Create openjdk-21 docker images based on Bookworm
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	bking
	Jan 15 2026, 3:54 PM

Description

OpenSearch 3 requires Java 21 or later, and our security posture (discourages? prohibits?) using the embedded JDK that comes with OpenSearch.

As such, we'll need:

Create openjdk-21 docker images and publish them to our docker-images repo
Deploy production images
~~Verify they are viable as a source for OpenSearch 3 images~~ moved to T414693

Details

Other Assignee: RKemper

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	java: create openjdk-21 image	operations/docker-images/production-images	master	+18 -0

Customize query in gerrit

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Open		EBernhardson	T413969 Make semantic search accessible through Action API
		Resolved		bking	T414695 Create openjdk-21 docker images based on Bookworm

Event Timeline

bking created this task.Jan 15 2026, 3:54 PM

Change #1227376 had a related patch set uploaded (by Bking; author: Bking):

[operations/docker-images/production-images@master] java: create openjdk-21 image

https://gerrit.wikimedia.org/r/1227376

gerritbot added a project: Patch-For-Review.Jan 15 2026, 4:54 PM

bking changed the task status from Open to In Progress.Jan 15 2026, 4:54 PM

bking claimed this task.

bking triaged this task as High priority.

bking updated Other Assignee, added: bking.

bking added a project: Data-Platform-SRE (2026.01.05 - 2026.01.23).

bking updated Other Assignee, removed: bking.

Change #1227376 merged by Bking:

[operations/docker-images/production-images@master] java: create openjdk-21 image

https://gerrit.wikimedia.org/r/1227376

Maintenance_bot removed a project: Patch-For-Review.Jan 15 2026, 10:30 PM

Brian and I are testing out building of https://gerrit.wikimedia.org/r/c/operations/docker-images/production-images/+/1227376 like so:

root@build2001:/srv/images/production-images# /srv/deployment/docker-pkg/venv/bin/docker-pkg -c /etc/production-images/config.yaml build images/ --select '*openjdk-21-jre-bookworm*'
== Step 0: scanning /srv/images/production-images/images/ ==
Will build the following images:
== Step 1: building images ==
== Step 2: publishing ==
== Build done! ==
You can see the logs at ./docker-pkg-build.log

root@build2001:/srv/images/production-images# /srv/deployment/docker-pkg/venv/bin/docker-pkg -c /etc/production-images/config.yaml build images/ --select '*jre*'
== Step 0: scanning /srv/images/production-images/images/ ==
Will build the following images:
* docker-registry.discovery.wmnet/openjdk-21-jre:0.1
== Step 1: building images ==
* Built image docker-registry.discovery.wmnet/openjdk-21-jre:0.1
== Step 2: publishing ==
Successfully published image docker-registry.discovery.wmnet/openjdk-21-jre:0.1
== Build done! ==
You can see the logs at ./docker-pkg-build.log

Actually working build string this time

bking opened https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/10

WIP: Add opensearch 3.x image variant

bking updated the task description. (Show Details)Jan 15 2026, 11:21 PM

Gehel added a project: Essential-Work.Fri, Jan 16, 1:48 PM

bking merged https://gitlab.wikimedia.org/repos/data-engineering/opensearch/-/merge_requests/10

Add opensearch 3.x image variant

Maintenance_bot removed a project: Patch-For-Review.Fri, Jan 16, 11:31 PM

bking updated Other Assignee, added: RKemper.Tue, Jan 20, 4:14 PM