Power RHEL virtual machine (VM) with Red Hat subscription enabled.
It will take you approximately 3 to 4 hours to complete the full certification process, and a couple of additional days to get the export compliance and distribution approval from Red Hat.
The certification process has three parts: Certification on-boarding, certification testing, and certification publishing.
Refer to Chapter 4. Red Hat Enterprise Linux Software certification of the "Red Hat Software Certification Quick Start Guide" for additional guidance.
-
Build your container image. Consider the following requirements for content, metadata, and maintenance when building a container image. For example:
The content requirements recommend that the image:
- Be declared and run as non-root user
- Use a UBI image as the base
- Contain a “licenses” directory, and not contain components with critical CVEs
The metadata requirements recommend that the image should have labels for:
- Image Name
- Company Name
- Version
- Release
- Summary
- Description
The maintenance requirements state that partners are responsible for monitoring the health status of the published container. The container should be rebuilt periodically and kept up to date and submitted for re-certification and publication whenever there is a security update or new functionality is added.
More specific details are documented in Chapter 2 of the Red Hat Software Certification Quick Start Guide on the Red Hat Customer Portal
-
Get access to your API key or token. The API keys are associated with your Red Hat Partner Account. After you are successfully log into your account, navigate to Product Certification > Container API Keys as shown in the following image.
-
Click Generate new key to generate an API Key.
Note: Since the account is shared across your organization, it is possible that you have already hit the maximum limit of 10 keys, and might get the following error. Contact the manager of your account to get access to an existing shared API key.
-
Upload your container image. Push your image to Red Hat's inbound certification registry where it will be automatically scanned. The detailed steps for tagging and pushing the container can be found on your Project page in the Images tab.
You will see the following page:
-
Setup and run the preflight certification utility, which is a command line tool to verify that the submitted containers meet the minimum requirements for Red Hat Software Certification.
-
More details about the preflight certification utility can be found here, https://github.com/redhat-openshift-ecosystem/openshift-preflight, and it can be downloaded from here, https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases.
-
Upload your container to any public or private container registry.
-
Run the preflight utility on your image and resolve the issues.
preflight check container \
registry.example.org/<namespace>/<image_name>:<image_tag>
-
Retest to check if any issues persist. These issues would generally arise if the requirements, as specified in the “Build your container image” section above are not completely met, especially those related to the content and metadata aspects. For example, an error like below can be seen if the “licenses” directory is missing.
"failed": [
{
"name": "HasLicense",
"elapsed_time": 0,
"description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses",
"help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.",
"suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.",
"knowledgebase_url": "https://connect.redhat.com/zones/containers/container-certification-policy-guide",
"check_url": "https://connect.redhat.com/zones/containers/container-certification-policy-guide"
}
],
"errors": []
}
}
time="2022-05-03T05:53:10-05:00" level=info msg="Preflight result: FAILED"
-
Submit the certification results to Red Hat Partner Connect.
preflight check container \ registry.example.org/<namespace>/<image_name>:<image_tag> \ --submit \ --pyxis-api-token=<api_token> \ --certification-project-id=<project_id> \ --docker-config=./temp-authfile.json
Where registry.example.org/<namespace>/<image_name>:<image_tag>
is the container that you want to certify as specified in step 4 above and pyxis-api-token
is the container api-keys associated with your account. The API keys can be obtained from here, https://connect.redhat.com/account/api-keys after you are logged into your partner connect account, as detailed above. certification-project-id
is obtained after you have a certification project created in your partner account (see PID below).
-
Complete and submit the Export Control Questionnaire. Details are documented here: https://redhat-connect.gitbook.io/red-hat-partner-connect-general-guide/initial-onboarding/export-compliance
-
Select the required options for specifying the source code URL for open source projects, Most of the form is straightforward, but you should contact your legal team to get an ECCN number.
Note: Our project was open source and hence was not subject to Export Administration Regulations (EAR) but you should still confirm with your legal team.
For open source projects, there is also an additional requirement, as follows. If you miss this, the Red Hat approval process will not move forward.
-
If you do not hear back from the Red Hat team within 5 working days, open a support case at https://connect.redhat.com/support/technology-partner/.
-
Confirm that you have export compliance and distribution approval. After the issues (if any) are resolved, you will get a confirmation email from Red Hat confirming that your project is Export Compliance Approved. The status on your project page will be green only when Red Hat grants both the Export Compliance and Distribution approval which will happen automatically if you have provided complete information. The approval emails will be sent to the email address specified in the Company Export Contact (for Customers) field of the form.
-
Provide details about your container.
-
Provide the repository namespace, summary description , access level and other project details.
-
Create and attach product listing. In this final step, provide information to make the status of the “Pre Certification Checklist” green. You are expected to provide basic details about the product (like name, logo, company contacts etc.) with which your image is associated. We have clubbed all open source projects under a single “product” for simplicity.
We'd like to hear about your experience with the certification process. Drop a comment here if you have any questions or run into any issues while following the steps outlined here.