Red Hat Container Support Policy
Purpose
This document describes how Red Hat provides support for different combinations of underlying container technologies. This policy builds upon the Red Hat support policy on third party software and is specific to the technologies shipped with two main products:
- Red Hat OpenShift - a full enterprise distribution of Kubernetes & Linux delivered as a solution. Red Hat Enterprise Linux CoreOS is included as a fully managed component within the Kubernetes cluster.
- Red Hat Enterprise Linux (RHEL) - a fully customizable Container Host including Container Engine, Container Runtime, Container Images, and Linux kernel built and tested together.
OpenShift is designed and deployed as a solution for clustered ( orchestrated or distributed systems) use cases, while Red Hat Enterprise Linux is a solution for stand-alone nodes or as part of an OpenShift cluster. This document focuses on individual underlying technology combinations. For information on the total clustered solution, please review the OpenShift Container Platform Support Policy.
Support Policy Overview
Red Hat provides support for a number of underlying component technologies. Combinations of these technologies can be used by customers to run and manage a fully supported container infrastructure. Red Hat supports these technologies within the following contexts:
- Container Orchestration - delivered with Red Hat OpenShift as a container platform integrating Kubernetes for orchestration with Linux (RHEL CoreOS or RHEL) as well as management and application services.
- Container Hosts - RHEL and RHEL CoreOS
- Container Engines - CRI-O, docker1, Podman, and Buildah.
- Container Runtimes - runc and crun
- Container Images - based on Red Hat Enterprise Linux or Red Hat Universal Base Image (UBI), Red Hat provides four main options (standard, micro, minimal, multi-service) as well as full applications and layered products built on these base images.
The underlying technology can be thought of as layers in an integrated and tested software stack. The level of support is determined by the underlying components used in each layer of the stack. Following these guidelines will ensure that customers have a supportable container environment - including orchestration, hosts, and images. By engineering, testing, delivering and supporting a complete stack, Red Hat ensures our customers can use this technology with confidence throughout the committed product life cycle.
For readability, this document is organized into sections based on Container Image & Container Platform (Container Orchestration, Container Hosts).
How Red Hat Supports Your Container Images
Red Hat provides a variety of Container Images suited to be used as a base, middleware, and application Container Images available through the Red Hat Container Catalog:
- Base Images - used solely for the purpose of being a foundation to build on. The Red Hat Universal Base Image (UBI) is available in four flavors - standard, micro, minimal, and multi-service.
- Language Runtimes & Frameworks - prebuilt Container Images such as PHP, Python, Ruby, NodeJS, and others. These can be used directly by developers to build applications without the installation of additional software. While not technically base images themselves, this category of Container Images incorporates the base image and can be built upon.
- Application Images - prebuilt Container Images which are not themselves a base image. This category of Container Images incorporates the base image and provides an application or service as part of a Red Hat or an ISV product.
To be eligible for the support of Container Images outlined in this policy, customers are required to operate a supported Container Platform, covered with appropriate support subscriptions. Container Platform support details can be found in the following section.
Support for Container Base Images
Red Hat provides customers with a Universal Base Image (UBI) which has been specifically engineered and tested to be the foundation for building application images. In addition, Red Hat provides tooling to allow customers to extend these base images as well as create a custom base or application images. Red Hat recommends using the Red Hat Universal Base Image for all future needs, but continues to offer and support Red Hat Enterprise Linux 7 base images to meet ABI/API exceptions until the end of the RHEL 7 lifecycle. UBI 7 and RHEL 7 deliver identical technical functionality and package content. This section applies to both UBI and the Red Hat Enterprise Linux 7 base images.
Red Hat fully supports the use of UBI images, or Container Images based on UBI, when running a supported Container Platform along with a valid support subscription. The level of support provided is subject to documented usage guidance and in accordance with the Red Hat Enterprise Linux product life cycle 2 3. The container support policy applies to all varieties of Red Hat Universal Base Image, regardless of the variant: standard, micro, minimal or multi-service. For Container Images based on UBI, Red Hat support is limited to the Red Hat components included in the combined Container Image.
All images shipped as part of UBI are OCI compliant, redistributable per the terms of our EULA, and are capable of running on non-Red Hat platforms. Red Hat provides updates for UBI which can be accessed without the need for a product subscription, this content is a subset of the current packages available in RHEL and Software Collections (SCL). Customers with an appropriate support subscription continue to have access to all RHEL life cycle content which can be added into their images in accordance with the guidance below.
Extending Container Images
Base Container Images provide an immutable foundation which can be built upon for packaging and shipping applications and services. Red Hat supports extending UBI base images through the addition or upgrading of packages from the publicly available Red Hat UBI, or RHEL-entitled software repository. The UBI content availability article outlines which content is made available as part of UBI, this is governed by the RHEL Enterprise Lifecycle.
This table provides examples of operations which may be carried out on a base image, and what Red Hat does or does not support.
| If a customer makes these changes . . . | Then Red Hat has this policy . . . |
|---|---|
| Installs additional packages to a running container. | Red Hat supports the installation of individual packages shipped by Red Hat from either a UBI or a RHEL customer entitled software repository. |
| Installs additional packages to a Container Image using build tools. | Red Hat supports the process of extending base images using the tooling shipped with RHEL under the following conditions:
|
| Rebuilds base images, either by adding or removing packages from a customer entitled Red Hat channel. | Red Hat supports the creation of these base images per the methods of package installation outlined above. Red Hat does not support the newly created custom base image as an output artifact.
Red Hat may request a copy of the build instructions to understand how an image was built. In general, adding or removing packages should follow normal rpm and yum conventions. |
| Installs or configures other Red Hat products into a container base image. | Red Hat does not support this activity.
Wherever possible, Red Hat strives to build, test and distribute its products in a containerized format. Please review the Red Hat product documentation to understand possible deployment configurations, including containerization. |
Support for Application Images
For the purpose of this policy, application images are those which are not solely a base Container Image and have been built to provide specific functionality by a vendor, which could include Red Hat, an ISV or the community.
Application Container Images are conventionally engineered, built, and shipped to be immutable. As such it is not always desired to extend the contents of these Container Images, but instead request from a provider an updated Container Image which will include required enhancements, security or bug fixes.
Specific scenarios may determine the need for modifications of an application Container Image. Red Hat supports the extension of UBI images with Red Hat content; this is limited to the scope outlined in the previous section, it requires the Container Image is built using UBI as the base Container Image, and can be identified as such using the Container Image metadata. Modification of a Container Image may void your entitlement to support from the supplying third party vendor. Always check before proceeding with changes.
The scope of support for running and modifying application Container Images is subject to the supplying vendor. The following table outlines how Red Hat supports the use of Container Images when built on UBI.
| If a customer is running this combination of Container Image on a Container Platform | Then Red Hat has this policy . . . |
|---|---|
| Red Hat product Container Image running on a Red Hat Supported Container Platform (eg Red Hat Gluster Storage on RHEL w/Podman) | Red Hat supports this scenario. Red Hat does not support modification of the Container Image unless otherwise outlined in the Support Policies for the given product. |
| Red Hat Certified ISV partner product image running on a RH provided Container Platform | Similar to Red Hat product Container Images, ISV Images are certified and supported in their cohesive and immutable manner. Neither Red Hat nor the ISV support end user modifications of these images. Any modifications from an ISV would require re-certification.
Red Hat will assist customers in problem analysis to determine whether a technical issue is related to ISV content, and leverage TSANet to work with the supplying vendor directly for product-related issues. Customers requiring assistance with usage or configuration of an ISV solution should ensure they have a commercial support contract and directly work with the supplying vendor. |
| ISV partner product image (not Red Hat Certified) running on a Red Hat Supported Container Platform | When the base layer uses Red Hat UBI, Red Hat supports the use and extension of the UBI layer. The installation or upgrade of packages on the base layer may impact the validity of support from the ISV and the function of the application. See the Third Party Support Policy.
Red Hat will assist customers in problem analysis to determine whether a technical issue is related to ISV content, technical support is limited only to the UBI layer and Red Hat content. |
| Container Image built in the Open Source Community, based on Red Hat UBI running on a Red Hat Supported Container Platform | When the Container Image is built using UBI, Red Hat supports only the use and operations of the UBI layer. Modifications of the base layer may impact the function of the application.
Support is not provided for the Open Source Community application or Container Image as a cohesive unit. |
| Container Image running on a Red Hat Supported Container Platform which does not include any Red Hat shipped components | Red Hat provides no support beyond the starting of an OCI compliant Container Image purposed for running on a Red Hat Container Platform. |
How Red Hat Supports Your Container Platform
Red Hat provides the software required for use as a Container Platform. This is available and can be deployed in two variants; as a non-orchestrated container stack (single node), or as an orchestrated container stack (multiple nodes or cluster).
- Red Hat provides a supported standalone, non-orchestrated stack with the Red Hat Enterprise Linux subscription. This includes RHEL, a Container Engine & runtime.
- Red Hat provides a supported Container Orchestration stack with the OpenShift subscription, or an add-on subscription to RHEL, which includes Container Host (operating system, Container Engine & runtime), Container Images, registry server and Container Orchestration.
Whether an orchestrated or non-orchestrated deployment, the level of support coverage for the Container Platform and Container Image is additive, this means it is determined up to the point to which non-Red Hat shipped software is introduced to provide functionality for a given layer; Container Host, Container Engine & Runtime, and Container Orchestration. The following outlines how the Container Platform stack is composed of the technologies shipped by Red Hat.
| If a customer has these Red Hat components . . . | And these non-Red Hat components . . . | Red Hat supports . . . |
|---|---|---|
| - Red Hat Enterprise Linux | A non-Red Hat-provided Container Engine or runtime Example: Upstream docker |
|
| - Red Hat Enterprise Linux - Red Hat-provided Container Engine |
A non-Red Hat-provided Container Orchestration platform Example: Upstream kubernetes |
Red Hat will support this as if it was a standalone, non-orchestrated system; ensuring that the Container Engine is launching the container as it is supposed to. But support does not extend into operations of the orchestration platform or any container launched by it. |
| - Red Hat OpenShift, including - Red Hat Enterprise Linux or Red Hat Enterprise Linux CoreOS - Red Hat-provided Container Engine |
A non-Red Hat-provided Container Image or Container Image which is not built using Red Hat UBI |
Red Hat will ensure that the Container Engine and OpenShift are launching the containers as intended. Support does not extend into the operation of the container if it is not provided by Red Hat or built using Red Hat UBI. More information on Container Image support is outlined above. |
-
Support for the docker package shipped in RHEL Extras remains for Red Hat Enterprise Linux 7, per the extras support and life cycle policy ↩︎
-
Red Hat UBI repositories are available and supported for use only with Red Hat UBI based containers ↩︎
-
Red Hat UBI is governed by the Red Hat Enterprise Linux life cycle. Content made available through Red Hat UBI is outlined in the following article. ↩︎
Comments