7618156b8671840a539f405dea2704c8) IAMCredentials.json: -- **OIDC-enabled AWS Connector**: Currently, Serverless functions cannot be deployed using an OIDC-enabled AWS Connector. +- **OIDC-enabled AWS Connector**: Serverless functions can be deployed using an OIDC-enabled AWS Connector.
IAMCredentials.json diff --git a/docs/platform/connectors/cloud-providers/ref-cloud-providers/artifactory-connector-settings-reference.md b/docs/platform/connectors/cloud-providers/ref-cloud-providers/artifactory-connector-settings-reference.md index 6b0349a3ea2..987899fa448 100644 --- a/docs/platform/connectors/cloud-providers/ref-cloud-providers/artifactory-connector-settings-reference.md +++ b/docs/platform/connectors/cloud-providers/ref-cloud-providers/artifactory-connector-settings-reference.md @@ -114,3 +114,9 @@ The [Artifactory user account](#username-and-password) you use in the Harness Ar ![](./static/artifactory-connector-settings-reference-11.png) ::: + +:::info Limitation + +The Artifactory connector currently does not support OpenID Connect (OIDC) for authentication, limiting integration with OIDC-compliant identity providers + +::: \ No newline at end of file diff --git a/docs/platform/connectors/cloud-providers/ref-cloud-providers/docker-registry-connector-settings-reference.md b/docs/platform/connectors/cloud-providers/ref-cloud-providers/docker-registry-connector-settings-reference.md index b10aa76045a..a9a7081b943 100644 --- a/docs/platform/connectors/cloud-providers/ref-cloud-providers/docker-registry-connector-settings-reference.md +++ b/docs/platform/connectors/cloud-providers/ref-cloud-providers/docker-registry-connector-settings-reference.md @@ -117,3 +117,9 @@ You can connect through a Harness Delegate or the Harness Platform. If you plan The **Secure Connect** option is for [Secure Connect with Harness Cloud](/docs/continuous-integration/secure-ci/secure-connect). ::: + +:::info Limitation + +The Docker connector currently does not support OpenID Connect (OIDC) for authentication, limiting integration with OIDC-compliant identity providers + +::: \ No newline at end of file