The Maven Builder container image should use the same base image as the other container images we use. Upstream, this allows us to use the UBI8/9 based OpenJDK image directly, as it layers on top of the same base image and provides the same levels of FIPS support etc.

But as we are moving to using a different RHEL9 ELS based container image downstream, we should use the same for the Maven Builder there as well. That will make sure that both images have the same FIPS status etc.

The Maven Builder image is used as part of the Kafka Connect container image build feature. The user can specify the KafkaConnect plugins they want to have in their Connect Deployment and Strimzi / AMQ Streams will automatically pull them and build a new container image. When the user wants to pull the connector from a Maven repository, we use a separate container image to pull the binaries where Maven is installed. (keep in mind, that while the Maven Builder image is not running permanently and we might not recommend users to build the container images in production, they still might use it there and the Maven build will use TLS etc., so there is some FIPS impact)

So I expect the Maven installation to be the main difference between the OpenJDK image and our RHEL9 ELS based images.