Moving from java 8 to java 11 is a security key priority.

A java 11 baseline image is available in the nexus.

Version
7.0.1

based on alpine, this base image provides a 11.0.8 jre.

it is GPL v3 free

If you add packages, pay attention not to add GPLv3 packages

user: onap, group: onap

ou need to copy your jar file under /app/app.jar.

It is the recommended solution for Guilin.

7.0.0

based on debian, this image provides a 11.0.6 jre

It is not GPLv3 free. It is now deprecated.

user: onap, group: onap

ou need to copy your jar file under /opt/onap/app.jar.

You may sepecif 2 env variable to customize the way you are stating java:

- ENV JAVA_OPTS: by default set to -Xms256m -Xmx1g
- ENV JAVA_SEC_OPTS: empty by default


You can use is by calling:

docker pull nexus3.onap.org:10001/onap/integration-java11:7.1.0

  • No labels

1 Comment

  1. Pamela Dragosh

    Morgan thanks we understand your reasoning for doing the above. It doesn't meet Policy team needs this release and came too late to integrate/test with.

    We started with a base operating system, a slim version as there was a huge effect a few releases ago to create smaller images. We also have both JRE and JDK images for both alpine and debian.

    All we needed was Java11 installed onto the OS, very simple.

    Our docker images are located in docker.io in the ONAP Organization.

    https://hub.docker.com/r/onap/policy-jdk-debian/tags

    https://hub.docker.com/r/onap/policy-jdk-alpine/tags

    https://hub.docker.com/r/onap/policy-jre-alpine/tags

    https://hub.docker.com/r/onap/policy-jre-debian/tags


    We kept the docker images incredibly simple and made sure we tied to a specific release and of course do not run as root, for example:


    FROM alpine:3.11.3


    LABEL maintainer="Policy Team"


    ENV POLICY_HOME=/opt/app/policy


    #

    # When these are done via a single "RUN", I/O errors occur sporadically,

    # thus they have been split into separate RUNs.

    #

    RUN apk update \

        && apk add --no-cache \

            bash \

            busybox-extras \

            coreutils \

            curl \

            findutils \

            grep \

            httpie \

            jq \

            procps \

            py-pip \

            python \

            unzip \

            wget \

            zip


    RUN apk add --no-cache \

            openjdk11-jre \

        && addgroup -S policy \

        && adduser -S  --shell /bin/bash -G policy policy \

        && mkdir -p ${POLICY_HOME}/etc/ssl \

        && chown -R policy:policy ${POLICY_HOME}



    Please note that as of today: https://registry.gitlab.com/onap-integration/docker/onap-java is not accessible - 404 not found.