diff options
-rw-r--r-- | policy-db-migrator/src/main/docker/Dockerfile | 16 | ||||
-rw-r--r-- | policy-jdk/alpine/pom.xml | 96 | ||||
-rw-r--r-- | policy-jdk/alpine/src/main/docker/Dockerfile | 85 | ||||
-rw-r--r-- | policy-jre/alpine/pom.xml | 96 | ||||
-rw-r--r-- | policy-jre/alpine/src/main/docker/Dockerfile | 64 |
5 files changed, 110 insertions, 247 deletions
diff --git a/policy-db-migrator/src/main/docker/Dockerfile b/policy-db-migrator/src/main/docker/Dockerfile index 664649cd..92f45585 100644 --- a/policy-db-migrator/src/main/docker/Dockerfile +++ b/policy-db-migrator/src/main/docker/Dockerfile @@ -1,7 +1,7 @@ #------------------------------------------------------------------------------- # Dockerfile # ============LICENSE_START======================================================= -# Copyright (C) 2021-2022 Nordix Foundation. +# Copyright (C) 2021-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +18,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= #------------------------------------------------------------------------------- -FROM onap/policy-jdk-alpine:2.6.1-SNAPSHOT +FROM onap/policy-jre-alpine:2.6.1-SNAPSHOT LABEL maintainer="Policy Team" LABEL org.opencontainers.image.title="Policy db-migrator" @@ -35,10 +35,16 @@ ENV POLICY_ETC /opt/app/policy/etc ENV POLICY_PROFILE /opt/app/policy/etc/profile.d ENV POLICY_BIN /opt/app/policy/bin +USER root RUN apk update && \ - apk add --no-cache mariadb-client && \ - apk add postgresql-client \ - net-tools netcat-openbsd sudo less vim && \ + apk add --no-cache \ + mariadb-client \ + postgresql-client \ + net-tools \ + netcat-openbsd \ + sudo \ + less \ + vim && \ mkdir -p $POLICY_PROFILE $POLICY_BIN && \ chown -R policy:policy $POLICY_ETC $POLICY_BIN diff --git a/policy-jdk/alpine/pom.xml b/policy-jdk/alpine/pom.xml index 69f2c89a..b656b6f8 100644 --- a/policy-jdk/alpine/pom.xml +++ b/policy-jdk/alpine/pom.xml @@ -2,7 +2,7 @@ ============LICENSE_START======================================================= Copyright (C) 2019 Ericsson, Tieto. All rights reserved. Modifications Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - Modifications Copyright (C) 2022 Nordix Foundation. + Modifications Copyright (C) 2022-2023 Nordix Foundation. ================================================================================ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -37,95 +37,8 @@ <properties> <docker.jdk.imagename>onap/policy-jdk-alpine</docker.jdk.imagename> - <integration.python.name>onap/integration-python</integration.python.name> - <integration.python.version>10.1.0</integration.python.version> </properties> - <profiles> - <profile> - <!-- This profile is activated on Apple M1 architecture to generate the ONAP base Java image locally --> - <id>baseImage</id> - <activation> - <os> - <arch>aarch64</arch> - </os> - </activation> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-scm-plugin</artifactId> - <version>1.13.0</version> - <dependencies> - <dependency> - <groupId>org.codehaus.plexus</groupId> - <artifactId>plexus-utils</artifactId> - <version>3.4.2</version> - </dependency> - <dependency> - <groupId>org.apache.maven.scm</groupId> - <artifactId>maven-scm-provider-gitexe</artifactId> - <version>1.13.0</version> - </dependency> - </dependencies> - <configuration> - <connectionType>connection</connectionType> - <checkoutDirectory>src/main/resources/meta</checkoutDirectory> - </configuration> - <executions> - <execution> - <id>checkout-onap-python</id> - <phase>validate</phase> - <configuration> - <connectionUrl>scm:git:https://gerrit.onap.org/r/integration/docker/onap-python</connectionUrl> - <checkoutDirectory>${project.build.directory}/onap-python</checkoutDirectory> - </configuration> - <goals> - <goal>checkout</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>io.fabric8</groupId> - <artifactId>docker-maven-plugin</artifactId> - - <executions> - <execution> - <id>generate-python-image</id> - <phase>initialize</phase> - <configuration> - <verbose>true</verbose> - <apiVersion>1.23</apiVersion> - <pullRegistry>${docker.pull.registry}</pullRegistry> - <pushRegistry>${docker.push.registry}</pushRegistry> - <images> - <image> - <name>${integration.python.name}</name> - <build> - <cleanup>try</cleanup> - <contextDir>${project.build.directory}/onap-python</contextDir> - <dockerFile>Dockerfile</dockerFile> - <tags> - <tag>${integration.python.version}</tag> - <tag>${integration.python.version}-${maven.build.timestamp}</tag> - <tag>${project.docker.latest.minmax.tag.version}</tag> - </tags> - </build> - </image> - </images> - </configuration> - <goals> - <goal>build</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - </profiles> - <build> <finalName>${project.artifactId}-${project.version}</finalName> <plugins> @@ -169,10 +82,6 @@ <tag>${project.version}-${maven.build.timestamp}</tag> <tag>${project.docker.latest.minmax.tag.version}</tag> </tags> - <args> - <INTEGRATION_PYTHON_NAME>${integration.python.name}</INTEGRATION_PYTHON_NAME> - <INTEGRATION_PYTHON_VERSION>${integration.python.version}</INTEGRATION_PYTHON_VERSION> - </args> </build> </image> </images> @@ -205,9 +114,6 @@ <goal>build</goal> <goal>push</goal> </goals> - <configuration> - <image>${docker.jdk.imagename}</image> - </configuration> </execution> </executions> </plugin> diff --git a/policy-jdk/alpine/src/main/docker/Dockerfile b/policy-jdk/alpine/src/main/docker/Dockerfile index a8f84c0c..ab856bf4 100644 --- a/policy-jdk/alpine/src/main/docker/Dockerfile +++ b/policy-jdk/alpine/src/main/docker/Dockerfile @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Tieto. All rights reserved. # Modifications Copyright (C) 2020, 2021 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright (C) 2020, 2022 Nordix Foundation. +# Modifications Copyright (C) 2020, 2022-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,19 +18,11 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= -# Docker file to build a base image for all policy components images -# -# $JAVA_HOME is set to /usr/lib/jvm/java-11-openjdk -# more details at https://hub.docker.com/_/openjdk - -ARG INTEGRATION_PYTHON_NAME=${INTEGRATION_PYTHON_NAME} -ARG INTEGRATION_PYTHON_VERSION=${INTEGRATION_PYTHON_VERSION} - -FROM ${INTEGRATION_PYTHON_NAME}:${INTEGRATION_PYTHON_VERSION} +FROM alpine:3.17 LABEL maintainer="Policy Team" -LABEL org.opencontainers.image.title="Policy JDK Alpine" -LABEL org.opencontainers.image.description="Policy Java 11 JDK image based on Alpine" +LABEL org.opencontainers.image.title="Policy JRE Alpine" +LABEL org.opencontainers.image.description="Policy Java 11 JRE image based on Alpine" LABEL org.opencontainers.image.url="https://github.com/onap/policy-docker" LABEL org.opencontainers.image.vendor="ONAP Policy Team" LABEL org.opencontainers.image.licenses="Apache-2.0" @@ -38,32 +30,61 @@ LABEL org.opencontainers.image.created="${git.build.time}" LABEL org.opencontainers.image.version="${git.build.version}" LABEL org.opencontainers.image.revision="${git.commit.id.abbrev}" +ENV JAVA_HOME /usr/lib/jvm/default-jvm +ENV JAVA_OPTS="-Xms256m -Xmx1g" +ENV JAVA_SEC_OPTS="" +ENV PYTHONUNBUFFERED=1 ENV POLICY_HOME=/opt/app/policy +ENV PATH $JAVA_HOME/bin:$PATH + +ARG user=onap +ARG group=onap -USER root +# Default to UTF-8 file.encoding +ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' -RUN rm -rf /opt/java/openjdk \ - && mkdir -p /opt/java/openjdk \ - && mkdir -p /usr/lib/jvm/ \ - && ln -s /opt/java/openjdk /usr/lib/jvm/java-11-openjdk \ - && apk update \ - && apk add --no-cache \ +# Generic additions +RUN apk add --no-cache \ + libretls \ + musl-locales \ + musl-locales-lang \ + openjdk11-jdk \ + openssl \ + ca-certificates && \ + rm -rf /var/cache/apk/* && \ +# ONAP additions + addgroup -S $group && \ + adduser -G $group -D $user && \ + mkdir /var/log/$user && \ + mkdir /app && \ + chown -R $user:$group /var/log/$user && \ + chown -R $user:$group /app && \ +# Policy Framework additions + apk update && \ + apk add --no-cache \ busybox-extras \ curl \ jq \ procps \ unzip \ zip \ - openjdk11 \ - && curl --fail --silent --show-error --retry 3 \ - --output /tmp/apache-maven-3.6.3-bin.tar.gz \ - https://downloads.apache.org/maven/maven-3/3.6.3/binaries/apache-maven-3.6.3-bin.tar.gz \ - && tar zxC /usr/share </tmp/apache-maven-3.6.3-bin.tar.gz \ - && chown -R root:root /usr/share/apache-maven-3.6.3 \ - && ln -s /usr/share/apache-maven-3.6.3/bin/mvn /usr/bin/mvn \ - && rm -f /tmp/apache-maven-3.6.3-bin.tar.gz \ - && addgroup -S policy \ - && adduser -S --shell /bin/sh -G policy policy \ - && mkdir -p ${POLICY_HOME}/ \ - && chown policy:policy ${POLICY_HOME} \ - && pip install --upgrade pip==22.0.3 + python3 && \ + rm -rf /var/cache/apk/* && \ + addgroup -S policy && \ + adduser -S --shell /bin/sh -G policy policy && \ + mkdir -p ${POLICY_HOME}/ && \ + chown policy:policy ${POLICY_HOME} && \ + mkdir -p /usr/lib/jvm/ && \ + ln -s /opt/java/openjdk /usr/lib/jvm/default-jvm && \ + python3 -m ensurepip && \ + pip3 install --no-cache --upgrade pip setuptools + +# Install python/pip +RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python +RUN python3 -m ensurepip +RUN pip3 install --no-cache --upgrade pip setuptools + + +# Tell docker that all future commands should be run as the onap user +USER $user +WORKDIR /app diff --git a/policy-jre/alpine/pom.xml b/policy-jre/alpine/pom.xml index 21305758..1a1574bc 100644 --- a/policy-jre/alpine/pom.xml +++ b/policy-jre/alpine/pom.xml @@ -2,7 +2,7 @@ ============LICENSE_START======================================================= Copyright (C) 2019 Ericsson, Tieto. All rights reserved. Modifications Copyright (C) 2020 AT&T Intellectual Property. All rights reserved. - Modifications Copyright (C) 2022 Nordix Foundation. + Modifications Copyright (C) 2022-2023 Nordix Foundation. ================================================================================ Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -37,95 +37,8 @@ <properties> <docker.jre.imagename>onap/policy-jre-alpine</docker.jre.imagename> - <integration.java.name>onap/integration-java11</integration.java.name> - <integration.java.version>9.0.0</integration.java.version> </properties> - <profiles> - <profile> - <!-- This profile is activated on Apple M1 architecture to generate the ONAP base images locally --> - <id>baseImage</id> - <activation> - <os> - <arch>aarch64</arch> - </os> - </activation> - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-scm-plugin</artifactId> - <version>1.13.0</version> - <dependencies> - <dependency> - <groupId>org.codehaus.plexus</groupId> - <artifactId>plexus-utils</artifactId> - <version>3.4.2</version> - </dependency> - <dependency> - <groupId>org.apache.maven.scm</groupId> - <artifactId>maven-scm-provider-gitexe</artifactId> - <version>1.13.0</version> - </dependency> - </dependencies> - <configuration> - <connectionType>connection</connectionType> - <checkoutDirectory>src/main/resources/meta</checkoutDirectory> - </configuration> - <executions> - <execution> - <id>checkout-onap-python</id> - <phase>validate</phase> - <configuration> - <connectionUrl>scm:git:https://gerrit.onap.org/r/integration/docker/onap-java11</connectionUrl> - <checkoutDirectory>${project.build.directory}/onap-java11</checkoutDirectory> - </configuration> - <goals> - <goal>checkout</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>io.fabric8</groupId> - <artifactId>docker-maven-plugin</artifactId> - - <executions> - <execution> - <id>generate-base-image</id> - <phase>initialize</phase> - <configuration> - <verbose>true</verbose> - <apiVersion>1.23</apiVersion> - <pullRegistry>${docker.pull.registry}</pullRegistry> - <pushRegistry>${docker.push.registry}</pushRegistry> - <images> - <image> - <name>${integration.java.name}</name> - <build> - <cleanup>try</cleanup> - <contextDir>${project.build.directory}/onap-java11</contextDir> - <dockerFile>BareAlpine.Dockerfile</dockerFile> - <tags> - <tag>${integration.java.version}</tag> - <tag>${integration.java.version}-${maven.build.timestamp}</tag> - <tag>${project.docker.latest.minmax.tag.version}</tag> - </tags> - </build> - </image> - </images> - </configuration> - <goals> - <goal>build</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - </profile> - </profiles> - <build> <finalName>${project.artifactId}-${project.version}</finalName> <plugins> @@ -169,10 +82,6 @@ <tag>${project.version}-${maven.build.timestamp}</tag> <tag>${project.docker.latest.minmax.tag.version}</tag> </tags> - <args> - <INTEGRATION_JAVA_NAME>${integration.java.name}</INTEGRATION_JAVA_NAME> - <INTEGRATION_JAVA_VERSION>${integration.java.version}</INTEGRATION_JAVA_VERSION> - </args> </build> </image> </images> @@ -205,9 +114,6 @@ <goal>build</goal> <goal>push</goal> </goals> - <configuration> - <image>${docker.jre.imagename}</image> - </configuration> </execution> </executions> </plugin> diff --git a/policy-jre/alpine/src/main/docker/Dockerfile b/policy-jre/alpine/src/main/docker/Dockerfile index d4fed90c..f1bf2496 100644 --- a/policy-jre/alpine/src/main/docker/Dockerfile +++ b/policy-jre/alpine/src/main/docker/Dockerfile @@ -1,7 +1,7 @@ # ============LICENSE_START======================================================= # Copyright (C) 2019 Tieto. All rights reserved. # Modifications Copyright (C) 2020, 2021 AT&T Intellectual Property. All rights reserved. -# Modifications Copyright (C) 2020, 2022 Nordix Foundation. +# Modifications Copyright (C) 2020, 2022-2023 Nordix Foundation. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,15 +18,7 @@ # SPDX-License-Identifier: Apache-2.0 # ============LICENSE_END========================================================= -# Docker file to build a base image for all policy components images -# -# $JAVA_HOME is set to /usr/lib/jvm/java-11-openjdk -# more details at https://hub.docker.com/_/openjdk - -ARG INTEGRATION_JAVA_NAME=${INTEGRATION_JAVA_NAME} -ARG INTEGRATION_JAVA_VERSION=${INTEGRATION_JAVA_VERSION} - -FROM ${INTEGRATION_JAVA_NAME}:${INTEGRATION_JAVA_VERSION} +FROM alpine:3.17 LABEL maintainer="Policy Team" LABEL org.opencontainers.image.title="Policy JRE Alpine" @@ -38,21 +30,53 @@ LABEL org.opencontainers.image.created="${git.build.time}" LABEL org.opencontainers.image.version="${git.build.version}" LABEL org.opencontainers.image.revision="${git.commit.id.abbrev}" +ENV JAVA_HOME /usr/lib/jvm/default-jvm +ENV JAVA_OPTS="-Xms256m -Xmx1g" +ENV JAVA_SEC_OPTS="" ENV POLICY_HOME=/opt/app/policy +ENV PATH $JAVA_HOME/bin:$PATH -USER root +ARG user=onap +ARG group=onap -RUN apk update \ - && apk add --no-cache \ +# Default to UTF-8 file.encoding +ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8' + +# Generic additions +RUN apk add --no-cache \ + libretls \ + musl-locales \ + musl-locales-lang \ + openjdk11-jre \ + openssl \ + ca-certificates && \ + rm -rf /var/cache/apk/* && \ +# ONAP additions + addgroup -S $group && \ + adduser -G $group -D $user && \ + mkdir /var/log/$user && \ + mkdir /app && \ + chown -R $user:$group /var/log/$user && \ + chown -R $user:$group /app && \ +# Policy Framework additions + apk update && \ + apk add --no-cache \ busybox-extras \ curl \ jq \ procps \ unzip \ - zip \ - && addgroup -S policy \ - && adduser -S --shell /bin/sh -G policy policy \ - && mkdir -p ${POLICY_HOME}/ \ - && chown policy:policy ${POLICY_HOME} \ - && mkdir -p /usr/lib/jvm/ \ - && ln -s /opt/java/openjdk /usr/lib/jvm/java-11-openjdk + zip && \ + rm -rf /var/cache/apk/* && \ + addgroup -S policy && \ + adduser -S --shell /bin/sh -G policy policy && \ + mkdir -p ${POLICY_HOME}/ && \ + chown policy:policy ${POLICY_HOME} && \ + mkdir -p /usr/lib/jvm/ && \ + ln -s /opt/java/openjdk /usr/lib/jvm/default-jvm + +# Tell docker that all future commands should be run as the onap user +USER $user +WORKDIR /app + +ENTRYPOINT exec java $JAVA_SEC_OPTS $JAVA_OPTS -jar /app/app.jar |