first version of krb5 helper image
diff --git a/.asf.yaml b/.asf.yaml
new file mode 100644
index 0000000..886f218
--- /dev/null
+++ b/.asf.yaml
@@ -0,0 +1,31 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+github:
+ description: "Container image to provide MIT krb5 server for developing and testing Apache Ozone"
+ homepage: https://ozone.apache.org
+ labels:
+ - ozone
+ - container
+ - devtool
+ - unsecure
+ enabled_merge_buttons:
+ squash: true
+ merge: false
+ rebase: false
+notifications:
+ commits: commits@ozone.apache.org
+ issues: issues@ozone.apache.org
+ pullrequests: issues@ozone.apache.org
+ jira_options: link label worklog
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 0000000..08001fb
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,16 @@
+## What changes were proposed in this pull request?
+
+(Please fill in changes proposed in this fix)
+
+## What is the link to the Apache JIRA
+
+(Please create an issue in ASF JIRA before opening a pull request,
+and you need to set the title of the pull request which starts with
+the corresponding JIRA issue number. (e.g. HDDS-XXXX. Fix a typo in YYY.)
+
+Please replace this section with the link to the Apache JIRA)
+
+## How was this patch tested?
+
+(Please explain how this patch was tested. Ex: unit tests, manual tests)
+(If this patch involves UI changes, please attach a screen-shot; otherwise, remove this)
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
new file mode 100644
index 0000000..6e74267
--- /dev/null
+++ b/.github/workflows/build.yaml
@@ -0,0 +1,27 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+name: build
+on:
+ - push
+ - pull_request
+jobs:
+ build:
+ name: build and deploy
+ runs-on: ubuntu-18.04
+ steps:
+ - name: checkout source
+ uses: actions/checkout@master
+ - name: build image
+ run: docker build -t ghcr.io/$(echo $GITHUB_REPOSITORY | sed 's/docker-//g') .
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..5ac6fec
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,4 @@
+# Contributing
+
+For detailed contribution guideline, please check the [contribution guideline of Apache Ozone repository](https://github.com/apache/ozone/blob/master/CONTRIBUTING.md).
+
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..48c9d6c
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM alpine:3.13.2
+# hadolint ignore=DL3018
+RUN apk add --no-cache bash ca-certificates openssl krb5-server krb5 wget && update-ca-certificates && \
+ wget -O /usr/local/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v1.2.0/dumb-init_1.2.0_amd64 && \
+ chmod +x /usr/local/bin/dumb-init
+WORKDIR /opt
+COPY krb5.conf /etc/
+COPY kadm5.acl /var/lib/krb5kdc/kadm5.acl
+COPY init.sh .
+RUN chmod +x ./init.sh && ./init.sh
+ENTRYPOINT ["/usr/local/bin/dumb-init", "--"]
+
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b66c43c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,9 @@
+# Containerized MIT Kerberos server for Ozone dev environments
+
+This repository containers the container definition of a MIT Kerberos server.
+
+It's used for development and testing Apache Ozone and **not secured for production use**.
+
+Keytabs required by secure Ozone smoketests are pre-generated which makes possible to export them and store together with the containerized test environments. It makes the tests faster as the keytabs are already exported for each tests.
+
+
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..e8b84ab
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy
+
+This container image (`apache/ozone-testkrb5`) is indented to be used only in *test and dev* environment. Please don't use it in production environment.
+
+The process of reporting Apache Ozone vulnerabilities [defined in the main Apache Ozone repository](https://github.com/apache/ozone/blob/master/SECURITY.md).
\ No newline at end of file
diff --git a/init.sh b/init.sh
new file mode 100644
index 0000000..8699c4a
--- /dev/null
+++ b/init.sh
@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+set -e
+
+kdb5_util create -s -P Welcome1
+
+kadmin.local -q "addprinc -randkey admin/admin@EXAMPLE.COM"
+
+kadmin.local -q "addprinc -randkey scm/scm@EXAMPLE.COM"
+kadmin.local -q "addprinc -randkey HTTP/scm@EXAMPLE.COM"
+kadmin.local -q "addprinc -randkey testuser/scm@EXAMPLE.COM"
+kadmin.local -q "addprinc -randkey testuser2/scm@EXAMPLE.COM"
+
+kadmin.local -q "addprinc -randkey recon/recon@EXAMPLE.COM"
+kadmin.local -q "addprinc -randkey HTTP/recon@EXAMPLE.COM"
+
+kadmin.local -q "addprinc -randkey s3g/s3g@EXAMPLE.COM"
+kadmin.local -q "addprinc -randkey HTTP/s3g@EXAMPLE.COM"
+kadmin.local -q "addprinc -randkey testuser/s3g@EXAMPLE.COM"
+
+kadmin.local -q "addprinc -randkey om/om@EXAMPLE.COM"
+kadmin.local -q "addprinc -randkey HTTP/om@EXAMPLE.COM"
+kadmin.local -q "addprinc -randkey testuser/om@EXAMPLE.COM"
+
+kadmin.local -q "addprinc -randkey dn/dn@EXAMPLE.COM"
+kadmin.local -q "addprinc -randkey HTTP/dn@EXAMPLE.COM"
+
+#for Mapreduce tests (Yarn):
+kadmin.local -q "addprinc -randkey jhs/jhs@EXAMPLE.COM"
+kadmin.local -q "addprinc -randkey HTTP/jhs@EXAMPLE.COM"
+
+kadmin.local -q "addprinc -randkey rm/rm@EXAMPLE.COM"
+kadmin.local -q "addprinc -randkey HTTP/rm@EXAMPLE.COM"
+
+kadmin.local -q "addprinc -randkey nm/nm@EXAMPLE.COM"
+kadmin.local -q "addprinc -randkey HTTP/nm@EXAMPLE.COM"
+
+kadmin.local -q "addprinc -randkey hadoop/rm@EXAMPLE.COM"
+
+kadmin.local -q "addprinc -randkey HTTP/ozone@EXAMPLE.COM"
diff --git a/kadm5.acl b/kadm5.acl
new file mode 100644
index 0000000..f0cd660
--- /dev/null
+++ b/kadm5.acl
@@ -0,0 +1,20 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+*/admin@EXAMPLE.COM x
diff --git a/krb5.conf b/krb5.conf
new file mode 100644
index 0000000..c95b5bf
--- /dev/null
+++ b/krb5.conf
@@ -0,0 +1,41 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+[logging]
+default = STDERR
+kdc = STDERR
+admin_server = STDERR
+
+[libdefaults]
+ dns_canonicalize_hostname = false
+ dns_lookup_realm = false
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+ rdns = false
+ default_realm = EXAMPLE.COM
+
+[realms]
+ EXAMPLE.COM = {
+ kdc = localhost
+ admin_server = localhost
+ max_renewable_life = 7d
+ }
+
+[domain_realm]
+ .example.com = EXAMPLE.COM
+ example.com = EXAMPLE.COM
+
