migration toolkit for applications 8.1

Migrating stateless workloads by using the mta-ops CLI

Exporting, transforming, rendering, and validating stateless application manifests for deployment on a target Red Hat OpenShift cluster

Red Hat Customer Content Services

Abstract

You can safely move applications across environments by migrating your stateless workloads with the mta-ops command-line interface. The multi-stage pipeline helps you extract, clean, render, and validate your Red Hat OpenShift manifests locally. This workflow ensures target cluster API compatibility before you manually deploy your applications

Chapter 1. Introduction to the mta-ops CLI

As a platform engineer or a cluster administrator, you can use the mta-ops command-line interface (CLI) to safely extract, clean, and validate stateless applications before deployment.

The mta-ops tool provides a non-destructive, repeatable, and GitOps-ready migration workflow for Red Hat OpenShift workloads.

The migration pipeline consists of the following stages in a strict order:

  • The export stage captures a read-only snapshot of the source namespace.
  • The transformation stage cleans cluster-specific metadata and applies additional transformations, if needed.
  • The application stage renders final deployable manifests locally.
  • The validation stage is an optional but recommended step that checks target cluster application programming interface (API) compatibility.
  • The deployment stage applies the workloads to the destination cluster.

The export, transformation, application, and validation stages output directly to your local disk. The deployment stage applies workloads to the target cluster.

The tool migrates stateless workloads and their associated cluster-scoped dependencies. These dependencies include role-based access control (RBAC), custom resource definitions (CRDs), and security context constraints (SCCs).

Important

mta-ops does not support stateful migrations that involve the transfer of persistent volume claims (PVCs) and underlying data.

Chapter 2. Supported migration paths and API compatibility

Before you migrate workloads, review the supported migration paths and application programming interface (API) compatibility. The mta-ops CLI handles resources based on their scope and compatibility.

2.1. Stateless migration limitations

When you plan application migrations, understand the supported paths to create a successful modernization strategy.

The current mta-ops version supports migration paths strictly from Red Hat OpenShift 4.x to 4.x.

The current version of the mta-ops command-line interface supports only stateless application migrations.

You cannot transfer persistent volume claims (PVCs) or underlying volume data.

The mta-ops pipeline supports cross-cluster migrations. It requires distinct source and target cluster contexts to validate and deploy resources successfully.

2.2. Resource and API compatibility

When you prepare for deployment, understand how the pipeline handles application programming interface (API) versions to prevent deployment failures.

The mta-ops tool operates in Red Hat OpenShift 4.x environments but does not enforce a strict minor version matrix. Instead, it relies on the validate stage to ensure API compatibility.

The mta-ops command performs strict group, version, and kind (GVK) matching against the target cluster.

Namespace-scoped resources are fully supported and extracted by default.

Cluster-scoped resources are conditionally supported. The tool extracts custom resource definitions (CRDs), security context constraints (SCCs), and role-based access control (RBAC) objects if you have cluster-admin permissions. If you lack cluster-admin permissions, the tool safely skips them and logs a warning. mta-ops automatically skips operator-managed CRDs. This prevents creating orphaned resources on the target cluster.

Chapter 3. Installing the mta-ops CLI

To begin migrating your workloads, you must install the mta-ops command-line interface (CLI) on your local machine.

3.1. The mta-ops CLI standalone architecture

When you prepare your local workstation, understand the standalone nature of the mta-ops tool to avoid installation conflicts.

The mta-ops command-line interface (CLI) is a standalone tool that operates independently of the standard migration toolkit for applications (MTA) CLI (mta-cli). You do not need to install the standard MTA CLI to use the mta-ops pipeline.

You can install the tool by downloading the pre-compiled mta-ops archive from the Red Hat Developer portal, then extracting the binary.

3.2. Downloading and extracting the mta-ops CLI

To configure your migration environment, download and extract the pre-compiled mta-ops archive.

Prerequisites

  • You have a compatible local operating system.

Procedure

  1. Log in to the Red Hat(https://developers.redhat.com/%5BRed%7Bnbsp%7DHat) Developer Portal.
  2. Navigate to the Migration Toolkit for Applications downloads page.
  3. Download the mta-ops CLI .zip archive for your operating system.
  4. Extract the downloaded .zip archive to a local directory.
  5. Move the extracted mta-ops binary to a directory that is included in your $PATH environment variable. For example:

    $ sudo mv mta-ops /usr/local/bin/

Verification

  • Verify the installation by checking the tool version:

    $ mta-ops version

Chapter 4. Migrating stateless workloads

Migrate your Red Hat OpenShift workloads from a source cluster to a new cluster by using the mta-ops pipeline. Extract, clean up, and validate stateless applications before deployment.

A complete migration pipeline includes the following stages in a strict order:

  • Export: Capture the source cluster manifests.
  • Transform: Clean up and adapt the manifests.
  • Apply: Render the final deployable YAML manifests.
  • Validate (optional): Check target cluster application programming interface (API) compatibility.
  • Deploy: Apply the workloads to the destination.

4.1. Executing a stateless migration quick start

To quickly test the tool, run a basic stateless migration scenario for a single application. This end-to-end pipeline demonstrates the default workflow.

Prerequisites

  • You have active contexts for your source and target clusters.

Procedure

  1. Export the source application:

    $ mta-ops export --context <source_context> -n <namespace> -e export --overwrite
  2. Clean the exported manifests by using the default transformation pipeline:

    $ mta-ops transform -e export -t transform
  3. Render the deployable manifests locally:

    $ mta-ops apply -t transform -o output --overwrite
  4. Optional: Validate the generated manifests against the target cluster:

    $ mta-ops validate --context <target_context> -i output --overwrite
  5. Deploy the application to the target cluster:

    $ oc apply -f output/output.yaml

Verification

  • Verify the application rollout on the target cluster.

4.2. Configuring cluster access for migration

Before you can migrate workloads, you must establish communication with your environments. To enable the access, you must use your local cluster contexts.

4.2.1. Cluster context management

Understand how the mta-ops CLI connects to your environments to ensure your migration commands route to the correct destinations.

The mta-ops command-line interface (CLI) operates entirely locally. It does not require a centralized web console or an intermediate authentication hub. The tool uses your local kubeconfig file to authenticate and communicate directly with clusters.

Because the pipeline extracts data from one environment and validates against another environment, your kubeconfig file must contain active contexts for both clusters simultaneously. mta-ops uses the --context flag to route operations. This design securely uses your existing role-based access control (RBAC) permissions without requiring secondary credentials.

4.2.2. Configuring source and target cluster contexts

To enable the mta-ops CLI to communicate with your environments, configure your local cluster contexts. You perform this by logging into both the source and target clusters.

Prerequisites

  • You have installed the Red Hat OpenShift CLI (oc).
  • You have credentials for both the source and target Red Hat OpenShift clusters.

Procedure

  1. Log in to the source Red Hat OpenShift cluster:

    $ oc login <source_cluster_url> -u <username> -p <password>
  2. Log in to the target Red Hat OpenShift cluster:

    $ oc login <target_cluster_url> -u <username> -p <password>
  3. List your configured contexts to verify they are active:

    $ oc config get-contexts
  4. Identify and record the names of the source and target contexts. You use these exact names with the --context flag in subsequent pipeline commands.

Verification

  • Verify that the command output displays both cluster contexts and that no authentication errors occurred.

4.3. Exporting workload manifests

When you plan a migration, capture a snapshot of your source cluster resources. This ensures you have the required manifests for local transformation.

4.3.1. Workload manifest export

When you extract workloads, understanding the read-only export process helps you to capture the required resource manifests.

The export process is read-only and does not affect running applications. The mta-ops CLI operates completely independently of the migration toolkit for applications Hub.

The tool does not require a Personal Access Token (PAT). It authenticates directly to the clusters by using your local kubeconfig file.

If you do not have cluster-level permissions, the command logs a warning. It records inaccessible resources in a dedicated failures/ directory.

To identify skipped cluster-scoped resources during a partial export, you must inspect the failures/ directory. The tool generates a YAML artifact for each inaccessible resource. These files contain the raw application programming interface (API) error.

The export command exits with a non-zero status code only if all requested resource types return a Forbidden error.

4.3.2. Exporting manifests from the source cluster

To capture your application’s deployment configuration, export the manifests to a local directory. You can use role impersonation if you do not have direct access.

Prerequisites

  • You have installed the mta-ops CLI on your system.
  • You have active kubeconfig access to the source Red Hat OpenShift cluster.
  • Optional: You have cluster-admin privileges to export all cluster-scoped dependencies.

    Warning

    If you lack cluster-admin privileges, the export process generates warnings and extracts only the resources you have permission to access.

Procedure

  1. Export manifests and cluster-level dependencies:

    $ mta-ops export --context <source_context> -n <namespace> -e export
  2. Optional: To perform service account-based migrations by using role impersonation, append the --as and --as-group flags:

    $ mta-ops export --context <source_context> -n <namespace> -e export --as <service_account_name> --as-group <group_name>
  3. Review the generated YAML files in the export/resources/<namespace>/ directory.

Verification

  1. Verify that the output directory contains the exported manifests and the _cluster/ subdirectory.
  2. If you lack cluster-admin privileges, inspect the failures/ directory to identify any skipped resources.

4.3.3. Additional resources

4.4. Transforming workload manifests by using a multi-stage pipeline

To clean the exported workload manifests and prevent conflicts on the target cluster, transform the manifests by using a multi-stage pipeline.

4.4.1. Transformation plugin management

When you adapt complex applications, you can manage transformation plugins to control the pipeline. This ensures the tool cleans specific metadata and applies additional transformations, if needed.

The mta-ops command-line interface (CLI) automatically discovers plugins from the ~/.local/share/crane/plugins/ default path. You can view available plugins by using the list-plugins subcommand.

During the transform stage, you can use the --skip-plugins flag to omit specific plugins. You can use the --optional-flags parameter to pass additional arguments.

To drive the transformation behavior by using specific user-defined rules, you can append the --instructions-file flag. This supplies a declarative YAML file to the pipeline.

4.4.2. Multi-stage transformation pipeline

Understand how the multi-stage transformation pipeline produces Kustomize-native output. This allows you to accurately trace modifications.

The mta-ops transform command processes exported manifests through sequential plugin stages. The pipeline produces a standard Kustomize layout.

Example 4.1. Example output directory structure

transform/
├── 10_KubernetesPlugin/
│   ├── input/
│   ├── output/
│   ├── patches/
│   └── kustomization.yaml
├── 15_OpenShiftPlugin/
│   ├── input/
│   ├── output/
│   ├── patches/
│   └── kustomization.yaml
└── 50_CustomModifications/
    ├── input/
    ├── output/
    ├── patches/
    └── kustomization.yaml

The directory structure uses the following components:

  • Isolated stage directories: Each plugin processes within a dedicated, numbered directory. This isolation ensures you can trace which tool caused a specific modification.

    Note

    You can append manual transformation stages to the pipeline to apply declarative patches directly to your application.

  • Input and output folders: The pipeline merges the working state into the main directories. These folders show the exact manifest state before and after execution.
  • Patches directory: This directory contains the generated overlays. The files use predictable, deterministic naming conventions and sorting.
  • Kustomization file: The kustomization.yaml file acts as the standard entry point. You can manually edit this file in custom stages to apply declarative overrides.

Plugin stages safely regenerate upon execution. However, custom stages require manual forced overwrites to protect your edits.

4.4.3. Executing a multi-stage workload transformation

Transform your exported manifests to remove cluster-specific metadata. This prevents conflicts on the target Red Hat OpenShift cluster.

Prerequisites

  • You have exported the workload manifests from the source cluster to a local directory.

Procedure

  1. Navigate to the directory containing your exported manifests.
  2. Transform the manifests:

    $ mta-ops transform -e export -t transform

Verification

  • Verify that the generated stage directories contain the expected kustomization.yaml files and descriptive folders.

4.4.4. Transforming manifests with an instructions file

When you need specific rules during the cleanup process, use an instructions file. This declarative file controls the pipeline execution.

Prerequisites

  • You successfully exported your workload manifests.
  • You created a YAML instructions file containing your custom transformation rules.

Procedure

  • Transform the manifests by applying specific rules:

    $ mta-ops transform -e export -t transform --instructions-file <path_to_file.yaml>

Verification

  • Verify that the tool applied your specific rules to the generated stage directories.

4.4.5. Adding a custom transformation stage

To adapt migrated resources to new environment standards, add a custom transformation stage. You can layer declarative patches directly on your application.

Prerequisites

  • You have exported and successfully transformed the workload manifests.

Procedure

  1. Navigate to your generated transform/ directory.
  2. Create a new directory for your custom stage. Do not use the Plugin suffix in the name.

    $ mkdir 50_CustomModifications
  3. Create a kustomization.yaml file inside your new custom stage directory.
  4. Define your custom modifications in the kustomization.yaml file. For example, to override the target namespace and add migration labels, use the following code:

    namespace: <target_namespace>
    commonLabels:
      migration-run: <migration_id>
  5. Apply your custom stage:

    $ mta-ops transform <custom_stage_directory> -e export -t transform --force

    The --force flag is mandatory to safely overwrite your modified custom stage directory.

Verification

  • Verify that the output/ directory inside your custom stage contains the expected resource changes.

4.4.6. Additional resources

4.5. Generating final deployable manifests

To render the final YAML from the transform pipeline, generate the manifests. The mta-ops apply command produces local deployable files without modifying clusters.

4.5.1. Local manifest generation

Understand how the mta-ops apply command renders your transformed manifests locally. This ensures your final YAML is ready for deployment.

The mta-ops apply command runs Kustomize on the final transform stage. It evaluates patches internally by using the embedded krusty application programming interface (API). This embedded rendering removes the runtime dependency on the kubectl or oc binaries.

The command produces clean, deployable manifests on your local disk. It does not deploy resources to any cluster. The output includes individual resource files and a consolidated output.yaml file.

The mta-ops tool orders resources in the consolidated file to satisfy cluster dependencies. For example, it places custom resource definitions (CRDs) before namespace-scoped resources. You can exclude cluster-scoped resources by appending the --skip-cluster-scoped flag. This supports split-responsibility workflows between administrators and non-administrators.

4.5.2. Generating final manifests locally

To produce clean YAML files, generate your final manifests. You use the mta-ops apply command to render the Kustomize output locally.

Prerequisites

  • You have successfully exported and transformed your workload manifests.

Procedure

  1. Generate the final manifests:

    $ mta-ops apply -t transform -o output
  2. Review the generated output/output.yaml file on your local disk. Check the replicas, namespaces, images, labels, and role-based access control (RBAC) configurations.

Verification

  • Verify that the output directory contains the final YAML files and the namespace subdirectories.

4.5.3. Generating ordered manifests locally

When you render your final YAML, you can generate ordered individual resource files. This ensures you apply resources in the correct dependency order.

Prerequisites

  • You have successfully exported and transformed your workload manifests.

Procedure

  1. Generate the final manifests by appending the --ordered flag:

    $ mta-ops apply -t transform -o output --ordered
  2. Review the generated files in the output/resources/<namespace>/ directory. The --ordered flag prefixes the filenames with 3-digit order numbers.

Verification

  • Verify that the resource filenames begin with a 3-digit number.

4.5.4. Additional resources

4.6. Validating target cluster compatibility

To ensure your generated manifests are compatible with a target cluster, run the validation check. Validating target cluster compatibility is an optional step. Validate runs after the apply stage on the final output.

4.6.1. Manifest compatibility validation

Validation is a read-only optional check for your final workload manifests before their deployment on a target cluster. It prevents deployment failures by identifying API incompatibilities.

You can use the mta-ops validate command to evaluate your generated manifests against the target Red Hat OpenShift cluster’s application programming interface (API) surface. The command performs strict group, version, and kind (GVK) matching. The tool reads the API discovery information without modifying the cluster.

The validation command generates a report identifying incompatible resources. It saves the detailed results to a specified validation directory. If incompatibilities are found, the tool logs the failing artifacts in a failures/ subdirectory.

The validation process supports the following modes:

  • Live mode: The mta-ops tool connects directly to the target cluster to read the current API surface.
  • Offline mode: The mta-ops tool reads a previously captured API surface file. This is useful for disconnected environments or automated pipelines.

4.6.2. Validating workload manifests against a live cluster

To verify application programming interface (API) compatibility before deployment, validate your transformed manifests against a live target Red Hat OpenShift cluster.

Prerequisites

  • You have generated the final manifests.
  • You have active access to the target Red Hat OpenShift cluster.

Procedure

  1. Set your CLI context to the target Red Hat OpenShift cluster.
  2. Validate the transformed manifests:

    $ mta-ops validate --context <target_cluster_context> -i output
    {
      "mode": "live",
      "clusterContext": "tgt-cluster",
      "results": [
        {
          "apiVersion": "apps/v1",
          "kind": "Deployment",
          "namespace": "target-namespace",
          "resourcePlural": "deployments",
          "status": "OK"
        },
        {
          "apiVersion": "v1",
          "kind": "Secret",
          "namespace": "target-namespace",
          "resourcePlural": "secrets",
          "status": "OK"
        },
        {
          "apiVersion": "v1",
          "kind": "Service",
          "namespace": "target-namespace",
          "resourcePlural": "services",
          "status": "OK"
        }
      ],
      "totalScanned": 3,
      "compatible": 3,
      "incompatible": 0
    }

Verification

  • Verify that the command returns a PASSED summary result.

4.6.3. Additional resources

4.7. Deploying the migrated workloads

After you generate and validate the final manifests, deploy them. Because the tool does not modify clusters, use standard deployment tools.

4.7.1. Workload deployment

Understand the final step of the stateless workload migration pipeline and deploy the validated manifests to the target cluster.

The mta-ops pipeline produces ready-to-use YAML artifacts on your local disk. It deliberately does not connect to the target cluster. This non-destructive architecture ensures that the target cluster remains untouched until manual deployment.

Because the pipeline outputs standard Kubernetes manifests, it is fully GitOps-ready. You can commit the final YAML to a repository.

Applying the consolidated output.yaml file resolves dependency ordering issues during deployment. Applying the entire directory can cause deployment failures if roles execute before role bindings.

4.7.2. Deploying workloads to the target cluster as an administrator

To finalize your migration, deploy the validated workloads by applying the generated manifests to the target Red Hat OpenShift cluster.

Prerequisites

  • Optional: You have validated your workload manifests.
  • You have cluster-admin privileges on the target Red Hat OpenShift cluster.

Procedure

  1. Deploy the workloads by using the Red Hat OpenShift CLI and applying the consolidated file:

    $ oc apply -f output/output.yaml
  2. Optional: Commit the output/ directory to your repository to use a GitOps deployment workflow.

Verification

  • Verify the rollout, service endpoints, and application health on the target cluster.

4.7.3. Deploying workloads to the target cluster as a non-administrator

When you lack cluster-admin privileges, deploy your workloads as a non-administrator. This allows you to apply namespace-scoped resources safely.

Prerequisites

  • You have a PASSED validation report for your output directory.
  • You generated your manifests using the --skip-cluster-scoped flag during the apply stage.

Procedure

  • Deploy the workloads by using the Red Hat OpenShift CLI:

    $ oc apply -f output/output.yaml

Verification

  • Verify the rollout and application health on the target namespace.

Chapter 5. Troubleshooting the mta-ops pipeline

If a migration step fails, you can debug the pipeline to resolve errors. You can extract logs, review failures, and isolate transformations.

5.1. mta-ops pipeline troubleshooting

Understand how the mta-ops CLI isolates failures to help you quickly identify migration blockers.

Because the pipeline operates locally, troubleshooting does not require active target cluster intervention. The tool provides three primary diagnostic mechanisms:

  • Global debug logging: You can append a global debug flag to any command to print detailed diagnostic output to your terminal.
  • Failure artifacts: The export and validate commands isolate problematic resources into dedicated failures/ subdirectories. This prevents a single incompatible resource from stopping the entire pipeline.
  • Stage isolation: The transform pipeline produces distinct input/ and output/ directories for each plugin stage. This allows you to pinpoint exactly where a resource modification failed.

5.2. Enabling verbose logging for mta-ops

When you investigate pipeline failures, extract detailed diagnostic output by appending the verbose logging flag to your command.

Procedure

  • Append the --debug flag to any mta-ops command. For example, to debug a validation failure, enter:

    $ mta-ops validate --context <target_cluster_context> -i output --debug

Verification

  • Verify that your terminal output includes expanded diagnostic information and debug-level messages.

5.3. Common migration pipeline errors

When you encounter pipeline failures, review the common errors tables. This helps you diagnose issues and resume your migration work.

Table 5.1. Export and transform errors

Error messageCauseSolution

Forbidden

You lack role-based access control (RBAC) permissions to export a resource.

Inspect the failures/ directory for skipped dependencies. Use role impersonation flags such as --as and --as-group.

Patch evaluation error

A custom stage contains malformed YAML or missing parent objects.

Isolate the stage by passing the directory name as a positional argument. Rerun the command with the --force flag.

Table 5.2. Apply and validate errors

Error messageCauseSolution

Dependency order failure

The deployment command executed manifest files out of their required dependency order.

Rerun the mta-ops apply command with the --ordered flag.

Unknown resource type

A required custom resource definition (CRD) is missing.

Install the required Operator on the target cluster.

5.4. Resolving validation failures

To fix incompatibilities with your target cluster, review your validation artifacts. You must resolve missing custom resource definitions (CRDs) manually.

Prerequisites

  • You ran the mta-ops validate command and received a FAILED result.

Procedure

  1. Navigate to your specified validation output directory.
  2. Open the failures/ subdirectory.
  3. Inspect the generated YAML files. The file names indicate the specific group, version, and kind (GVK) that failed compatibility checks.

    • If a resource failed because a CRD is missing on the target cluster, install the required Operator on the target cluster.
    • If a resource failed because an API version is deprecated, create a custom transformation stage to rewrite the apiVersion field.
  4. Rerun the mta-ops validate command.

Verification

  • Verify that the mta-ops validate command returns a PASSED summary result.

5.5. Resolving transformation conflicts

To fix malformed Kustomize patches, isolate your transformation stages. You can inspect the exact input and output of a specific plugin.

Prerequisites

  • You ran the mta-ops transform command and encountered a patch evaluation error.

Procedure

  1. Navigate to your generated transform/ directory.
  2. Identify the specific numbered stage directory where the failure occurred.
  3. Compare the contents of the input/ directory against the output/ directory for that stage.
  4. If the failure occurred in a custom stage, modify your kustomization.yaml file to correct the syntax error.
  5. Rerun the isolated custom stage:

    $ mta-ops transform <custom_stage_directory> -e export -t transform --force

Verification

  • Verify that the isolated stage executes successfully and produces the expected YAML in the output/ directory.

Appendix A. mta-ops command options

Review the commands and flags available in the mta-ops command-line interface (CLI). You use these commands to extract, clean, render, and validate workloads.

A.1. mta-ops export command options

When you capture a source cluster snapshot, review the available command flags. This helps you customize the extraction process.

Table A.1. mta-ops export flags

OptionShorthandDescription

--context

 

The local kubeconfig context of the source cluster.

--namespace

-n

The target namespace to export workloads from.

--export-dir

-e

The directory path to save the exported resources.

--label-selector

-l

Selection of resources to export based on matching labels.

--as

 

Username to impersonate for the export operation.

--as-group

 

Group to impersonate for the export operation.

--as-extras

 

Impersonation extras to use for the export request.

--crd-skip-group

 

Omission of CRDs that match the specified API group.

--crd-include-group

 

Inclusion of CRDs that match the specified API group.

--qps

 

Queries per second allowed for the Kubernetes API connection.

--burst

 

Allowed extra queries to accumulate for the API connection.

--overwrite

 

Overwrite of the export directory if it already exists.

A.2. mta-ops transform command options

When you process exported manifests, review the available command flags. This helps you control the Kustomize plugin stages.

Table A.2. mta-ops transform flags

OptionShorthandDescription

--export-dir

-e

The directory path containing the exported resources to be processed.

--transform-dir

-t

The directory path to create the isolated transform stages.

--stage

 

A specific custom or built-in stage directory name to run.

--force

 

A flag to overwrite modified custom stage directories. This is mandatory for re-running custom stages.

--skip-plugins

 

A comma-separated list of built-in plugins to skip, such as OpenShiftPlugin.

--optional-flags

 

Additional arguments or parameters passed to the transformation plugins.

--instructions-file

 

A path to a declarative YAML file to steer the transformation execution rules.

A.3. mta-ops apply command options

When you render your final YAML, review the available command flags. This helps you customize the output generation.

Table A.3. mta-ops apply flags

OptionShorthandDescription

--transform-dir

-t

The directory path containing the completed transform stages.

--output-dir

-o

The directory path to write the final deployable manifests.

--export-dir

-e

The path where exported resources are saved. This is not used by the apply command.

--kustomize-args

 

Additional arguments for the embedded Kustomize engine.

--skip-cluster-scoped

 

A flag to exclude cluster-scoped resources from the output.

--ordered

 

Prefixes the generated resource filenames with 3-digit order numbers to ensure correct dependency ordering.

--overwrite

 

Overwrite of the output directory if it already exists.

A.4. mta-ops validate command options

When you check target cluster application programming interface (API) compatibility, review the available command flags. This helps you configure your live or offline validation run.

Table A.4. mta-ops validate flags

OptionShorthandDescription

--input-dir

-i

The directory path containing the final rendered manifests to validate.

--context

 

The local kubeconfig context of the target cluster.

--kubeconfig

 

The path to the kubeconfig file for the target cluster.

--api-resources

 

The path to a captured API surface JSON file for offline validation.

--validate-dir

 

The directory path to save validation reports and failure artifacts.

--output

-o

The format of the generated report file. Valid options are json or yaml.

--overwrite

 

Overwrite of the validation directory if it already exists.

Appendix B. Developer and architecture guides

When you want to extend the mta-ops command-line interface (CLI) or understand its internal mechanics, review the upstream developer guides. This helps you build custom plugins or contribute to the project.

The mta-ops repository contains comprehensive documentation for developers:

  • CONTRIBUTING.md: Located at the root of the repository, detailing the GitHub integration and contributor onboarding workflow.
  • Development guides (docs/development/): Contains dedicated documents for local environment setup, unit and end-to-end (E2E) testing conventions, and end-to-end pipeline architecture.
  • Plugin development: Comprehensive instructions on creating custom transformation plugins using Go or Bash.

Legal Notice

Copyright © 2026 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.