This page introduces the key concepts and Kubernetes Custom Resources that underpin Konflux. Familiarity with these ideas will help you navigate the platform and its APIs.
In Kubernetes, namespaces isolate groups of resources within a cluster. Konflux scopes all the resources and APIs you interact with to namespaces — including your components, applications, snapshots, secrets, and the Tekton PipelineRuns that perform builds, tests, and releases.
A tenant namespace is your team's workspace in Konflux — where you build artifacts, run tests, and manage releases. Team members access it according to their roles and permissions. One team can span multiple namespaces if needed, each with its own applications and components.
Managed namespaces are where release pipelines and credentials for your organization are configured. To release, you create a Release CR in your tenant namespace that references a specific snapshot; the managed namespace then runs the release pipeline for that snapshot.
An OCI artifact is any content stored in an OCI-compliant registry. Konflux builds produce OCI artifacts as their primary output — container images, File-Based Catalog bundles, Tekton bundles, and more. The SBOMs, signatures, and attestations generated during each build are also stored as OCI artifacts alongside the build output.
When you create a component in Konflux, the system pushes a build pipeline to the Git repository in the .tekton directory and installs a webhook. Upon a new push or pull request, the system runs the pipeline defined in the Git repository, describing the process necessary to build and test a specific artifact.
All Konflux APIs are Kubernetes Custom Resources (CRs). This means standard tools like kubectl can understand and interact with them just like Pods or Deployments.
Describes the properties of an OCI artifact — including the Git repository from which the artifact originates, the latest built commit, initial build configuration parameters, and relationships to other components. Component names are unique in a namespace.
An Application CR owns multiple components and logically groups them in the UI. When a component's build pipeline completes, the Integration Service creates a new snapshot from each Component CR and the just-produced artifact. IntegrationTestScenarios then run against this snapshot.
An immutable set of component references, created on each push or pull request event. A snapshot defines which components are tested or released together. A given snapshot does not necessarily represent the latest built artifacts for all components in your namespace.
A Tekton Pipeline that defines a test to run against an entire snapshot. The Integration Service runs all configured IntegrationTestScenarios for the snapshot's application, including a default one for every new application that enables EnterpriseContractPolicy checks. Each IntegrationTestScenario can be configured as optional for release.
Konflux follows a "build once, release multiple times" mentality. You codify build requirements in an EnterpriseContractPolicy CR. Conforma evaluates the policy against a snapshot and returns a single result based on the highest violation — if any component fails, the overall result is a failure.
Maps an Application you want to release to a release action. Defines the process to release future Snapshots of your Application in the managed namespace, determines whether automatic releases are enabled, and whether you want to provide additional data to each future release pipeline.
Created in the managed namespace, this CR defines the release pipeline to run and the EnterpriseContractPolicy that must pass for each snapshot before the pipeline can proceed. It also specifies where and how artifacts are delivered.
Every time you want to release newly built artifacts, you create a Release CR in your tenant namespace. It represents your intent to release some content and, when present, will initiate the push of content. A Release CR references a specific Snapshot and ReleasePlan. ReleasePlans can also be configured for auto-release.
Run Konflux on Kind or OpenShift
Full reference and guides
Key terms and definitions
Konflux API reference
Slack, forums & events