Moving from java 8 to java 11 is a security key priority.
The integration project created a A java 11 baseline image including a user and a group ONAP (to avoid running the container as root).
This image can be found at https://gitlab.com/onap-integration/docker/onap-java/
When you create your docker from this docker you image is available in the nexus.
| Version | |
|---|---|
| 7.0.1 | based on alpine, this base image provides a 11.0.8 jre. it is GPL v3 free If you add packages, pay attention not to add GPLv3 packages user: onap, group: onap ou need to copy your jar file under /app/app.jar. It is the recommended solution for Guilin. |
| 7.0.0 | based on debian, this image provides a 11.0.6 jre It is not GPLv3 free. It is now deprecated. user: onap, group: onap ou need to copy your jar file under /opt/onap/app.jar. |
You may sepecif 2 env variable to customize the way you are stating java:
...
- ENV JAVA_OPTS: by default set to -Xms256m -Xmx1g
...
- ENV JAVA_SEC_OPTS: empty by default
The Docker file can be found at:https://gitlab.com/onap-integration/docker/onap-java/-/blob/master/Dockerfile
This image is based on the official openjdk image openjdk:11.0.5-jre-slim
The image is available in the gitlab.com built-in registry: registry.gitlab.com/onap-integration/docker/onap-java
The image is rebuilt everyday (to include possible vulnerability fixes from upstream).
A tag latest and frankfurt have been set.
Please note that moving from the 11.0.5 to the 11.0.6 removed all the criticial vulnerabilities.
...
You can use is by calling:
docker pull nexus3.onap.org:10001/onap/integration-java11:7.1.0