Creating a release plan admission

A ReleasePlanAdmission (RPA) CR exists within a managed workspace. It defines the specific pipeline to run and a given Conforma Policy which needs to pass for the Snapshot before that pipeline can proceed.

When an application is ready for release, the Development team contacts the owners of the managed workspace (for example, their organization’s SRE team) and requests access to the managed workspace. A RPA object is then created in the managed workspace to specify the configuration.

Creating a ReleasePlanAdmission object

Prerequisites

  • An existing Development and Managed workspace.

  • You have completed the steps listed in the Getting started in the CLI page.

  • An existing ReleasePlan object in the Development workspace.

Procedures

  1. Create a ReleasePlanAdmission.yaml object locally.

    Example ReleasePlanAdmission.yaml object

    apiVersion: appstudio.redhat.com/v1alpha1
kind: ReleasePlanAdmission
metadata:
 labels:
   release.appstudio.openshift.io/auto-release: 'true' (1)
 name: sre-production (2)
 namespace: managed-workspace (3)
spec:
 applications:
  - demo-app (4)
 data: <key> (5)
 environment: <sre-production> (6)
 origin: <dev-workspace> (7)
 pipelineRef: <pipeline_ref> (8)
 policy: <policy> (9)
 serviceAccount: <service-account> (10)
    1 Optional: Control whether or not this ReleasePlanAdmission is entirely disabled. If set to false, attempted releases will fail with a validation error. Defaults to true.
    2 The name of the release plan admission.
    3 The Managed environment team’s workspace.
    4 A list of applications that you want to enable to be deployed in the managed workspace.
    5 Optional: An unstructured key used for providing data for the managed Pipeline.
    6 Optional: The environment from which the application updates are allowed to be received in the Managed workspace. This environment is created by the Development team.
    7 The development team workspace where the application is defined.
    8 Reference to the Pipeline to be executed by the release service.
    9 The enterprise contract policy against which the system validates an application before releasing it to production.
    10 Optional: The name of the service account to use in the Pipeline to gain elevated privileges. It’s used only if you have defined the pipelineRef value.
    The ReleasePlanAdmission.yaml represents the reciprocal link to the ReleasePlan.yaml objects created by the development team.

  2. In the Managed workspace, apply the ReleasePlanAdmission.yaml file and add the resource to your cluster by running the following command:

    kubectl apply -f ReleasePlanAdmission.yaml -n managed
Verification

  1. In the Konflux UI, select the Release services > Release plan admission tab.

  2. Review the RPA object that you just added. Using the Release plan admission tab, you can update or delete the selected Release plan admission object.

  3. When a ReleasePlanAdmission is correctly configured to be paired with a ReleasePlan, its Status will display as being Matched.