jdowland@redhat.com sraghupu Any update on this topic ?

Thank you in advance.

Hi sraghupu , whilst OPENJDK-1977 is relevant here (as it would be a workaround for the issue in this ticket), the bigger issue I think that's worth discussing is integration/joining up openjdk container documentation with more general redhat/openshift container documentation. I'm fairly sure the proper solution here (not disabling HTTPS, but instead certificate handling)  is not an openjdk-specific one, and is likely already documented by the openshift docs (or should be, we need to confirm this), but someone trying to work with the openjdk containers may not know what other product docs are pertinent.

We could add it to the agenda our planned call this month?

jdowland@redhat.com Do you mean you want us to prioritize "OPENJDK-1977 Document how to use HTTP-only Maven repositories for recent images" for documentation updates?

Hi jdowland@redhat.com. Please contact sraghupu regarding all requests for doc updates.

I think I might need to bring in some help on this. rhn-support-khosford , for context, llowinge@redhat.com 's comment here basically sums up a potential missing piece in container documentation, but it's an issue that  might have fallen between the cracks wrt OpenJDK docs and OpenShift docs (or more generic RHEL/container docs). Can you advise please how we might get this on the backlog for docs? TIA!

jdowland@redhat.com Thanks a lot, let us know. It would be great to have it atleast in form of KCS article. Because sometimes can be hard to combine multiple sources of documentation to achieve one goal. This is i believe a bit specific as we should mount the cacerts somewhere in the builder (which packages the maven project) pod which i don't know if is the same as mounting volumes to resulting pod container app.

llowinge@redhat.com I believe this is handled (or is supposed to be) by the container runtime, volume-mounting an appropriate cacerts bundle into running containers. As such the solution is not OpenJDK or OpenJDK-container image specific, but there is (I think) some OpenShift guidance, and possibly some Podman guidance. I'll have a quick look to see if I can find it.

jdowland@redhat.com I'm still missing some issue tracking best practice of "How to" for setting up HTTPS with custom certificates in the container. This issue was all about it, because that should be the preferred way in the industry.

Hi fmongiar@redhat.com 

Any update on this topic? The same issue could happen in future

In the earlier conversation we'd identified four actions which are tracked in the linked JIRAs. The summarize, we identified that defining maven mirrors (using MAVEN_MIRRORS, etc.) for each of the HTTP repositories in use enables their use with the current Maven version; we clarified the description of MAVEN_REPOS to make clear that it must be specified in upper-case and that has shipped (OPENJDK-1964); We have not yet shipped a similar documentation fix for MAVEN_MIRRORS (OPENJDK-1963); nor documented MAVEN_MIRROR_OF (OPENJDK-1962, but note that the version for use in conjunction with MAVEN_MIRRORS, i.e. prefix_MAVEN_MIRROR_OF, is documented);

The main issue, to document the risk of moving from Maven 3.6 to 3.8, is with the docs team (OPENJDK-1977) and I don't know if they have it on their roadmap or any kind of timescale for it.  It's possible that this could be address instead with a KnowledgeBase article, WDYT?

SInce this issue we did some work upstream on automatically publishing image "API" documentation, with pages for each shipped image (tagged in the source repo) and development branches listing all the configuration variables nad their docs: https://jboss-container-images.github.io/openjdk/

Do you think there is some other action we should take?

Any update on this topic? The same issue could happen in future