amd64/eclipse-temurin Docker 镜像 - 轩辕镜像

Note: this is the "per-architecture" repository for the amd64 builds of the eclipse-temurin official image -- for more information, see "Architectures other than amd64?" in the official images documentation and "An image's source changed in Git, now what?" in the official images FAQ.

Quick reference

• Maintained by:
  Adoptium

• Where to get help:
  Adoptium Slack; Adoptium Support

Supported tags and respective Dockerfile links

Note: the description for this image is longer than the Hub length limit of 25000, so the "Supported tags" list has been trimmed to compensate. See also docker/hub-feedback#238 and docker/roadmap#475.

• See "Supported tags and respective Dockerfile links" at [***]

Quick reference (cont.)

• Where to file issues:
  GitHub; The adoptium support page has more information on quality, roadmap and support levels for Eclipse Temurin builds. Vulnerabilities not related to Eclipse Temurin itself should be be raised to their respective projects (e.g Ubuntu vulnerabilities need to be raised directly to the Ubuntu project).

• Supported architectures: (more info)
  amd64, arm32v7, arm64v8, ppc64le, riscv64, s390x, windows-amd64

• Published image artifact details:
  repo-info repo's repos/eclipse-temurin/ directory (history)
  (image metadata, transfer size, etc)

• Image updates:
  official-images repo's library/eclipse-temurin label
  official-images repo's library/eclipse-temurin file (history)

• Source of this description:
  docs repo's eclipse-temurin/ directory (history)

Overview

The images in this repository contain OpenJDK binaries that are built by Eclipse Temurin.

What is Eclipse Temurin ?

The Eclipse Temurin project provides code and processes that support the building of runtime binaries and associated technologies that are high performance, enterprise-caliber, cross-platform, open-source licensed, and Java SE TCK-tested for general use across the Java ecosystem.

!logo

Do you provide JRE (Java Runtime Environment) Images?

JRE images are available for all versions of Eclipse Temurin but it is recommended that you produce a custom JRE-like runtime using jlink (see usage below).

Can I add my internal CA certificates to the truststore?

Yes, it's possible for all image flavors except for Windows-based images. The format of the certificates depends on what the OS of the base image used expects, but PEM format with a .crt file extension is a good bet.

You need to put your CA certificates into /certificates directory inside the container (e.g. by using a volume) and opt-in into CA certificate processing by setting the environment variable USE_SYSTEM_CA_CERTS on the container to any value (if you are overriding the entrypoint script, please make sure you call /__cacert_entrypoint.sh to enable the processing). Using Docker CLI this might look like this:

console
$ docker run -v $(pwd)/certs:/certificates/ -e USE_SYSTEM_CA_CERTS=1 amd64/eclipse-temurin:25

When run like this, your certificates will get added to both the JVM truststore and to the system CA store (e.g. for use by curl and other CLI tools). However, if you are running your containers in a restricted-by-default environment (such as Red Hat OpenShift), there will be some small differences:

• Your containers are run with a non-root UID: Since neither the default JVM truststore nor the system CA store can be written to by a non-root user, the system CA store will not be updated, while a separate truststore will be provided to the JVM. Your certificates will get added to that truststore and the JAVA_TOOL_OPTIONS environment variable will be automatically extended to switch the JVM over to this new truststore. If you are overriding the default entrypoint script of this image, you'll need let the JVM know about the new truststore manually. The path to the new truststore will be exported via JRE_CACERTS_PATH environment variable.

• Your containers are run with a read-only filesystem: The same restrictions apply as with running containers with a non-root UID. In addition, a writable volume is required at /tmp to be able to create the new truststore.

While this feature has been tested in multiple scenarios, there is always a chance of an unexpected edge case. Should you encounter one of these, please open an issue.

How to use this Image

To run a pre-built jar file with the latest OpenJDK 25, use the following Dockerfile:

dockerfile
FROM amd64/eclipse-temurin:25
RUN mkdir /opt/app
COPY japp.jar /opt/app
CMD ["java", "-jar", "/opt/app/japp.jar"]

You can build and run the Docker Image as shown in the following example:

console
docker build -t japp .
docker run -it --rm japp

Using a different base Image

If you are using a distribution that we don't provide an image for you can copy the JDK using a similar Dockerfile to the one below:

dockerfile
# Example
FROM <base image>
ENV JAVA_HOME=/opt/java/openjdk
COPY --from=amd64/eclipse-temurin:25 $JAVA_HOME $JAVA_HOME
ENV PATH="${JAVA_HOME}/bin:${PATH}"

Creating a JRE using jlink

On OpenJDK 21+, a JRE can be generated using jlink, see the following Dockerfile:

dockerfile
# Example of custom Java runtime using jlink in a multi-stage container build
FROM amd64/eclipse-temurin:25 as jre-build

# Create a custom Java runtime
RUN $JAVA_HOME/bin/jlink \
         --add-modules java.base \
         --strip-debug \
         --no-man-pages \
         --no-header-files \
         --compress=2 \
         --output /javaruntime

# Define your base image
FROM debian:buster-slim
ENV JAVA_HOME=/opt/java/openjdk
ENV PATH "${JAVA_HOME}/bin:${PATH}"
COPY --from=jre-build /javaruntime $JAVA_HOME

# Continue with your application deployment
RUN mkdir /opt/app
COPY japp.jar /opt/app
CMD ["java", "-jar", "/opt/app/japp.jar"]

If you want to place the jar file on the host file system instead of inside the container, you can mount the host path onto the container by using the following commands:

dockerfile
FROM amd64/eclipse-temurin:25
CMD ["java", "-jar", "/opt/app/japp.jar"]

console
docker build -t japp .
docker run -it -v /path/on/host/system/jars:/opt/app japp

Image Variants

The amd64/eclipse-temurin images come in many flavors, each designed for a specific use case.

amd64/eclipse-temurin:<version>

This is the defacto image. If you are unsure about what your needs are, you probably want to use this one. It is designed to be used both as a throw away container (mount your source code and start the container to start your app), as well as the base to build other images off of.

Some of these tags may have names like jammy or noble in them. These are the suite code names for releases of Ubuntu and indicate which release the image is based on. If your image needs to install any additional packages beyond what comes with the image, you'll likely want to specify one of these explicitly to minimize breakage when there are new releases of Ubuntu.

amd64/eclipse-temurin:<version>-alpine

This image is based on the popular Alpine Linux project, available in the alpine official image. Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general.

This variant is useful when final image size being as small as possible is your primary concern. The main caveat to note is that it does use musl libc instead of glibc and friends, so software will often run into issues depending on the depth of their libc requirements/assumptions. See this Hacker News comment thread for more discussion of the issues that might arise and some pro/con comparisons of using Alpine-based images.

To minimize image size, it's uncommon for additional related tools (such as git or bash) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the alpine image description for examples of how to install packages if you are unfamiliar).

License

The Dockerfiles and associated scripts are licensed under the Apache License, Version 2.0.

Licenses for the products installed within the images:

• OpenJDK: The project license is GNU GPL v2 with Classpath Exception.

As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc from the base distribution, along with any direct or indirect dependencies of the primary software being contained).

Some additional license information which was able to be auto-detected might be found in the repo-info repository's eclipse-temurin/ directory.

As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within.