Red Hat SummitQuesto contenuto non è disponibile nella lingua selezionata.
Chapter 13. Working with containers
13.1. Introduction to containers
Containers include all the necessary components like libraries, frameworks, and other additional dependencies that are isolated and self-sufficient within their own executable. A Red Hat container certification ensures supportability of both the operating system and the application layers. It provides enhanced security by vulnerability scanning and health grading of the Red Hat components, and lifecycle commitment whenever the Red Hat or partner components are updated.
However, containers running in privileged mode, or privileged containers, stretch their boundaries and interact with their host to run commands or access the host’s resources. For example, a container that reads or writes to a filesystem mounted on the host must run in privileged mode.
Privileged containers might create a security risk. A compromised privileged container might also compromise its host and the integrity of the environment as a whole.
Moreover, privileged containers are susceptible to incompatibilities with the host as operating system interfaces such as commands, libraries, ABI, and APIs might change or deprecate over time. This can put privileged containers at risk of interacting with the host in an unsupported way.
Containers must run in unprivileged mode unless approved by Red Hat during the certification process as described in the policy guide.
You must ensure that your containers can run on any supported hosts in the customer’s environment. Red Hat encourages you to adopt a continuous integration model that lets you test your containers with public betas or earlier versions of Red Hat products to maximize compatibility.
13.2. Container certification workflow
Red Hat recommends that you are a Red Hat Certified Engineer or hold equivalent experience before starting the certification process.
The following diagram gives an overview of container certification workflow:
Figure 13.1. Container certification workflow
Task Summary
The certification workflow includes the following three primary stages-
13.2.1. Certification on-boarding and opening your first project
Prerequisites
Verify the functionality of your product on the target Red Hat platform, in addition to the specific certification testing requirements.If running your product on the targeted Red Hat platform results in a substandard experience then you must resolve the issues prior to certification.
The Red Hat Partner Acceleration Desk (PAD) is a Products and Technologies level partner help desk service that allows our (prospective) technology partners a central location to ask non-technical questions pertaining to Red Hat offerings, partner programs, product certification, engagement process, and so on.
See PAD - How to open & manage PAD cases, to open a PAD ticket.
Through the Partner Subscriptions program, Red Hat offers free, not-for-resale software subscriptions that you can use to validate your product on the target Red Hat platform. To request access to the program, follow the instructions on the Partner Subscriptions site.
You must construct your container images so that they meet the certification criteria and policy. For more details, see image content requirements.
Procedure
Follow these high-level steps to certify your containerized software:
- Join the Red Hat Partner Connect for Technology Partner Program.
- Agree to the program terms and conditions.
- Fill in your company profile.
- Create your certification project by selecting your desired platform, for example - Red Hat OpenShift and then choose Container Image.
- Complete the pre-certification checklist including the export compliance questionnaire for your container images, if applicable.
13.2.2. Certification testing
Follow these high-level steps to run a certification test:
- Build your container image.
- Upload your container image to your chosen registry. You can choose any registry of your choice.
- Download the Preflight certification utility.
- Run Preflight with your container image.
- Submit results on Red Hat Partner Connect.
13.2.3. Publishing the certified container on the Red Hat Ecosystem Catalog
Certified container images are delivered to customers through the Red Hat Connect Image Registry, which you can then run on a supported Red Hat container platform. Your product and its images get listed on the Red Hat Container Catalog using the listing information that you provide.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}