The Docker base image from the integration project is now unmaintained.
We replace the Integration base image by updating our own base image to
work directly off Alpine.
Issue-ID: POLICY-4558
Change-Id: I00097cede2536c88ade3f318479eab309695b41e
Signed-off-by: liamfallon <liam.fallon@est.tech>
#-------------------------------------------------------------------------------
# Dockerfile
# ============LICENSE_START=======================================================
-# Copyright (C) 2021-2022 Nordix Foundation.
+# Copyright (C) 2021-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#-------------------------------------------------------------------------------
-FROM onap/policy-jdk-alpine:2.6.1-SNAPSHOT
+FROM onap/policy-jre-alpine:2.6.1-SNAPSHOT
LABEL maintainer="Policy Team"
LABEL org.opencontainers.image.title="Policy db-migrator"
ENV POLICY_PROFILE /opt/app/policy/etc/profile.d
ENV POLICY_BIN /opt/app/policy/bin
+USER root
RUN apk update && \
- apk add --no-cache mariadb-client && \
- apk add postgresql-client \
- net-tools netcat-openbsd sudo less vim && \
+ apk add --no-cache \
+ mariadb-client \
+ postgresql-client \
+ net-tools \
+ netcat-openbsd \
+ sudo \
+ less \
+ vim && \
mkdir -p $POLICY_PROFILE $POLICY_BIN && \
chown -R policy:policy $POLICY_ETC $POLICY_BIN
============LICENSE_START=======================================================
Copyright (C) 2019 Ericsson, Tieto. All rights reserved.
Modifications Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
- Modifications Copyright (C) 2022 Nordix Foundation.
+ Modifications Copyright (C) 2022-2023 Nordix Foundation.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
<properties>
<docker.jdk.imagename>onap/policy-jdk-alpine</docker.jdk.imagename>
- <integration.python.name>onap/integration-python</integration.python.name>
- <integration.python.version>10.1.0</integration.python.version>
</properties>
- <profiles>
- <profile>
- <!-- This profile is activated on Apple M1 architecture to generate the ONAP base Java image locally -->
- <id>baseImage</id>
- <activation>
- <os>
- <arch>aarch64</arch>
- </os>
- </activation>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-scm-plugin</artifactId>
- <version>1.13.0</version>
- <dependencies>
- <dependency>
- <groupId>org.codehaus.plexus</groupId>
- <artifactId>plexus-utils</artifactId>
- <version>3.4.2</version>
- </dependency>
- <dependency>
- <groupId>org.apache.maven.scm</groupId>
- <artifactId>maven-scm-provider-gitexe</artifactId>
- <version>1.13.0</version>
- </dependency>
- </dependencies>
- <configuration>
- <connectionType>connection</connectionType>
- <checkoutDirectory>src/main/resources/meta</checkoutDirectory>
- </configuration>
- <executions>
- <execution>
- <id>checkout-onap-python</id>
- <phase>validate</phase>
- <configuration>
- <connectionUrl>scm:git:https://gerrit.onap.org/r/integration/docker/onap-python</connectionUrl>
- <checkoutDirectory>${project.build.directory}/onap-python</checkoutDirectory>
- </configuration>
- <goals>
- <goal>checkout</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>io.fabric8</groupId>
- <artifactId>docker-maven-plugin</artifactId>
-
- <executions>
- <execution>
- <id>generate-python-image</id>
- <phase>initialize</phase>
- <configuration>
- <verbose>true</verbose>
- <apiVersion>1.23</apiVersion>
- <pullRegistry>${docker.pull.registry}</pullRegistry>
- <pushRegistry>${docker.push.registry}</pushRegistry>
- <images>
- <image>
- <name>${integration.python.name}</name>
- <build>
- <cleanup>try</cleanup>
- <contextDir>${project.build.directory}/onap-python</contextDir>
- <dockerFile>Dockerfile</dockerFile>
- <tags>
- <tag>${integration.python.version}</tag>
- <tag>${integration.python.version}-${maven.build.timestamp}</tag>
- <tag>${project.docker.latest.minmax.tag.version}</tag>
- </tags>
- </build>
- </image>
- </images>
- </configuration>
- <goals>
- <goal>build</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- </profile>
- </profiles>
-
<build>
<finalName>${project.artifactId}-${project.version}</finalName>
<plugins>
<tag>${project.version}-${maven.build.timestamp}</tag>
<tag>${project.docker.latest.minmax.tag.version}</tag>
</tags>
- <args>
- <INTEGRATION_PYTHON_NAME>${integration.python.name}</INTEGRATION_PYTHON_NAME>
- <INTEGRATION_PYTHON_VERSION>${integration.python.version}</INTEGRATION_PYTHON_VERSION>
- </args>
</build>
</image>
</images>
<goal>build</goal>
<goal>push</goal>
</goals>
- <configuration>
- <image>${docker.jdk.imagename}</image>
- </configuration>
</execution>
</executions>
</plugin>
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Tieto. All rights reserved.
# Modifications Copyright (C) 2020, 2021 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright (C) 2020, 2022 Nordix Foundation.
+# Modifications Copyright (C) 2020, 2022-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-# Docker file to build a base image for all policy components images
-#
-# $JAVA_HOME is set to /usr/lib/jvm/java-11-openjdk
-# more details at https://hub.docker.com/_/openjdk
-
-ARG INTEGRATION_PYTHON_NAME=${INTEGRATION_PYTHON_NAME}
-ARG INTEGRATION_PYTHON_VERSION=${INTEGRATION_PYTHON_VERSION}
-
-FROM ${INTEGRATION_PYTHON_NAME}:${INTEGRATION_PYTHON_VERSION}
+FROM alpine:3.17
LABEL maintainer="Policy Team"
-LABEL org.opencontainers.image.title="Policy JDK Alpine"
-LABEL org.opencontainers.image.description="Policy Java 11 JDK image based on Alpine"
+LABEL org.opencontainers.image.title="Policy JRE Alpine"
+LABEL org.opencontainers.image.description="Policy Java 11 JRE image based on Alpine"
LABEL org.opencontainers.image.url="https://github.com/onap/policy-docker"
LABEL org.opencontainers.image.vendor="ONAP Policy Team"
LABEL org.opencontainers.image.licenses="Apache-2.0"
LABEL org.opencontainers.image.version="${git.build.version}"
LABEL org.opencontainers.image.revision="${git.commit.id.abbrev}"
+ENV JAVA_HOME /usr/lib/jvm/default-jvm
+ENV JAVA_OPTS="-Xms256m -Xmx1g"
+ENV JAVA_SEC_OPTS=""
+ENV PYTHONUNBUFFERED=1
ENV POLICY_HOME=/opt/app/policy
+ENV PATH $JAVA_HOME/bin:$PATH
+
+ARG user=onap
+ARG group=onap
-USER root
+# Default to UTF-8 file.encoding
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
-RUN rm -rf /opt/java/openjdk \
- && mkdir -p /opt/java/openjdk \
- && mkdir -p /usr/lib/jvm/ \
- && ln -s /opt/java/openjdk /usr/lib/jvm/java-11-openjdk \
- && apk update \
- && apk add --no-cache \
+# Generic additions
+RUN apk add --no-cache \
+ libretls \
+ musl-locales \
+ musl-locales-lang \
+ openjdk11-jdk \
+ openssl \
+ ca-certificates && \
+ rm -rf /var/cache/apk/* && \
+# ONAP additions
+ addgroup -S $group && \
+ adduser -G $group -D $user && \
+ mkdir /var/log/$user && \
+ mkdir /app && \
+ chown -R $user:$group /var/log/$user && \
+ chown -R $user:$group /app && \
+# Policy Framework additions
+ apk update && \
+ apk add --no-cache \
busybox-extras \
curl \
jq \
procps \
unzip \
zip \
- openjdk11 \
- && curl --fail --silent --show-error --retry 3 \
- --output /tmp/apache-maven-3.6.3-bin.tar.gz \
- https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz \
- && tar zxC /usr/share </tmp/apache-maven-3.6.3-bin.tar.gz \
- && chown -R root:root /usr/share/apache-maven-3.6.3 \
- && ln -s /usr/share/apache-maven-3.6.3/bin/mvn /usr/bin/mvn \
- && rm -f /tmp/apache-maven-3.6.3-bin.tar.gz \
- && addgroup -S policy \
- && adduser -S --shell /bin/sh -G policy policy \
- && mkdir -p ${POLICY_HOME}/ \
- && chown policy:policy ${POLICY_HOME} \
- && pip install --upgrade pip==22.0.3
+ python3 && \
+ rm -rf /var/cache/apk/* && \
+ addgroup -S policy && \
+ adduser -S --shell /bin/sh -G policy policy && \
+ mkdir -p ${POLICY_HOME}/ && \
+ chown policy:policy ${POLICY_HOME} && \
+ mkdir -p /usr/lib/jvm/ && \
+ ln -s /opt/java/openjdk /usr/lib/jvm/default-jvm && \
+ python3 -m ensurepip && \
+ pip3 install --no-cache --upgrade pip setuptools
+
+# Install python/pip
+RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python
+RUN python3 -m ensurepip
+RUN pip3 install --no-cache --upgrade pip setuptools
+
+
+# Tell docker that all future commands should be run as the onap user
+USER $user
+WORKDIR /app
============LICENSE_START=======================================================
Copyright (C) 2019 Ericsson, Tieto. All rights reserved.
Modifications Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
- Modifications Copyright (C) 2022 Nordix Foundation.
+ Modifications Copyright (C) 2022-2023 Nordix Foundation.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
<properties>
<docker.jre.imagename>onap/policy-jre-alpine</docker.jre.imagename>
- <integration.java.name>onap/integration-java11</integration.java.name>
- <integration.java.version>9.0.0</integration.java.version>
</properties>
- <profiles>
- <profile>
- <!-- This profile is activated on Apple M1 architecture to generate the ONAP base images locally -->
- <id>baseImage</id>
- <activation>
- <os>
- <arch>aarch64</arch>
- </os>
- </activation>
- <build>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-scm-plugin</artifactId>
- <version>1.13.0</version>
- <dependencies>
- <dependency>
- <groupId>org.codehaus.plexus</groupId>
- <artifactId>plexus-utils</artifactId>
- <version>3.4.2</version>
- </dependency>
- <dependency>
- <groupId>org.apache.maven.scm</groupId>
- <artifactId>maven-scm-provider-gitexe</artifactId>
- <version>1.13.0</version>
- </dependency>
- </dependencies>
- <configuration>
- <connectionType>connection</connectionType>
- <checkoutDirectory>src/main/resources/meta</checkoutDirectory>
- </configuration>
- <executions>
- <execution>
- <id>checkout-onap-python</id>
- <phase>validate</phase>
- <configuration>
- <connectionUrl>scm:git:https://gerrit.onap.org/r/integration/docker/onap-java11</connectionUrl>
- <checkoutDirectory>${project.build.directory}/onap-java11</checkoutDirectory>
- </configuration>
- <goals>
- <goal>checkout</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
- <groupId>io.fabric8</groupId>
- <artifactId>docker-maven-plugin</artifactId>
-
- <executions>
- <execution>
- <id>generate-base-image</id>
- <phase>initialize</phase>
- <configuration>
- <verbose>true</verbose>
- <apiVersion>1.23</apiVersion>
- <pullRegistry>${docker.pull.registry}</pullRegistry>
- <pushRegistry>${docker.push.registry}</pushRegistry>
- <images>
- <image>
- <name>${integration.java.name}</name>
- <build>
- <cleanup>try</cleanup>
- <contextDir>${project.build.directory}/onap-java11</contextDir>
- <dockerFile>BareAlpine.Dockerfile</dockerFile>
- <tags>
- <tag>${integration.java.version}</tag>
- <tag>${integration.java.version}-${maven.build.timestamp}</tag>
- <tag>${project.docker.latest.minmax.tag.version}</tag>
- </tags>
- </build>
- </image>
- </images>
- </configuration>
- <goals>
- <goal>build</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- </plugins>
- </build>
- </profile>
- </profiles>
-
<build>
<finalName>${project.artifactId}-${project.version}</finalName>
<plugins>
<tag>${project.version}-${maven.build.timestamp}</tag>
<tag>${project.docker.latest.minmax.tag.version}</tag>
</tags>
- <args>
- <INTEGRATION_JAVA_NAME>${integration.java.name}</INTEGRATION_JAVA_NAME>
- <INTEGRATION_JAVA_VERSION>${integration.java.version}</INTEGRATION_JAVA_VERSION>
- </args>
</build>
</image>
</images>
<goal>build</goal>
<goal>push</goal>
</goals>
- <configuration>
- <image>${docker.jre.imagename}</image>
- </configuration>
</execution>
</executions>
</plugin>
# ============LICENSE_START=======================================================
# Copyright (C) 2019 Tieto. All rights reserved.
# Modifications Copyright (C) 2020, 2021 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright (C) 2020, 2022 Nordix Foundation.
+# Modifications Copyright (C) 2020, 2022-2023 Nordix Foundation.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
-# Docker file to build a base image for all policy components images
-#
-# $JAVA_HOME is set to /usr/lib/jvm/java-11-openjdk
-# more details at https://hub.docker.com/_/openjdk
-
-ARG INTEGRATION_JAVA_NAME=${INTEGRATION_JAVA_NAME}
-ARG INTEGRATION_JAVA_VERSION=${INTEGRATION_JAVA_VERSION}
-
-FROM ${INTEGRATION_JAVA_NAME}:${INTEGRATION_JAVA_VERSION}
+FROM alpine:3.17
LABEL maintainer="Policy Team"
LABEL org.opencontainers.image.title="Policy JRE Alpine"
LABEL org.opencontainers.image.version="${git.build.version}"
LABEL org.opencontainers.image.revision="${git.commit.id.abbrev}"
+ENV JAVA_HOME /usr/lib/jvm/default-jvm
+ENV JAVA_OPTS="-Xms256m -Xmx1g"
+ENV JAVA_SEC_OPTS=""
ENV POLICY_HOME=/opt/app/policy
+ENV PATH $JAVA_HOME/bin:$PATH
-USER root
+ARG user=onap
+ARG group=onap
-RUN apk update \
- && apk add --no-cache \
+# Default to UTF-8 file.encoding
+ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
+
+# Generic additions
+RUN apk add --no-cache \
+ libretls \
+ musl-locales \
+ musl-locales-lang \
+ openjdk11-jre \
+ openssl \
+ ca-certificates && \
+ rm -rf /var/cache/apk/* && \
+# ONAP additions
+ addgroup -S $group && \
+ adduser -G $group -D $user && \
+ mkdir /var/log/$user && \
+ mkdir /app && \
+ chown -R $user:$group /var/log/$user && \
+ chown -R $user:$group /app && \
+# Policy Framework additions
+ apk update && \
+ apk add --no-cache \
busybox-extras \
curl \
jq \
procps \
unzip \
- zip \
- && addgroup -S policy \
- && adduser -S --shell /bin/sh -G policy policy \
- && mkdir -p ${POLICY_HOME}/ \
- && chown policy:policy ${POLICY_HOME} \
- && mkdir -p /usr/lib/jvm/ \
- && ln -s /opt/java/openjdk /usr/lib/jvm/java-11-openjdk
+ zip && \
+ rm -rf /var/cache/apk/* && \
+ addgroup -S policy && \
+ adduser -S --shell /bin/sh -G policy policy && \
+ mkdir -p ${POLICY_HOME}/ && \
+ chown policy:policy ${POLICY_HOME} && \
+ mkdir -p /usr/lib/jvm/ && \
+ ln -s /opt/java/openjdk /usr/lib/jvm/default-jvm
+
+# Tell docker that all future commands should be run as the onap user
+USER $user
+WORKDIR /app
+
+ENTRYPOINT exec java $JAVA_SEC_OPTS $JAVA_OPTS -jar /app/app.jar
Code Review / policy / docker.git / commitdiff