Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 14. Working with containers

14.1. Introduction to containers
Copy link

Containers include all the necessary components like libraries, frameworks, and other additional dependencies that are isolated and self-sufficient within their own executable. A Red Hat container certification ensures supportability of both the operating system and the application layers. It provides enhanced security by vulnerability scanning and health grading of the Red Hat components, and lifecycle commitment whenever the Red Hat or partner components are updated.

However, containers running in privileged mode, or privileged containers, stretch their boundaries and interact with their host to run commands or access the host’s resources. For example, a container that reads or writes to a filesystem mounted on the host must run in privileged mode.

Privileged containers might create a security risk. A compromised privileged container might also compromise its host and the integrity of the environment as a whole.

Moreover, privileged containers are susceptible to incompatibilities with the host as operating system interfaces such as commands, libraries, ABI, and APIs might change or deprecate over time. This can put privileged containers at risk of interacting with the host in an unsupported way.

You must ensure that your containers can run on any supported hosts in the customer’s environment. Red Hat encourages you to adopt a continuous integration model that lets you test your containers with public betas or earlier versions of Red Hat products to maximize compatibility.

Partner Validation - Select this type of certification, if you want to validate your product using your own criteria and test suite on Red Hat platforms. This partner validation allows you to publish your software offerings on the Red Hat Ecosystem Catalog more quickly. However, validated workloads may not incorporate all of Red Hat integration requirements and best practices. We encourage you to continue your efforts toward Red Hat certification.

Certified - Select this type of certification, if you want your product to undergo thorough testing by using Red Hat’s test suite, and benefit from collaborative support. Your products will meet your standards and Red Hat’s criteria, including interoperability, lifecycle management, security, and support requirements.

Products that meet the requirements and complete the certification workflow get listed on the Red Hat Ecosystem Catalog. Partners will receive a logo to promote their product certification.

It is critical for partners to understand the distinction between Partner Validation and Red Hat Certification. Find below a clear differentiation between Validation and Certification programs:

Expand

Feature

Partner Validation

Red Hat Certification

Testing Criteria

Determined by Partner

Determined by both Red Hat and Partner

Testing Tools

Provided by Partner

Provided by both Red Hat and Partner

Red Hat Review

Partner statements, supportive documentation and test results

Test results, partner statements, and documentation

Scope

Quicker market entry, initial presence on the Red Hat Ecosystem Catalog

Comprehensive compliance with Red Hat platform requirements, best practices such as interoperability, security, and support

14.2. Container certification workflow
Copy link

Note

Red Hat recommends that you are a Red Hat Certified Engineer or hold equivalent experience before starting the certification process.

Task Summary

The certification workflow includes the three primary stages-

  1. Section 14.2.1, “Certification on-boarding”
  2. Section 14.2.2, “Certification testing for containerized applications”
  3. Section 14.2.3, “Publishing the certified product listing on the Red Hat Ecosystem Catalog”

14.2.1. Certification on-boarding
Copy link

Perform the steps outlined for certification onboarding:

  1. Join the Red Hat Connect for Technology Partner Program.
  2. Agree to the program terms and conditions.

  3. Create your product listing by selecting your desired product category. You can select from the available product categories:

    1. Containerized Application
    2. Standalone Application
    3. OpenStack Infrastructure
  4. Complete your company profile.
  5. Add components to the product listing.
  6. Certify components for your product listing.

Follow these high-level steps to run a certification test:

  1. Build your container image.
  2. Upload your container image to your chosen registry. You can choose any registry of your choice.
Note

You can perform Red Hat Container certification by using a custom container registry. This enables you to provide an access token to the registry, which thereby helps to verify the availability of the container images for users. Also, it ensures that the container image can undergo scanning by the security scanner and can be published on the Red Hat Ecosystem Catalog. Custom registries employ diverse authentication methods, and the Red Hat Software certification program supports the following authentication methods along with the standard OCI registry API:

  • Bearer Authentication
  • OAuth2
  • Basic Authentication

For more details about the authentication methods, see Supported auth methods.

Additionally, if you are using a public registry—such as DockerHub, GitLab, GitHub, or similar that enforces rate limits on unauthenticated or anonymous access, provide a Docker configuration file with valid authentication credentials for the specified registry. Without this configuration, Red Hat certification systems can exceed the allowed request limits, preventing it from certifying or serving your container.

  1. Download the Preflight certification utility.
  2. Run Preflight with your container image.
  3. Submit results on Red Hat Partner Connect.

The Certified container must be added to your product’s Product Listing page on the Red Hat Partner Connect portal. Once published, your product listing is displayed on the Red Hat Ecosystem Catalog, by using the product information that you provide.

Follow these steps to perform a multi-arch container certification test:

Procedure

  1. Build your multi-arch container images. See Building and pushing multi-arch container images using Podman for more information.
  2. Upload your container images to your chosen registry. You can select any OCI registry of your choice.
Note

You can perform Red Hat Container certification by using a custom container registry. This enables you to provide an access token to the registry, which thereby helps to verify the availability of the container images for users. Also, it ensures that the container image can be scanned by the security scanner and published on the Red Hat Ecosystem Catalog. Custom registries employ diverse authentication methods, and the Red Hat Software certification program supports the following authentication methods along with the standard OCI registry API:

  • Bearer Authentication
  • OAuth2
  • Basic Authentication

For more details about the authentication methods, see Supported auth methods.

Additionally, if you are using a public registry—such as DockerHub, GitLab, GitHub, or similar that enforces rate limits on unauthenticated or anonymous access, provide a Docker configuration file with valid authentication credentials for the specified registry. Without this configuration, Red Hat certification systems can exceed the allowed request limits, preventing it from certifying or serving your container.

  1. Download the Preflight certification utility. Ensure that you have the latest version to benefit from any updates or improvements.

  2. Run preflight with your multi-arch container image. Preflight will automatically run and submit results for all architectures if the supplied image is a manifest list.

    Note

    For operator-based CNI and CSI certification workflows, functional certification tests are credited only for the architectures on which the testing is conducted. You will need to provide multiple architecture-specific functional test runs for each supported architecture.

    Note

    For CSI components, each protocol is tested in a separate test run for each architecture. A minimum of one protocol per architecture is required for certification. You can use supplemental certification requests to extend protocol coverage to additional architectures.

    Note

    When running certification tests multiple times for different architectures or protocols for the same Red Hat product and partner product version, all results are submitted to the same functional certification.

  3. Review and address the preflight certification results.
  4. Submit results on Red Hat Partner Connect.

Follow the instructions to build and push multi-arch images using Podman:

Prerequisites

  1. Podman is installed on your system.
  2. You have a Dockerfile that defines the image you want to build for multiple architectures.
  3. You have a Quay.io account or any other container registry account.

Procedure

  1. Prepare Your Dockerfile.
  2. Build and push the multi-arch container Images. Check the podman-manifest documentation for instructions on building and pushing the multi-arch container images.
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top