FW: [ONAP] [Integration] Java11 ONAP docker
From: DRAGOSH, PAM <pdragosh@...>
Sent: Tuesday, January 7, 2020 6:35 AM
To: LEFEVRE, CATHERINE <catherine.lefevre@...>; ATT ONAP_PTL <ATT_ONAP_PTL@...>
Subject: Re: [ONAP] [Integration] Java11 ONAP docker
Please note that openjdk:11-slim is based off of debian:buster-slim.
Does that matter for our projects? I’m not sure yet for policy.
Please find the workaround that Morgan has created to provide Java 11 while LF IT is working on IT-18325
From: onap-discuss@... <onap-discuss@...>
On Behalf Of Morgan Richomme via Lists.Onap.Org
Hi Amy and Pam
as discussed during the PTL meeting yesterday, I generated a dockerfile for java11.
For the moment I do everything in gitlab.com as I do not have the repositories in ONAP.
You can find the code here: https://gitlab.com/onap-integration/docker/onap-java
One of the advantages is that we automatically leverage all the built-in features of gitlab.com (it will take time to do the same from LF repos)
- registry: docker built automatically and available in registry.gitlab.com/onap-integration/docker/onap-java:latest
- CI including several addons such as container_scanning (with klar '2.4.0' and clair 'v2.1.2') or licence verification https://gitlab.com/onap-integration/docker/onap-java/pipelines/107470068
- security scan results: https://gitlab.com/onap-integration/docker/onap-java/security/dashboard/?project_id=15652149&scope=dismissed&page=1&days=90 - 46 vulnearbilities found linked to Debian vulnerabilities which is used by openjdk to build their image (1 high (CVE-2019-18224 in libidn2) , 4 medium, 41 low).
the docker itself is very basic
I started from openjdk11 official slim images (1 layer, 215Mo (compressed))
I added a onap group and an onap user
I created two env variables:
- JAVA_OPTS="-Xms256m -Xmx1g"
so it is possible through env variables to overwrite these values.
I assume that the jar file is put in /opt/onap/app.jar
and I set the entry point as java $JAVA_SEC_OPTS $JAVA_OPTS -jar /opt/$user/app.jar
so if you create your docker from this docker, you in theory needs to copy your jar and it should be OK...to be tested
Any comments/modifications/suggestions on the Dockerfile welcome
The gitlab.com project is under Apache v2 licence and fully Open Source
If you wand to be added as member of the gitlab.com project, do not hesitate.
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.
This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.