Verifying and accessing TSF

After the deployment completes, access the service UIs and verify that all TSF components are running correctly. If you encounter issues, see Troubleshooting TSF installation.

Access the Konflux UI

Access the Konflux web interface to verify that the deployment succeeded and to begin onboarding applications to TSF.

Prerequisites

You have completed the TSF deployment.
You have the Konflux UI URL from the deployment output.

Steps

Open the Konflux UI URL in a web browser.

If you did not save the URL from the deployment output, retrieve it from the OCP route:
```
KONFLUX_URL=$(oc get route -n konflux-ui -l app.kubernetes.io/part-of=konflux-ui -o jsonpath='{.items[0].spec.host}')
echo "Konflux UI: https://$KONFLUX_URL"
```
The route name is auto-generated and varies per deployment. The command above uses a label selector to retrieve the correct route.
On the OCP login page, enter your credentials and click Log in.
On the Authorize Access page, the dex-client service account in the konflux-ui project requests permission to access your account. Review the requested permissions:
- user:info — read-only access to your user information, including username, identities, and group membership.
Click Allow selected permissions.

Verification

The Konflux dashboard loads and displays the landing page with options to view your namespaces and access the Release Monitor Board.

Deployed components

The TSF installer deploys the following components to your OCP cluster. Each component runs in its own namespace and is managed by a Helm chart.

Component Namespace Helm chart Description

Component	Namespace	Helm chart	Description
Red Hat Cert-Manager Operator	`cert-manager-operator`	`tsf-cert-manager`	Manages application certificate lifecycle.
Red Hat build of Keycloak	`tsf-keycloak`	`tsf-infrastructure`	Provides identity management and single sign-on.
Konflux Operator	`konflux-operator`	`tsf-subscriptions`	Provides the custom resource definitions for the build system.
Konflux UI	`konflux-ui`	`tsf-konflux`	Provides the web interface for managing applications and builds.
Red Hat OpenShift Pipelines	Managed subscription	`tsf-subscriptions`	Provides Tekton-based CI/CD pipelines.
Red Hat Trusted Artifact Signer	`tsf-tas`	`tsf-tas`	Provides cryptographic signing and verification of software artifacts using Fulcio, Rekor, and TUF services.
Red Hat Trusted Profile Analyzer	`tsf-tpa`	`tsf-infrastructure`	Analyzes software bills of materials (SBOMs) and vulnerability data.
Quay integration	`tssc-quay`	Integration configuration	Stores credentials for pushing container images to Quay.io.

Red Hat Cert-Manager Operator

cert-manager-operator

tsf-cert-manager

Manages application certificate lifecycle.

Red Hat build of Keycloak

tsf-keycloak

tsf-infrastructure

Provides identity management and single sign-on.

Konflux Operator

konflux-operator

tsf-subscriptions

Provides the custom resource definitions for the build system.

Konflux UI

konflux-ui

tsf-konflux

Provides the web interface for managing applications and builds.

Red Hat OpenShift Pipelines

Managed subscription

tsf-subscriptions

Provides Tekton-based CI/CD pipelines.

Red Hat Trusted Artifact Signer

tsf-tas

Provides cryptographic signing and verification of software artifacts using Fulcio, Rekor, and TUF services.

Red Hat Trusted Profile Analyzer

tsf-tpa

tsf-infrastructure

Analyzes software bills of materials (SBOMs) and vulnerability data.

Quay integration

tssc-quay

Integration configuration

Stores credentials for pushing container images to Quay.io.

The installer also creates the following supporting namespaces:

cert-manager
konflux-cli
konflux-info
openshift-storage
rhbk-operator
rhtpa-operator
tsf

Next step

Proceed to Getting started with TSF to onboard your first application.