diff --git a/.github/workflows/release-image.yml b/.github/workflows/release-image.yml
index 9fadf707b16..ba3639b9a34 100644
--- a/.github/workflows/release-image.yml
+++ b/.github/workflows/release-image.yml
@@ -21,6 +21,7 @@ on:
           - Dockerfile-dataprotection
           - Dockerfile-dev
           - Dockerfile-tools
+          - Dockerfile-redhat
   release:
     types:
       - published
@@ -128,6 +129,23 @@ jobs:
       CONTEXT: "./docker"
     secrets: inherit
 
+  release-redhat-image:
+    if: ${{ github.event_name  == 'workflow_dispatch' && (inputs.dockerfile == '' || inputs.dockerfile == 'Dockerfile-redhat') }}
+    needs: release-version
+    uses: apecloud/apecloud-cd/.github/workflows/release-image-cache.yml@v0.1.64
+    with:
+      MAKE_OPS_PRE: "generate"
+      IMG: "apecloud/kubeblocks"
+      VERSION: "${{ needs.release-version.outputs.release-version }}-certified"
+      GO_VERSION: "1.23"
+      APECD_REF: "v0.1.64"
+      DOCKERFILE_PATH: "./docker/Dockerfile-redhat"
+      BUILDX_ARGS: |
+        VERSION=${{ needs.release-version.outputs.release-version }}
+        GIT_COMMIT=${{ needs.release-version.outputs.git-commit }}
+        GIT_VERSION=${{ needs.release-version.outputs.git-version }}
+    secrets: inherit
+
   release-message:
     runs-on: ubuntu-latest
     needs: [ release-image, release-tools-image, release-dataprotection-image ]
diff --git a/docker/Dockerfile-redhat b/docker/Dockerfile-redhat
new file mode 100644
index 00000000000..20ea57372c6
--- /dev/null
+++ b/docker/Dockerfile-redhat
@@ -0,0 +1,86 @@
+# Build the manager binary
+ARG DIST_IMG=registry.access.redhat.com/ubi9:9.6
+
+ARG GO_VERSION=1.23.10-alpine
+
+FROM --platform=${BUILDPLATFORM} golang:${GO_VERSION} AS builder
+
+## docker buildx build injected build-args:
+#BUILDPLATFORM — matches the current machine. (e.g. linux/amd64)
+#BUILDOS — os component of BUILDPLATFORM, e.g. linux
+#BUILDARCH — e.g. amd64, arm64, riscv64
+#BUILDVARIANT — used to set ARM variant, e.g. v7
+#TARGETPLATFORM — The value set with --platform flag on build
+#TARGETOS - OS component from --platform, e.g. linux
+#TARGETARCH - Architecture from --platform, e.g. arm64
+#TARGETVARIANT
+
+ARG TARGETOS
+ARG TARGETARCH
+
+ARG GOPROXY
+#ARG GOPROXY=https://goproxy.cn
+ENV GOPROXY=${GOPROXY}
+
+ARG VERSION
+ARG GIT_COMMIT
+ARG GIT_VERSION
+ARG BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+
+ENV VERSION=${VERSION}
+ENV GIT_COMMIT=${GIT_COMMIT}
+ENV GIT_VERSION=${GIT_VERSION}
+
+ARG LD_FLAGS="-s -w \
+    -X github.com/apecloud/kubeblocks/version.Version=${VERSION} \
+	-X github.com/apecloud/kubeblocks/version.BuildDate=${BUILD_DATE} \
+	-X github.com/apecloud/kubeblocks/version.GitCommit=${GIT_COMMIT} \
+	-X github.com/apecloud/kubeblocks/version.GitVersion=${GIT_VERSION}"
+
+WORKDIR /src
+# Copy the Go Modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+# cache deps before building and copying source so that we don't need to re-download as much
+# and so that source changes don't invalidate our downloaded layer
+RUN --mount=type=cache,target=/go/pkg/mod \
+    go mod download
+
+# Copy the go source
+#COPY cmd/manager/main.go cmd/manager/main.go
+#COPY cmd/manager/ cmd/manager/
+#COPY apis/ apis/
+#COPY pkg/ pkg/
+#COPY controllers/ controllers/
+#COPY test/testdata/testdata.go test/testdata/testdata.go
+
+RUN --mount=type=bind,target=. \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg/mod \
+    go env && \
+    CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -ldflags="${LD_FLAGS}" -o /out/manager ./cmd/manager/main.go
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM ${DIST_IMG} AS dist
+
+ARG VERSION
+ENV VERSION=${VERSION}
+
+WORKDIR /
+COPY --from=builder /out/manager .
+
+LABEL vendor="Hangzhou ApeCloud Co., Ltd"
+LABEL maintainer="Hangzhou ApeCloud Co., Ltd"
+LABEL name="KubeBlocks"
+LABEL summary="KubeBlocks is an operator for databases enabling users to run and manage multiple types of databases on Kubernetes."
+LABEL description="KubeBlocks is a Kubernetes Operator designed to manage a variety of databases and streaming systems, including MySQL, PostgreSQL, MongoDB, Redis, RabbitMQ, RocketMQ, and more, within Kubernetes environments."
+LABEL io.k8s.description="KubeBlocks is a Kubernetes Operator designed to manage a variety of databases and streaming systems, including MySQL, PostgreSQL, MongoDB, Redis, RabbitMQ, RocketMQ, and more, within Kubernetes environments."
+LABEL version="${VERSION}"
+
+RUN mkdir -p /licenses
+COPY LICENSE /licenses/
+
+USER 65532:65532
+
+ENTRYPOINT ["/manager"]