diff options
author | liamfallon <liam.fallon@est.tech> | 2023-02-14 11:20:40 +0000 |
---|---|---|
committer | liamfallon <liam.fallon@est.tech> | 2023-02-14 11:52:42 +0000 |
commit | a939e673fcf0769d2404878c0f275081961bb521 (patch) | |
tree | 02e7f7fc05447e63e5e741491e1e6c64e89fcd09 | |
parent | f5a11b0b346df610ffa8d9857956abf113ce6765 (diff) |
Remove integration base images from PF base images
The Docker base image from the integration project is now unmaintained.
We replace the Integration base image by updating our own base image to
work directly off Alpine.
Issue-ID: POLICY-4558
Change-Id: I00097cede2536c88ade3f318479eab309695b41e
Signed-off-by: liamfallon <liam.fallon@est.tech>
-rw-r--r-- | policy-db-migrator/src/main/docker/Dockerfile | 16 | ||||
-rw-r--r-- | policy-jdk/alpine/pom.xml | 96 | ||||
-rw-r--r-- | policy-jdk/alpine/src/main/docker/Dockerfile | 85 | ||||
-rw-r--r-- | policy-jre/alpine/pom.xml | 96 | ||||
-rw-r--r-- | policy-jre/alpine/src/main/docker/Dockerfile | 64 |
5 files changed, 110 insertions, 247 deletions
diff --git a/policy-db-migrator/src/main/docker/Dockerfile b/policy-db-migrator/src/main/docker/Dockerfile index 664649cd..92f45585 100644 --- a/policy-db-migrator/src/main/docker/Dockerfile +++ b/policy-db-migrator/src/main/docker/Dockerfile @@ -1,7 +1,7 @@ #------------------------------------------------------------------------------- # Dockerfile # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +18,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= #------------------------------------------------------------------------------- -FROM onap/policy-jdk-alpine:2.6.1-SNAPSHOT +FROM onap/policy-jre-alpine:2.6.1-SNAPSHOT LABEL maintainer="Policy Team" LABEL org.opencontainers.image.title="Policy db-migrator" @@ -35,10 +35,16 @@ ENV POLICY_ETC /opt/app/policy/etc ENV POLICY_PROFILE /opt/app/policy/etc/profile.d ENV POLICY_BIN /opt/app/policy/bin +USER root RUN apk update && \ - apk add --no-cache mariadb-client && \ - apk add postgresql-client \ - net-tools netcat-openbsd sudo less vim && \ + apk add --no-cache \ + mariadb-client \ + postgresql-client \ + net-tools \ + netcat-openbsd \ + sudo \ + less \ + vim && \ mkdir -p $POLICY_PROFILE $POLICY_BIN && \ chown -R policy:policy $POLICY_ETC $POLICY_BIN diff --git a/policy-jdk/alpine/pom.xml b/policy-jdk/alpine/pom.xml index 69f2c89a..b656b6f8 100644 --- a/policy-jdk/alpine/pom.xml +++ b/policy-jdk/alpine/pom.xml @@ -2,7 +2,7 @@ ============LICENSE_START======================================================= Copyright (C) 2019 Ericsson, Tieto. All rights reserved. Modifications Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - Modifications Copyright (C) 2022 Nordix Foundation. + Modifications Copyright (C) 2022-2023 Nordix Foundation. ================================================================================ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -37,95 +37,8 @@ <properties> <docker.jdk.imagename>onap/policy-jdk-alpine</docker.jdk.imagename> - <integration.python.name>onap/integration-python</integration.python.name> - <integration.python.version>10.1.0</integration.python.version> </properties> - <profiles> - <profile> - <!-- This profile is activated on Apple M1 architecture to generate the ONAP base Java image locally --> - <id>baseImage</id> - <activation> - <os> - <arch>aarch64</arch> - </os> - </activation> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-scm-plugin</artifactId> - <version>1.13.0</version> - <dependencies> - <dependency> - <groupId>org.codehaus.plexus</groupId> - <artifactId>plexus-utils</artifactId> - <version>3.4.2</version> - </dependency> - <dependency> - <groupId>org.apache.maven.scm</groupId> - <artifactId>maven-scm-provider-gitexe</artifactId> - <version>1.13.0</version> - </dependency> - </dependencies> - <configuration> - <connectionType>connection</connectionType> - <checkoutDirectory>src/main/resources/meta</checkoutDirectory> - </configuration> - <executions> - <execution> - <id>checkout-onap-python</id> - <phase>validate</phase> - <configuration> - <connectionUrl>scm:git:https://gerrit.onap.org/r/integration/docker/onap-python</connectionUrl> - <checkoutDirectory>${project.build.directory}/onap-python</checkoutDirectory> - </configuration> - <goals> - <goal>checkout</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>io.fabric8</groupId> - <artifactId>docker-maven-plugin</artifactId> - - <executions> - <execution> - <id>generate-python-image</id> - <phase>initialize</phase> - <configuration> - <verbose>true</verbose> - <apiVersion>1.23</apiVersion> - <pullRegistry>${docker.pull.registry}</pullRegistry> - <pushRegistry>${docker.push.registry}</pushRegistry> - <images> - <image> - <name>${integration.python.name}</name> - <build> - <cleanup>try</cleanup> - <contextDir>${project.build.directory}/onap-python</contextDir> - <dockerFile>Dockerfile</dockerFile> - <tags> - <tag>${integration.python.version}</tag> - <tag>${integration.python.version}-${maven.build.timestamp}</tag> - <tag>${project.docker.latest.minmax.tag.version}</tag> - </tags> - </build> - </image> - </images> - </configuration> - <goals> - <goal>build</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - </profiles> - <build> <finalName>${project.artifactId}-${project.version}</finalName> <plugins> @@ -169,10 +82,6 @@ <tag>${project.version}-${maven.build.timestamp}</tag> <tag>${project.docker.latest.minmax.tag.version}</tag> </tags> - <args> - <INTEGRATION_PYTHON_NAME>${integration.python.name}</INTEGRATION_PYTHON_NAME> - <INTEGRATION_PYTHON_VERSION>${integration.python.version}</INTEGRATION_PYTHON_VERSION> - </args> </build> </image> </images> @@ -205,9 +114,6 @@ <goal>build</goal> <goal>push</goal> </goals> - <configuration> - <image>${docker.jdk.imagename}</image> - </configuration> </execution> </executions> </plugin> diff --git a/policy-jdk/alpine/src/main/docker/Dockerfile b/policy-jdk/alpine/src/main/docker/Dockerfile index a8f84c0c..ab856bf4 100644 --- a/policy-jdk/alpine/src/main/docker/Dockerfile +++ b/policy-jdk/alpine/src/main/docker/Dockerfile @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Tieto. All rights reserved. # Modifications Copyright (C) 2020, 2021 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright (C) 2020, 2022 Nordix Foundation. +# Modifications Copyright (C) 2020, 2022-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,19 +18,11 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= -# Docker file to build a base image for all policy components images -# -# $JAVA_HOME is set to /usr/lib/jvm/java-11-openjdk -# more details at https://hub.docker.com/_/openjdk - -ARG INTEGRATION_PYTHON_NAME=${INTEGRATION_PYTHON_NAME} -ARG INTEGRATION_PYTHON_VERSION=${INTEGRATION_PYTHON_VERSION} - -FROM ${INTEGRATION_PYTHON_NAME}:${INTEGRATION_PYTHON_VERSION} +FROM alpine:3.17 LABEL maintainer="Policy Team" -LABEL org.opencontainers.image.title="Policy JDK Alpine" -LABEL org.opencontainers.image.description="Policy Java 11 JDK image based on Alpine" +LABEL org.opencontainers.image.title="Policy JRE Alpine" +LABEL org.opencontainers.image.description="Policy Java 11 JRE image based on Alpine" LABEL org.opencontainers.image.url="https://github.com/onap/policy-docker" LABEL org.opencontainers.image.vendor="ONAP Policy Team" LABEL org.opencontainers.image.licenses="Apache-2.0" @@ -38,32 +30,61 @@ LABEL org.opencontainers.image.created="${git.build.time}" LABEL org.opencontainers.image.version="${git.build.version}" LABEL org.opencontainers.image.revision="${git.commit.id.abbrev}" +ENV JAVA_HOME /usr/lib/jvm/default-jvm +ENV JAVA_OPTS="-Xms256m -Xmx1g" +ENV JAVA_SEC_OPTS="" +ENV PYTHONUNBUFFERED=1 ENV POLICY_HOME=/opt/app/policy +ENV PATH $JAVA_HOME/bin:$PATH + +ARG user=onap +ARG group=onap -USER root +# Default to UTF-8 file.encoding +ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' -RUN rm -rf /opt/java/openjdk \ - && mkdir -p /opt/java/openjdk \ - && mkdir -p /usr/lib/jvm/ \ - && ln -s /opt/java/openjdk /usr/lib/jvm/java-11-openjdk \ - && apk update \ - && apk add --no-cache \ +# Generic additions +RUN apk add --no-cache \ + libretls \ + musl-locales \ + musl-locales-lang \ + openjdk11-jdk \ + openssl \ + ca-certificates && \ + rm -rf /var/cache/apk/* && \ +# ONAP additions + addgroup -S $group && \ + adduser -G $group -D $user && \ + mkdir /var/log/$user && \ + mkdir /app && \ + chown -R $user:$group /var/log/$user && \ + chown -R $user:$group /app && \ +# Policy Framework additions + apk update && \ + apk add --no-cache \ busybox-extras \ curl \ jq \ procps \ unzip \ zip \ - openjdk11 \ - && curl --fail --silent --show-error --retry 3 \ - --output /tmp/apache-maven-3.6.3-bin.tar.gz \ - https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz \ - && tar zxC /usr/share </tmp/apache-maven-3.6.3-bin.tar.gz \ - && chown -R root:root /usr/share/apache-maven-3.6.3 \ - && ln -s /usr/share/apache-maven-3.6.3/bin/mvn /usr/bin/mvn \ - && rm -f /tmp/apache-maven-3.6.3-bin.tar.gz \ - && addgroup -S policy \ - && adduser -S --shell /bin/sh -G policy policy \ - && mkdir -p ${POLICY_HOME}/ \ - && chown policy:policy ${POLICY_HOME} \ - && pip install --upgrade pip==22.0.3 + python3 && \ + rm -rf /var/cache/apk/* && \ + addgroup -S policy && \ + adduser -S --shell /bin/sh -G policy policy && \ + mkdir -p ${POLICY_HOME}/ && \ + chown policy:policy ${POLICY_HOME} && \ + mkdir -p /usr/lib/jvm/ && \ + ln -s /opt/java/openjdk /usr/lib/jvm/default-jvm && \ + python3 -m ensurepip && \ + pip3 install --no-cache --upgrade pip setuptools + +# Install python/pip +RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python +RUN python3 -m ensurepip +RUN pip3 install --no-cache --upgrade pip setuptools + + +# Tell docker that all future commands should be run as the onap user +USER $user +WORKDIR /app diff --git a/policy-jre/alpine/pom.xml b/policy-jre/alpine/pom.xml index 21305758..1a1574bc 100644 --- a/policy-jre/alpine/pom.xml +++ b/policy-jre/alpine/pom.xml @@ -2,7 +2,7 @@ ============LICENSE_START======================================================= Copyright (C) 2019 Ericsson, Tieto. All rights reserved. Modifications Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - Modifications Copyright (C) 2022 Nordix Foundation. + Modifications Copyright (C) 2022-2023 Nordix Foundation. ================================================================================ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -37,95 +37,8 @@ <properties> <docker.jre.imagename>onap/policy-jre-alpine</docker.jre.imagename> - <integration.java.name>onap/integration-java11</integration.java.name> - <integration.java.version>9.0.0</integration.java.version> </properties> - <profiles> - <profile> - <!-- This profile is activated on Apple M1 architecture to generate the ONAP base images locally --> - <id>baseImage</id> - <activation> - <os> - <arch>aarch64</arch> - </os> - </activation> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-scm-plugin</artifactId> - <version>1.13.0</version> - <dependencies> - <dependency> - <groupId>org.codehaus.plexus</groupId> - <artifactId>plexus-utils</artifactId> - <version>3.4.2</version> - </dependency> - <dependency> - <groupId>org.apache.maven.scm</groupId> - <artifactId>maven-scm-provider-gitexe</artifactId> - <version>1.13.0</version> - </dependency> - </dependencies> - <configuration> - <connectionType>connection</connectionType> - <checkoutDirectory>src/main/resources/meta</checkoutDirectory> - </configuration> - <executions> - <execution> - <id>checkout-onap-python</id> - <phase>validate</phase> - <configuration> - <connectionUrl>scm:git:https://gerrit.onap.org/r/integration/docker/onap-java11</connectionUrl> - <checkoutDirectory>${project.build.directory}/onap-java11</checkoutDirectory> - </configuration> - <goals> - <goal>checkout</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>io.fabric8</groupId> - <artifactId>docker-maven-plugin</artifactId> - - <executions> - <execution> - <id>generate-base-image</id> - <phase>initialize</phase> - <configuration> - <verbose>true</verbose> - <apiVersion>1.23</apiVersion> - <pullRegistry>${docker.pull.registry}</pullRegistry> - <pushRegistry>${docker.push.registry}</pushRegistry> - <images> - <image> - <name>${integration.java.name}</name> - <build> - <cleanup>try</cleanup> - <contextDir>${project.build.directory}/onap-java11</contextDir> - <dockerFile>BareAlpine.Dockerfile</dockerFile> - <tags> - <tag>${integration.java.version}</tag> - <tag>${integration.java.version}-${maven.build.timestamp}</tag> - <tag>${project.docker.latest.minmax.tag.version}</tag> - </tags> - </build> - </image> - </images> - </configuration> - <goals> - <goal>build</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - </profiles> - <build> <finalName>${project.artifactId}-${project.version}</finalName> <plugins> @@ -169,10 +82,6 @@ <tag>${project.version}-${maven.build.timestamp}</tag> <tag>${project.docker.latest.minmax.tag.version}</tag> </tags> - <args> - <INTEGRATION_JAVA_NAME>${integration.java.name}</INTEGRATION_JAVA_NAME> - <INTEGRATION_JAVA_VERSION>${integration.java.version}</INTEGRATION_JAVA_VERSION> - </args> </build> </image> </images> @@ -205,9 +114,6 @@ <goal>build</goal> <goal>push</goal> </goals> - <configuration> - <image>${docker.jre.imagename}</image> - </configuration> </execution> </executions> </plugin> diff --git a/policy-jre/alpine/src/main/docker/Dockerfile b/policy-jre/alpine/src/main/docker/Dockerfile index d4fed90c..f1bf2496 100644 --- a/policy-jre/alpine/src/main/docker/Dockerfile +++ b/policy-jre/alpine/src/main/docker/Dockerfile @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Tieto. All rights reserved. # Modifications Copyright (C) 2020, 2021 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright (C) 2020, 2022 Nordix Foundation. +# Modifications Copyright (C) 2020, 2022-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,15 +18,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= -# Docker file to build a base image for all policy components images -# -# $JAVA_HOME is set to /usr/lib/jvm/java-11-openjdk -# more details at https://hub.docker.com/_/openjdk - -ARG INTEGRATION_JAVA_NAME=${INTEGRATION_JAVA_NAME} -ARG INTEGRATION_JAVA_VERSION=${INTEGRATION_JAVA_VERSION} - -FROM ${INTEGRATION_JAVA_NAME}:${INTEGRATION_JAVA_VERSION} +FROM alpine:3.17 LABEL maintainer="Policy Team" LABEL org.opencontainers.image.title="Policy JRE Alpine" @@ -38,21 +30,53 @@ LABEL org.opencontainers.image.created="${git.build.time}" LABEL org.opencontainers.image.version="${git.build.version}" LABEL org.opencontainers.image.revision="${git.commit.id.abbrev}" +ENV JAVA_HOME /usr/lib/jvm/default-jvm +ENV JAVA_OPTS="-Xms256m -Xmx1g" +ENV JAVA_SEC_OPTS="" ENV POLICY_HOME=/opt/app/policy +ENV PATH $JAVA_HOME/bin:$PATH -USER root +ARG user=onap +ARG group=onap -RUN apk update \ - && apk add --no-cache \ +# Default to UTF-8 file.encoding +ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' + +# Generic additions +RUN apk add --no-cache \ + libretls \ + musl-locales \ + musl-locales-lang \ + openjdk11-jre \ + openssl \ + ca-certificates && \ + rm -rf /var/cache/apk/* && \ +# ONAP additions + addgroup -S $group && \ + adduser -G $group -D $user && \ + mkdir /var/log/$user && \ + mkdir /app && \ + chown -R $user:$group /var/log/$user && \ + chown -R $user:$group /app && \ +# Policy Framework additions + apk update && \ + apk add --no-cache \ busybox-extras \ curl \ jq \ procps \ unzip \ - zip \ - && addgroup -S policy \ - && adduser -S --shell /bin/sh -G policy policy \ - && mkdir -p ${POLICY_HOME}/ \ - && chown policy:policy ${POLICY_HOME} \ - && mkdir -p /usr/lib/jvm/ \ - && ln -s /opt/java/openjdk /usr/lib/jvm/java-11-openjdk + zip && \ + rm -rf /var/cache/apk/* && \ + addgroup -S policy && \ + adduser -S --shell /bin/sh -G policy policy && \ + mkdir -p ${POLICY_HOME}/ && \ + chown policy:policy ${POLICY_HOME} && \ + mkdir -p /usr/lib/jvm/ && \ + ln -s /opt/java/openjdk /usr/lib/jvm/default-jvm + +# Tell docker that all future commands should be run as the onap user +USER $user +WORKDIR /app + +ENTRYPOINT exec java $JAVA_SEC_OPTS $JAVA_OPTS -jar /app/app.jar |