Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support configuring a Docker HEALTHCHECK #676

Closed
jack-kerouac opened this issue Jul 20, 2018 · 6 comments
Closed

support configuring a Docker HEALTHCHECK #676

jack-kerouac opened this issue Jul 20, 2018 · 6 comments
Assignees
@TadCordle
Labels
priority: p2
Milestone
v0.10.1

Comments

@jack-kerouac
Copy link

Description of the issue:
Support configuring a Docker HEALTHCHECK for the resulting Docker image.

Expected behavior:
The Jib configuration should allow adding a Docker HEALTHCHECK, including interval, timeout, start-period, retries, and CMD to run.
@coollog
Copy link
Contributor

coollog commented Jul 20, 2018
edited
Loading

Hi @jack-kerouac , since the default base image gcr.io/distroless/java does not include a shell, Docker healthchecks would be, by design, not usable. However, you can still use a different base image with a shell and set health checks when you run the image (with docker run for instance).

When running on Kubernetes, no shell is needed as you can configure liveness and readiness probes directly.

Closing but feel free to add additional comments if needed.

@coollog coollog closed this as completed Jul 20, 2018
@werty1st
Copy link

werty1st commented Sep 24, 2018
edited
Loading

Hello @coollog, i would like to question your assumtion, that by design, a shell is needed to run a HEALTHCHECK.

The docs state that

The command after the CMD keyword can be either a shell command (e.g. HEALTHCHECK CMD /bin/check-running) or an exec array (as with other Dockerfile commands; see e.g. ENTRYPOINT for details).

So why should
HEALTHCHECK --interval=5m --timeout=3s CMD ["java", "-cp", "/app/resources/:/app/classes/:/app/libs/*", "com.company.content.feed.consumer.ContentFeedConsumerApplication", "health"]
not work?

The main application contains code like this:
if (args == health){
if checkfile.timestamp > 3600 exit(-1) else exit(0)
}

@coollog
Copy link
Contributor

coollog commented Sep 24, 2018
edited
Loading

@werty1st Thanks for the tip. Reopening to potentially address this with the exec form of HEALTHCHECK. For implementators' reference: see Healthcheck in container config spec

@coollog coollog reopened this Sep 24, 2018
@swift1911
Copy link

HEALTHCHECK is very important for check container is healthy or not , especially for java service

@coollog coollog added this to the 0.10.1 milestone Sep 26, 2018
@tburch
Copy link

tburch commented Oct 5, 2018

This would be super useful to have with ECS health checks. I'd love to see support added.

@TadCordle TadCordle self-assigned this Oct 31, 2018
This was referenced Nov 5, 2018
Merged
Merged
@TadCordle
Copy link
Contributor

tl;dr - if you feel strongly about health checks, comment on this OCI thread/submit a PR adding it to the spec to get a discussion going: opencontainers/image-spec#749

To give an update on this issue, we've been going back and forth as a team about whether or not to support health checks with Jib. Our thoughts so far are as follows:

  • At the very least, we plan on inheriting health check configurations from the base image. We're aiming to have support for this in the next release.
  • We're leaning against adding healthchecks to the plugin configuration for now. Jib is intended to be an opinionated, easy to use image builder for Java kubernetes/OCI users. At the moment, kubernetes doesn't support health checks defined in the docker container config (only its liveness/readiness probes), and health checks aren't part of the OCI spec. Adding configuration options for such a docker-specific use case adds questionable value at the cost of adding a decent amount of extra complexity to Jib. As discussed above, the most likely case for health checks in java containers involves running another java application every time the health check is scheduled to run, which seems heavy-weight (would mean spinning up a new JVM every interval seconds).
  • We're more open to adding healthchecks as a jib-core library feature, since jib-core is a general container builder, but may hold off on it for reason described above that it's still a very docker-specific feature. Would like to do this if OCI adds support, though.

If health checks are something people feel strongly about, this issue is currently open for adding it to the OCI spec. I would recommend reading through the thread/starting the discussion back up to get them added to the OCI spec if you feel you get a lot of value out of health checks.

@TadCordle TadCordle mentioned this issue Nov 30, 2018
Merged
@coollog coollog closed this as completed Dec 4, 2018
rm3l added a commit to Cosmo-Tech/cosmotech-api that referenced this issue Jun 14, 2021
@rm3l
chore: Ignore "CIS-DI-0006" container scan best practice check
645f8d0 
CIS-DI-0006 is raised because the resulting image has no HEALTHCHECK instruction.

HEALTHCHECK is not part of the OCI spec, but is very Docker-specific.
And, as commented in [1], Jib has no intention to support it,
unless the core OCI spec supports it.

Plus, Kubernetes makes use of its own Startup / Liveness / Readiness
probes for health checks.

[1] GoogleContainerTools/jib#676 (comment)
@quantranhong1999 quantranhong1999 mentioned this issue Jul 5, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TadCordle TadCordle

Labels
priority: p2
Projects
None yet
Milestone
v0.10.1
Development

No branches or pull requests
6 participants
@tburch @TadCordle @jack-kerouac @werty1st @coollog @swift1911