Chapter 1. Introduction to Red Hat OpenShift certification policies

The Red Hat Openshift certification policy guide covers the technical and operational certification requirements to obtain and maintain Red Hat certification for a software product on Red Hat OpenShift.

To know the test requirements and procedure for achieving this certification, see the Red Hat Software certification workflow guide.

1.1. Audience

Red Hat OpenShift certification is offered to commercial software vendors that deliver cloud-native software products targeting Red Hat OpenShift as the deployment platform.

1.2. Create value for customers

The certification process allows partners to continuously verify if their product meets Red Hat standards of interoperability, security, and life cycle management when deployed on Red Hat OpenShift.

Our customers benefit from a trusted application and infrastructure stack, tested and jointly supported by Red Hat and the Partner.

1.3. Targeted products for certification

Certification is available for products that target Red Hat OpenShift as their deployment platform. Red Hat recommends that you manage the product’s life cycle by using technology native to Kubernetes, such as Operators or Helm charts, because they deliver a user experience that is closely integrated with Red Hat OpenShift. For these two options, certification covers the packaging format and compatibility with the Red Hat OpenShift tools. If the partner’s product uses a different technology for installation and upgrades, certification will be limited to the container images.

Products that deliver infrastructure services for Red Hat OpenShift, storage services provided through a CSI driver or networking services integrated via a CNI plugin require tight integration with the platform’s life cycle management. So they must be managed by an Operator and demonstrate compliance with the corresponding Kubernetes APIs.

A specialized certification is also available for cloud-native network functions for the Telecommunications market.

Additional resources

1.4. Red Hat Openshift certification prerequisites

  • Join the Red Hat Partner Connect program.
  • Accept the standard Partner Agreements along with the terms and conditions specific to containerized software.
  • Enter basic information about your company and the products you wish to certify through the Red Hat Partner Connect portal.
  • Support OpenShift as a platform for the product being certified and establish a support relationship with Red Hat. You can do this through the multi-vendor support network of TSANet, or through a custom support agreement.

Additional resources

1.5. Supported Red Hat OpenShift versions

Red Hat OpenShift software certification is available for releases of Red Hat OpenShift v4.x which are in the Full, Maintenance or Extended Update Support (EUS) life cycle phases.

Additional resources

1.6. Supported architectures

Certification is available for all supported architectures for Red Hat OpenShift Container Platform v4.x releases. At present this includes x86_64, s390x, ppc64, and aarch64.

Certifications are awarded to a single architecture. Apply for multiple certifications if your product supports more than one architecture.

1.7. Certification lifecycle

Kubernetes innovates at a rapid pace, and it reflects in the fast cadence of OpenShift. It is important to approach OpenShift testing and certification as a continuous process to ensure ongoing interoperability and support for customers as they handle both platform and application updates. Partners are responsible for testing their product with each claimed Red Hat OpenShift Container Platform (RHOCP) v4.x release and each upgrade path that their software supports.

Red Hat strongly recommends running the certification tests on the latest Red Hat OpenShift minor version that you support and claim.

Certifications remain valid while the corresponding Red Hat OpenShift Container Platform (RHOCP) v.4 releases are in the Full Support or Maintenance phase of the RHOCP lifecycle. Certifications and the associated products remain published until the certifications are no longer valid or the Red Hat product gets retired from the catalog.

1.7.1. Recertification

Recertify your products in the following scenarios:

  • Your product supports a different version of RHOCP
  • Your product has changed how it is installed or upgraded
  • Your product has functionality changes, or includes new functionality

Red Hat expects you to check and verify if the product is compatible with new minor releases of Red Hat OpenShift 4.x as they become available.

For security reasons, update and recertify your product components regularly. For example, recertify your containers regularly, to scan new images for vulnerabilities and mitigate security risks.

Red Hat provides multiple mechanisms to monitor certified containers published to the Red Hat ecosystem for critical vulnerabilities (CVEs) that allow certified containers to be continuously monitored to identify any critical vulnerabilities (CVEs) in the Red Hat content. These mechanisms will help you determine when to rebuild and recertify.

Additional resources

1.8. Software dependencies

A key benefit of Red Hat Certification is support. Ensure to check if you in coordination with Red Hat, support all the software necessary for customers to deploy and utilize your software on RHOCP.

1.9. Functional verification

You must ensure that your product, with the same packages and components that you submitted for certification, works with the configurations supported by RHOCP.

Ensure your product does not make any modifications to the RHOCP stack, including the host operating system, other than configuration changes that are covered in the product documentation. Unauthorized changes can impact the support from Red Hat.

Red Hat encourages you to check that your product is capable of running on any node in a OpenShift cluster, regardless of the type of Red Hat OpenShift deployment (bare metal, virtual environment, or cloud service), installation process (IPI or UPI), or cluster size. If there are any limitations due to dependencies on hardware components, public cloud services, or any other cluster configuration requirements, these should be mentioned in the product’s documentation which should be linked to your product catalog listing.

Additional resources

1.10. Security contexts

To reduce security risks, ensure that your products run in the most restrictive Security Context Constraint (SCC). For example, restricted-v2 for Red Hat OpenShift 4.12. If the product requires additional privileges, Red Hat recommends using the most restrictive SCC that provides the right capabilities. This configuration information should be included as part of the product documentation, and the certification tests must be conducted using the same security settings that are recommended for end users.

Additional resources

1.11. Publishing to Red Hat Ecosystem Catalog

Upon successful completion of Red Hat OpenShift Software Certification an entry will be published to the Red Hat Ecosystem Catalog. This will include a product entry and relevant information collected as part of the process.

Additionally, products managed by Operators or Helm charts will also be included in the corresponding certified Operator index or the Helm chart repository, to facilitate installation and upgrades. Both are presented to Red Hat OpenShift users through the OpenShift console.

You can opt out of being published in the Red Hat index if it is not compatible with your software distribution model. You are responsible for testing the alternate distribution and update processes, which must be included in your product documentation.

After successful certification your product is published on the Red Hat Ecosystem Catalog. Contact the Red Hat certification team, if you want to remove the certified products or certification from the catalog.