Creating a release plan admission

A ReleasePlanAdmission (RPA) CR exists within a managed tenant namespace. It defines the specific pipeline to run and a given Conforma Policy which needs to pass for the Snapshot before that pipeline can proceed.

When an application is ready for release, the Development team contacts the owners of the managed tenant namespace (for example, their organization’s SRE team) and requests access to the managed tenant namespace. A RPA object is then created in the managed tenant namespace to specify the configuration.

Creating a ReleasePlanAdmission object

Prerequisites
  • An existing Development and Managed tenant namespace.

  • You have completed the steps listed in the Getting started in the CLI page.

  • An existing ReleasePlan object in the Development tenant namespace.

Procedures
  1. Create a ReleasePlanAdmission.yaml object locally.

    Example ReleasePlanAdmission.yaml object

    apiVersion: appstudio.redhat.com/v1alpha1
    kind: ReleasePlanAdmission
    metadata:
     labels:
       release.appstudio.openshift.io/auto-release: 'true' (1)
     name: sre-production (2)
     namespace: managed-tenant-namespace (3)
    spec:
     applications:
      - demo-app (4)
     data: <key> (5)
     environment: <sre-production> (6)
     origin: <dev-tenant-namespace> (7)
     pipelineRef: <pipeline_ref> (8)
     policy: <policy> (9)
     serviceAccount: <service-account> (10)
    1 Optional: Control whether or not this ReleasePlanAdmission is entirely disabled. If set to false, attempted releases will fail with a validation error. Defaults to true.
    2 The name of the release plan admission.
    3 The Managed environment team’s tenant namespace.
    4 A list of applications that you want to enable to be deployed in the managed tenant namespace.
    5 Optional: An unstructured key used for providing data for the managed Pipeline.
    6 Optional: The environment from which the application updates are allowed to be received in the Managed tenant namespace. This environment is created by the Development team.
    7 The development team tenant namespace where the application is defined.
    8 Reference to the Pipeline to be executed by the release service.
    9 The enterprise contract policy against which the system validates an application before releasing it to production.
    10 Optional: The name of the service account to use in the Pipeline to gain elevated privileges. It’s used only if you have defined the pipelineRef value.
    The ReleasePlanAdmission.yaml represents the reciprocal link to the ReleasePlan.yaml objects created by the development team.
  2. In the Managed tenant namespace, apply the ReleasePlanAdmission.yaml file and add the resource to your cluster by running the following command:

    kubectl apply -f ReleasePlanAdmission.yaml -n managed
Verification
  1. In the Konflux UI, select the Release services > Release plan admission tab.

  2. Review the RPA object that you just added. Using the Release plan admission tab, you can update or delete the selected Release plan admission object.

  3. When a ReleasePlanAdmission is correctly configured to be paired with a ReleasePlan, its Status will display as being Matched.