Digital Developer Conference: Cloud Security 2021 -- Build the skills to secure your cloud and data Register free

Certify your container image with Red Hat container certification

For your application to run well in Kubernetes and Red Hat OpenShift, you need to build an image with qualities that will make its containers run well. Getting your container certified through Red Hat Container Certification signals to users of your container that it is secure, supported, and trustworthy, and that your applications will run properly and consistently across any of OpenShift’s supported platforms, including bare metal and cloud.

Read more: Learn more about why Red Hat certification is important.

This guide walks you through getting a container image certified by Red Hat. Because Red Hat documentation is the best source of information, this guide points you to the right documentation and also highlights some steps to watch out for that could hinder you from getting your container certified.

A note about operators: If you plan to produce an operator and this image is the operand, it will get certified as part of operator certification. You aren’t required to certify the container separately unless you want to in order to make sure your image is good while you work on building your operator.

Configure your Red Hat Technology Partner account

The first step in applying for container certification from Red Hat is to create and configure a Red Hat Technology Partner account. To do so, log in via the Certified Technology portal and create an account.

Accept all licenses

During your account creation process, you will be prompted to accept three licenses. You need to accept one additional license for the Container Program Appendix.

To do so, in your Technology Portal navigate to “My Company > View user agreements > View and accept” where you can select to accept the “Container Program Appendix”.

Create a project

To certify your container, you need to create a project where you will push your conatiner image.

A few things to note:

  • The first time you create a project, from the Certified Technology Portal navigate to “Zones & Resources > Red Hat OpenShift and Containers” and select Join to join the zone. From there you can either click Certify or go to “Product & Certification > Manage Projects”.
  • For container certification you will choose “container image”. You will be prompted to choose a project name, publishing registry, and base operating system. In the example below, I use a Red Hat Universal Base Image.

Follow these instructions to create your project: Creating a container application project.

Requirements for certification

The Design, build, and deploy universal application image learning path details key elements you need to include in your image in order for it to pass Red Hat certification. These include:

Refer to Red Hat’s documentation for information on how to choose packages and dependencies that are safe:

Configure the project with your image

Once you’ve included all the required information in your image, you need to push your tested image to a project. You can either push an image that you’ve built or configure a build service that will find your Dockerfile in your repo and build the image for you.

For the push image Manually, You will have to go to the project creation or project “push image manually” to get the registry key.

In either case, after you load the image into the project, Red Hat automatically begins to scan the image for certification.

For example:

# Login to the RH registry, for mac users add the -password-stdin <registry key>
$ docker login -u unused scan.connect.redhat.com

# Tag container
$ docker tag [image-id] scan.connect.redhat.com/<repo id>/[image-name]:[tag]

# Push the iamge to the RH registry
$ docker push scan.connect.redhat.com/<repo id>/[image-name]:[tag]

Once the image is added, you will see it populate to the project list and begin scanning. The scan can take several hours to run depending on the images and applications. If the container fails certification, you will receive a full list of faults for you to correct before resubmitting your container for certificaiton.

Additional resources

Check out these links for additional information about Red Hat certification.