RedHat Operator Bundle certification process

This document outlines certification process for OLM bundle submission for RedHat Marketplace. It is based on Red Hat Software Certification Workflow Guide

The following process is partially automated in scripts/tools/ You can use ${VERSION} redhat-marketplace to run this process. For more details see the script documentation.

Common cluster infrastructure and common GitHub account ( gl-distribution-oc ) are used throughout this document. If using custom cluster/GitHub account - adjust accordingly.

Provision OpenShift cluster


  1. Personal SSH key added to gl-distribution-oc GitHub account (with local copy in ${HOME}/.ssh/gldoc_github, see below)
  2. Because Git Operations require separate SSH key to access gl-distribution-oc repositories, the sample wrapper script ( using key from (1) may be helpful as GitHub may reject connection if other loaded private key gets offered first:

    export GIT_SSH_COMMAND="ssh -i ${OC_SSH_KEYFILE} -o IdentitiesOnly=yes"
    exec $@
  3. pre-requisites:
    1. task
    2. operator-sdk
    3. yq
    4. opm

Set up environment

Clusters are deployed using deployment pipeline. Obtain artifacts from the corresponding cluster’s pipeline deploy_cluster job.


# CLUSTER_DIR: directory where artifacts from "deploy_cluster" job are located

export TKN=${CLUSTER_DIR}/bin/tkn

# Use provisioned cluster's "admin"-level kubeconfig
export KUBECONFIG=${CLUSTER_DIR}/auth/kubeconfig

export GIT_USERNAME="gl-distribution-oc"

# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Below email is our temporary workaround so use as-is until
#    and
# are resolved
export GIT_EMAIL=""
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

export GIT_BRANCH="gitlab-operator-kubernetes-${VERSION}"

export OPERATOR_BUNDLE_PATH="operators/gitlab-operator-kubernetes/${VERSION}"

It could be convenient to save above shell code as an environment file (my.env, for example) and source it wherever necessary: source /path/to/my.env.

Setup repository

Fork(ed) repository

Forks for both the certified and marketplace operators have already been created:

Use of wrapper script below is optional.
  1. Clone fork locally:

    pushd ${HOME} git clone
  2. Bring main branch of the fork up-to-date:

    git remote add upstream
    git rebase -i upstream/main git push
  3. Create new branch for the release:

    git checkout -b gitlab-operator-kubernetes-${VERSION}
  4. Return to gitlab-operator local directory:


Generate bundle

OSDK_BASE_DIR=".build/cert" \
    DOCKER="podman" \
    scripts/ build_manifests generate_bundle patch_bundle

Properly annotate bundle for submission \
    redhat/operator-certification/scripts/ adjust_annotations adjust_csv

Copy & Push changes into the forked repository

At this point one must copy the bundle to its new location (retrieve the value of CATALOG_REPO_CLONE from fork repository):

cp -r .build/cert/bundle ${CATALOG_REPO_CLONE}/operators/gitlab-operator-kubernetes/${VERSION}
( cd ${CATALOG_REPO_CLONE} && git add operators/gitlab-operator-kubernetes/${VERSION} \
   && git commit -am "Add gitlab-operator-${VERSION}" \
   && git push origin gitlab-operator-kubernetes-${VERSION})

Run certification pipeline

GitHub Username and email must be obtained for this step and used in GIT_USERNAME and GIT_EMAIL.

Switch to appropriate project in OCP:

redhat/operator-certification/scripts/ \

Create workplace template:

redhat/operator-certification/scripts/ \

Then run pipeline:

redhat/operator-certification/scripts/ \

This creates an upstream PR and opens submission in the RedHat portal.