Moving from java 8 to java 11 is a security key priority.
The integration project created a java 11 baseline image including a user and a group ONAP (to avoid running the container as root).
This image can be found at https://gitlab.com/onap-integration/docker/onap-java/
When you create your docker from this docker you need to copy your jar file under /opt/onap/app.jar.
You may sepecif 2 env variable to customize the way you are stating java:
- ENV JAVA_OPTS: by default set to -Xms256m -Xmx1g
- ENV JAVA_SEC_OPTS: empty by default
The Docker file can be found at:https://gitlab.com/onap-integration/docker/onap-java/-/blob/master/Dockerfile
This image is based on the official openjdk image openjdk:11.0.5-jre-slim
The image is available in the gitlab.com built-in registry: registry.gitlab.com/onap-integration/docker/onap-java
The image is rebuilt everyday (to include possible vulnerability fixes from upstream).
A tag latest and frankfurt have been set.
Please note that moving from the 11.0.5 to the 11.0.6 removed all the criticial vulnerabilities.
No "official" image for Java 11 was available for Alpines, so it was decided to use a light official image (based on Debian slim). Alpines official images are dealing with java 8 then java 13, 14 and 15.