Red Hat Container Support Policy

Updated -

Purpose

This document describes how Red Hat provides support for different combinations of underlying container technologies. This policy builds upon the Red Hat support policy on third party software and is specific to the technologies shipped with two main products:

  1. Red Hat OpenShift - a full enterprise distribution of Kubernetes & Linux delivered as a solution. Red Hat Enterprise Linux CoreOS is included as a fully managed component within the Kubernetes cluster.
  2. Red Hat Enterprise Linux (RHEL) - a fully customizable Container Host including Container Engine, Container Runtime, Container Images, and Linux kernel built and tested together.

OpenShift is designed and deployed as a solution for clustered ( orchestrated or distributed systems) use cases, while Red Hat Enterprise Linux is a solution for stand alone nodes or as part of an OpenShift cluster. This document focuses on individual underlying technology combinations. For information on the total clustered solution, please review the OpenShift Container Platform Support Policy.

Support Policy Overview

Red Hat provides support for a number of underlying component technologies. Combinations of these technologies can be used by customers to run and manage a fully supported container infrastructure. Red Hat supports these technologies within the following contexts:

  • Container Orchestration - delivered with Red Hat OpenShift as a container platform integrating Kubernetes for orchestration with Linux (RHEL CoreOS or RHEL) as well as management and application services.
  • Container Hosts - RHEL, RHEL CoreOS, and RHEL Atomic
  • Container Images - based on Red Hat Enterprise Linux or Red Hat Universal Base Image (UBI), Red Hat provides three main options (minimal, standard, multi-service) as well as full applications and layered products built on these base images.

The underlying technology can be thought of as layers in an integrated and tested software stack. The level of support is determined by the underlying components used in each layer of the stack. Following these guidelines will ensure that customers have a supportable container environment - including orchestration, hosts, and images. By engineering, testing, delivering and supporting a complete stack, Red Hat ensures our customers can use this technology with confidence throughout the committed product life cycle.

This image shows the levels of support as a stack.

For readability, this document is organized into sections based on Container Image & Container Platform (Container Orchestration, Container Hosts).

How Red Hat Supports Your Container Images

Red Hat provides a variety of Container Images suited to be used as base, middleware, and application Container Images available through the Red Hat Container Catalog:

  • Base Images - used solely for the purpose of being a foundation to build on. The Red Hat Universal Base Image (UBI) is available in three flavors - standard, minimal, and multi-service.
  • Language Runtimes & Frameworks - prebuilt Container Images such as PHP, Python, Ruby, NodeJS, and others. These can be used directly by developers to build applications without the installation of additional software. While not technically base images themselves, this category of Container Images incorporates the base image and can be built upon.
  • Application Images - prebuilt Container Images which are not themselves a base image. This category of Container Images incorporates the base image and provides an application or service as part of a Red Hat or an ISV product.

To be eligible for the support of Container Images outlined in this policy, customers are required to operate a supported Container Platform, covered with appropriate support subscriptions. Container Platform support details can be found in the following section.

This image shows the levels of support as a stack.

Support for Container Base Images

Red Hat provides customers with a Universal Base Image (UBI) which has been specifically engineered and tested to be the foundation for building application images. In addition, Red Hat provides tooling to allow customers to extend these base images as well as create custom base or application images. Red Hat recommends using the Red Hat Universal Base Image for all future needs, but continues to offer and support Red Hat Enterprise Linux 7 base images to meet ABI/API exceptions until the end of the RHEL 7 lifecycle. UBI 7 and RHEL 7 deliver identical technical functionality and package content. This section applies to both UBI and the Red Hat Enterprise Linux 7 base images.

Red Hat fully supports the use of UBI images, or Container Images based on UBI, when running a supported Container Platform along with a valid support subscription. The level of support provided is subject to documented usage guidance and in accordance with the Red Hat Enterprise Linux product life cycle 2 3. The container support policy applies to all varieties of Red Hat Universal Base Image, regardless of the variant: standard, minimal or multi-service. For Container Images based on UBI, Red Hat support is limited to the Red Hat components included in the combined Container Image.

All images shipped as part of UBI are OCI compliant, redistributable per the terms of our EULA, and are potentially capable of running on non-Red Hat platforms. Red Hat provides updates for UBI which can be accessed without the need for a product subscription, this content is a subset of the current packages available in RHEL and Software Collections (SCL). Red Hat does not perform any testing and validation of UBI on a non-Red Hat stack, no commercial support is available for running UBI without a RHEL or OpenShift subscription on a Red Hat supported Container Platform. Customers with an appropriate support subscription continue to have access to all RHEL lifecycle content which can be added into their images in accordance with the guidance below.

Extending Container Images

Base Container Images provide an immutable foundation which can be built upon for packaging and shipping applications and services. Red Hat supports extending UBI base images through the addition or upgrading of packages from the publicly available Red Hat UBI, or RHEL-entitled software repository. The UBI content availability article outlines which content is made available as part of UBI, this is governed by the RHEL Enterprise Lifecycle.

This table provides examples of operations which may be carried out on a base image, and what Red Hat does or does not support.

If a customer makes these changes . . . Then Red Hat has this policy . . .
Installs additional packages to a running container. Red Hat supports the installation of individual packages shipped by Red Hat from either a UBI or a RHEL customer entitled software repository.
Installs additional packages to a Container Image using build tools. Red Hat supports the process of extending base images using the tooling shipped with RHEL under the following conditions:

  • Podman, Buildah and OpenShift are the only supported tools 1
  • RPM or YUM should be used to install packages
  • Packages are shipped by Red Hat from UBI repositories or a customer entitled software channel
  • Red Hat may request a copy of the build commands to assist with the images.
Rebuilds base images, either by adding or removing packages from a customer entitled Red Hat channel. Red Hat supports the creation of these base images per the methods of package installation outlined above. Red Hat does not support the newly created custom base image as an output artifact.

Red Hat may request a copy of the build instructions to understand how an image was built. In general, adding or removing packages should follow normal rpm and yum conventions.

Installs or configures other Red Hat products into a container base image. Red Hat does not support this activity.

Wherever possible, Red Hat strives to build, test and distribute its products in a containerized format. Please review the Red Hat product documentation to understand possible deployment configurations, including containerization.

Support for Application Images

For the purpose of this policy, application images are those which are not solely a base Container Image and have been built to provide specific functionality by a vendor, which could include Red Hat, an ISV or the community.

Application Container Images are conventionally engineered, built, and shipped to be immutable. As such it is not always desired to extend the contents of these Container Images, but instead request from a provider an updated Container Image which may include required enhancements, security or bug fixes.

Specific scenarios may determine the need for modifications of an application Container Image. Red Hat supports the extension of UBI images with Red Hat content; this is limited to the scope outlined in the previous section, it requires the Container Image is built using UBI as the base Container Image, and can be identified as such using the Container Image metadata. Modification of a Container Image may void your entitlement to support from the supplying third party vendor. Always check before proceeding with changes.

The scope of support for running and modifying application Container Images is subject to the supplying vendor. The following table outlines how Red Hat supports the use of Container Images when built on UBI.

If a customer is running this combination of Container Image on a Container Platform Then Red Hat has this policy . . .
Red Hat product Container Image running on a Red Hat Supported Container Platform (eg Red Hat Gluster Storage on RHEL w/Podman) Red Hat supports this scenario. Red Hat does not support modification of the Container Image unless otherwise outlined in the Support Policies for the given product.
Red Hat Certified ISV partner product image running on a RH provided Container Platform Similar to Red Hat product Container Images, ISV Images are certified and supported in their cohesive and immutable manner. Neither Red Hat nor the ISV support end user modifications of these images. Any modifications from an ISV would require re-certification.

Red Hat will assist customers in problem analysis to determine whether a technical issue is related to ISV content, and leverage TSANet to work with the supplying vendor directly for product related issues.

Customers requiring assistance with usage or configuration of an ISV solution should ensure they have a commercial support contract and directly work with the supplying vendor.

ISV partner product image (not Red Hat Certified) running on a Red Hat Supported Container Platform When the base layer uses Red Hat UBI, Red Hat supports the use and extension of the UBI layer. The installation or upgrade of packages on the base layer may impact the validity of support from the ISV and the function of the application. See the Third Party Support Policy.

Red Hat will assist customers in problem analysis to determine whether a technical issue is related to ISV content, technical support is limited only to the UBI layer and Red Hat content.

Container Image built in the Open Source Community, based on Red Hat UBI running on a Red Hat Supported Container Platform When the Container Image is built using UBI, Red Hat supports only the use and operations of the UBI layer. Modifications of the base layer may impact the function of the application.

Support is not provided for the Open Source Community application or Container Image as a cohesive unit.

Container Image running on a Red Hat Supported Container Platform which does not include any Red Hat shipped components Red Hat provides no support beyond the starting of an OCI compliant Container Image purposed for running on a Red Hat Container Platform.

How Red Hat Supports Your Container Platform

Red Hat provides the software required for use as a Container Platform. This is available and can be deployed in two variants; as a non-orchestrated container stack (single node), or as an orchestrated container stack (multiple nodes or cluster).

  1. Red Hat provides a supported standalone, non-orchestrated stack with the Red Hat Enterprise Linux subscription. This includes RHEL, a Container Engine & runtime.
  2. Red Hat provides a supported Container Orchestration stack with the OpenShift subscription, or an add-on subscription to RHEL, which includes Container Host (operating system, Container Engine & runtime), Container Images, registry server and Container Orchestration.

Whether an orchestrated or non-orchestrated deployment, the level of support coverage for the Container Platform and Container Image is additive, this means it is determined up to the point to which non-Red Hat shipped software is introduced to provide functionality for a given layer; Container Host, Container Engine & Runtime, and Container Orchestration. The following outlines how the Container Platform stack is composed with the technologies shipped by Red Hat.

This image shows the levels of support as a stack.

If a customer has these Red Hat components . . . And these non-Red Hat components . . . Red Hat supports . . .
- Red Hat Enterprise Linux A non-Red Hat-provided Container Engine or runtime
Example: Upstream docker
  • The base operating system only
  • Not the Container Engine, the containers, or the applications running on those containers
- Red Hat Enterprise Linux
- Red Hat-provided Container Engine
A non-Red Hat-provided Container Orchestration platform
Example: Upstream kubernetes
  • The base operating system and the Container Engine only
  • Not the Container Orchestration platform
  • Not the containers under the management of the orchestration platform
  • No third party Container Runtimes will be supported
  • Red Hat will support containers run directly via the provided Container Engine, per a non-orchestrated stack

Red Hat will support this as if it was a standalone, non-orchestrated system; ensuring that the Container Engine is launching the container as it is supposed to. But support does not extend into operations of the orchestration platform or any container launched by it.

- Red Hat OpenShift, including
- Red Hat Enterprise Linux or Red Hat Enterprise Linux CoreOS
- Red Hat-provided Container Engine
A non-Red Hat-provided Container Image or Container Image which is not built using Red Hat UBI
  • The base operating system, the Container Engine, and Red Hat OpenShift only
  • Red Hat supports the ability to run and manage non-Red Hat-provided Container Images via OpenShift, support does not extend into the content or behavior of these images/containers nor the applications.

Red Hat will ensure that the Container Engine and OpenShift are launching the containers as intended. Support does not extend into the operation of the container if it is not provided by Red Hat or built using Red Hat UBI. More information on Container Image support is outlined above.


  1. Support for the docker package shipped in RHEL Extras remains for Red Hat Enterprise Linux 7, per the extras support and life cycle policy 

  2. Red Hat UBI repositories are available and supported for use only with Red Hat UBI based containers 

  3. Red Hat UBI is governed by the Red Hat Enterprise Linux life cycle. Content made available through Red Hat UBI is outlined in the following article

Comments