OpenJDK requires derivatives to use FIPS

Summary

The RHEL base image used by OpenJDK has FIPS enabled by default. Java automatically assumes it should run in FIPS mode, which fails if you run on a non-FIPS node in a cluster.

Steps to reproduce

Run a Java application using this base image on a non-FIPS node

What is the current bug behavior?

The pod crashes with the following error NSS module not available: fips.

What is the expected correct behavior?

Java should be able to run on nodes that are not FIPS enabled

Relevant logs and/or screenshots

Possible fixes

Following the guide at https://access.redhat.com/solutions/5696401, the security.useSystePropertiesFile property in java.security should be set to false to turn off FIPS in Java. Because this file is only writable by root, it must be done when the image is built. Adding sed -i 's/security.useSystemPropertiesFile=true/security.useSystemPropertiesFile=false/g' ${JAVA_HOME}/conf/security/java.security to the Dockerfile would fix this.

Defintion of Done

Bug has been identified and corrected within the container

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information