IBM Developer Blog

Follow the latest happenings with IBM Developer and stay in the know.

Helping developers drive consistency, security, reliability, and good design across IBM containerized software


Inside IBM, a large number of containerized software products are released every day. They are built with different personas, Kubernetes and Red Hat OpenShift cluster requirements, and install technologies. These products need to be consistent and feel like they all came from the same company, but an industry standard for the design of production-grade, Kubernetes software does not exist. By creating the IBM Kubernetes Certification process, my team helps developers drive consistency, security, reliability, and good design across IBM products.

If you develop containerized software, you likely relate to the importance of certification. All containerized software should complete a similar certification process since it gives a stamp of production grade readiness and security to customers.

Consistency does not happen by accident

There are many reasons to build a certification program, but the ones for the IBM Kubernetes Certification boil down to a simple goal: Deliver highly consistent Kubernetes software on Red Hat OpenShift. The IBM Kubernetes Certification squad aims to make good software great, and great software even better. While it is easy to build individual containers that run on Kubernetes, it is difficult to build secure, production-grade, Kubernetes-orchestrated, container applications the correct way. Combine this fact with a lack of industry standards for delivering secure, production-grade, Kubernetes software, and the problem becomes exponentially more difficult.

Kubernetes is still a relatively new technology, and it has a broad set of production-ready and non-production features. In the Kubernetes container world, many features are often regarded as bleeding edge. A Kubernetes application can take advantage of any number of these features. However, it is difficult for an application to ensure it is using the best, production-ready features (including many security features). Since IBM is moving most of its software products to containers and Kubernetes, it would be highly inefficient for each product development team to research and determine their own best practices. The result of this independent approach would be inconsistent products in terms of standards and usage, and many wasted hours of development time. Without a central governing certification program for container software, there is no chance of consistency across teams, and large amounts of time would be wasted across development cycles.

Objective of the IBM Kubernetes Certification

The objective of our certification process is to build world-class Kubernetes software. IBM is differentiating its products by using Kubernetes on Red Hat OpenShift to drive consistency, and by maturing content that delivers enterprise capabilities to clients. IBM certified content is making strides to deploy on OpenShift through operators. Managing Day-2 operations, air gap and disconnected network installations, enhanced OpenShift security features, and rich application version control are just a few of the benefits gained from an operator-based deployment of content.

The certification process drives consistency for all Kubernetes software that is built at IBM. Product teams intercept a central CI/CD pipeline for releases and complete a product assessment against a set of well-documented best practices, requirements, and guidance. The certification process matures Kubernetes content by continually raising the bar of our requirements in an agile and continuously integrated manner.

The IBM Kubernetes Certification approach

IBM Kubernetes Certification is intended for execution in the product design phase and it defines a guidepost for what secure and production-grade mean. This is an evolving set of architectural principles that are defined and managed by a separate IBM team of Kubernetes engineers. Consistent, opinionated use of Kubernetes is tracked through best practices, anti-practices, and common approaches across products, based on first-hand use of the platform.

The quality of certified Kubernetes software is assured by an independent IBM team of certification engineers. Kubernetes software offerings must annually undergo a full and complete certification with the certification engineers against the latest guidance. The certification process is agile and adopts continuous delivery practices, so every application change must happen through a continuous delivery certification cycle, which is separate from the annual certification. This agile certification approach ensures that Kubernetes software created at IBM can maintain compliance with every product shipment.

What is IBM Kubernetes Certification?

The IBM Kubernetes Certification program can be broken down into four core, foundational pillars: Production Grade, Security, Quality Assurance, and Lifecycle Management. The certification process yields a stamp of approval that the Kubernetes software is production ready. All certified content uses our opinionated stance on Kubernetes application architecture, and delivers secure, production-ready software to IBM clients.

As illustrated in the following table, each pillar of certification contains requirements. Each requirement has an explanation of what is required by teams, prescriptive guidance, technical implementation and reference links, and oftentimes, code examples. During the process, the certification team does not merely tell teams what to do, but how to do something and why they are doing it. It is beneficial for IBM product teams to understand why something must be done, and to see an example of what it looks like.

Production Grade Security Quality Assurance Lifecycle Management
  • Multicloud
  • Storage
  • Networking
  • Resiliency
  • Scalability
  • Self-healing
  • Recoverable
  • Vulnerability management
  • Limited security privilege
  • Secure access, keys, and certs
  • Network and data protection
  • Secrets and SPI
  • Security and privacy by design
  • Comprehensive testing
  • Architectures
  • OpenShift Container Platform versions
  • Currency
  • Airgap
  • Upgrades
  • Patch
  • Upgradeability
  • Rollback and restore
  • Backup and recovery
  • OpenShift Container Platform version alignment
  • Kubernetes currency
Consistency and Standards
  • Consistent packaging and publishing
  • Supporting Operators and Helm
  • Consistent entitlement management
  • Common management of open source software elements
  • UBI and Red Hat certified
  • Consistent use of OpenShift Container Platform and IBM Services
  • Approximately 200 code standards enforced
  • Governed best practices and anti-practices
Red Hat Certifications
  • Managed image common vulnerabilities and exposures (CVEs)
  • Packaging
  • Publishing
  • Trusted source
  • End-to-end support

Comparison of Red Hat Image and Operator Certification and IBM Kubernetes Certification

Red Hat provides two types of certifications, one for application images and another for the Operator. The Red Hat Image Certification process certifies that containers are built with the Red Hat Universal Base Images (UBI) and are free of vulnerabilities. Meanwhile, the Red Hat Operator Certification process certifies the Operator structure and Operator Lifecycle Manager (OLM) packaging. The IBM Kubernetes Certification process builds upon both of the Red Hat certification processes. It certifies the deployed Kubernetes topology and the use of the opinionated, best practices in the OpenShift Container Platform. These expanding circles of value are illustrated in the following diagram.

Concentric circle diagram with the Red Hat Image Certification as the center circle. The Red Hat Operator Certification is a middle ring around the center, and the IBM Kubernetes Certification is the outside ring of the diagram

Summary

By reading this high-level overview of the steps and qualifications of the IBM Kubernetes Certification process, you may be inspired to adopt a similar approach at your company, if you have not already done so. It is important for your product teams to understand your certification process and expectations, and integrate the process early in their development cycles. Kubernetes and OpenShift container management platforms are emerging as key technologies for IT modernization. It’s necessary to have a central team that certifies your content to reduce wasted or repeated development time, drive consistent and common components across your applications, ensure secure and production-grade software, and keep your software great.