Creating applications and components

At the time of publication, to create applications in Konflux, you need to manually configure them by editing YAML files. This might change, in favor of maintaining those configurations in the Konflux UI.

Prerequisites:
  • Enabled build pipelines for your instance of Konflux.

  • The following values from your Konflux GitHub App:

    • The private key

    • The App ID

    • The webhook secret

  • A GitHub repository with source code for your application

    • It must have the same basic structure as our example repository

  • Read/write access to the repository for your instance of Konflux

  • kubectl CLI tool

Procedure:
  1. In the GitHub repository for your application, install your organization’s Konflux GitHub App.

  2. In the repository for your instance of Konflux, prepare an application-and-component.yaml file for your namespace.

    1. If your namespace does not already have this YAML file, create it with the following path: /test/resources/demo-users/user/<namespace>/application-and-component.yaml. Use the namespace 2 file as a template.

    2. Replace the two url values in that YAML file as follows:

      1. For the url value beneath git, provide the URL that you would use to locally clone your application’s repository. This URL ends with .git.

      2. For the url value beneath spec, at the end of the file, provide the URL for your application’s repository that you see in your browser, without .git at the end.

        To add other components to the same namespace, reference the example YAML file beneath this procedure.
  3. Login to the Kubernetes cluster where Konflux is deployed.

  4. Run the following command. Be sure to replace <namespace> with your actual namespace.

    kubectl create -f /test/resources/demo-users/user/<namespace>/application-and-component.yaml

  5. Run the following command. But first, be sure to export as variables or hard code the values for PATH_PRIVATE_KEY, APP_ID, and WEBHOOK_SECRET.

    kubectl -n pipelines-as-code create secret generic pipelines-as-code-secret \
           --from-literal github-private-key="$(cat $PATH_PRIVATE_KEY)" \
           --from-literal github-application-id="APP_ID" \
           --from-literal webhook.secret="WEBHOOK_SECRET"
  6. Still in the context of your Konflux repository, run kubectl create -f smee/smee-client.

  7. Now, you can trigger your application’s first build pipeline. In the git repository for your application, using your preferred text editor, open a pull request against the /.tekton/pull-request.yaml file.

    1. Specifically, replace any existing value for the git-url field with the git URL for your application’s repository. (This is the URL you would use to clone the repository locally; it ends with .git.)

The PipelineRun will run only for submitters who have permission to run PipelineRuns or who receive an /ok-to-test comment from an authorized user.
For further details on PipelineRun permissions, please refer to the PipelinesAsCode documentation.
  1. Once the PR is made, a build pipeline should start. You can track its progress in the Konflux UI or you can see the final status in GitHub after the pipeline completes. If the pipeline is successful, you can merge the PR.

Example YAML file for multiple components

If you want to create an application that contains multiple components, model your application-and-component.yaml file after the following example.

---
apiVersion: appstudio.redhat.com/v1alpha1
kind: Application
metadata:
  name: test-application
  namespace: user-ns2
  annotations:
    application.thumbnail: "1"
spec:
  displayName: test-application
---
apiVersion: appstudio.redhat.com/v1alpha1
kind: Component
metadata:
  name: test-component1
  namespace: user-ns2
  annotations:
    build.appstudio.openshift.io/request: configure-pac
    image.redhat.com/generate: '{"visibility": "public"}'
spec:
  application: test-application
  componentName: test-component1
  source:
    git:
      revision: main
      url: https://github.com/konflux-ci/testrepo.git
      dockerfileUrl: Dockerfile
      context: ./
---
apiVersion: appstudio.redhat.com/v1alpha1
kind: Component
metadata:
  name: test-component2
  namespace: user-ns2
  annotations:
    build.appstudio.openshift.io/request: configure-pac
    image.redhat.com/generate: '{"visibility": "public"}'
spec:
  application: test-application
  componentName: test-component2
  source:
    git:
      revision: main
      url: https://github.com/konflux-ci/anothertestrepo.git
      dockerfileUrl: Dockerfile
      context: ./
---
apiVersion: "pipelinesascode.tekton.dev/v1alpha1"
kind: Repository
metadata:
  name: project-repository-testrepo
  namespace: user-ns2
spec:
  url: "https://github.com/konflux-ci/testrepo"
---
apiVersion: "pipelinesascode.tekton.dev/v1alpha1"
kind: Repository
metadata:
  name: project-repository-anothertestrepo
  namespace: user-ns2
spec:
  url: "https://github.com/konflux-ci/anothertestrepo"

Finding the built images

After a pipeline completes with a built artifact, you may want to test the resulting image to ensure that it works properly. The IMAGE_URL Tekton result (discoverable from the UI or CLI) should be set to the pullspec for the image.

Konflux automatically deletes images built for PR pipelines five days after building them.

With the UI

All build PipelineRuns are visible in the Konflux UI. The location of these images in the OCI registry is reported on the Activity page.

Procedure

In the console, complete the following steps to find the image pullspec for a completed PipelineRun:

  1. Navigate to the Activity > Pipeline runs tab.

  2. For the component whose SBOM you want to view, select its most recent pipeline run.

  3. Find the Results section at the bottom of the page and look for the IMAGE_URL row. It should resemble quay.io/redhat-user-workloads/workspace-tenant/application/component:tag. You can use the IMAGE_DIGEST provided as an alternate mechanism for referencing the image.

With the CLI

After the build PipelineRuns are completed from git push events, the Components are updated with the location of the artifact in the OCI registry.

Prerequisites
  • Login to Konflux.

  • Install the jq CLI tool.

Procedure

In the CLI, complete the following steps to find the latest pullspec for a component:

  1. List your components.

    $ oc get components
    Example output
    NAME                               AGE   STATUS   REASON   TYPE
    devfile-sample-go-basic-8wqt       8m54s True     OK       Updated
    devfile-sample-python-basic-ikch   20d   True     OK       Updated
  2. Choose which component’s image you want to discover. Then use oc get and the jq CLI tool to get the component image path.

    $ oc get component <component name> -o json | jq '.status.containerImage'
  3. For convenience, you may want to save the image path to a local variable.

    Example:

    IMAGE=quay.io/redhat-user-workloads/workspace-tenant/application/component@sha256:<output omitted>