Closed csmig closed 4 months ago
Appears the GitHub runner using ubuntu-latest has an older version of docker which does not support --start-interval
in the HEALTHCHECK. Will need to remove that.
Related question: should we even include an explicit HEALTHCHECK in our Dockerfile? I did so because I thought DISA guidance required it. But that document refers to liveness and readiness probes, which are k8s concepts not Docker. And I notice few major projects incorporate HEALTHCHECK into their published containers, neither MySQL nor Keycloak for example.
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
65.6% Coverage on New Code
0.0% Duplication on New Code
This PR refactors the API bootstrap code so we start listening on
STIGMAN_API_PORT
before any database migrations are started. The goal is to discourage container orchestration platforms from declaring our container unhealthy during a long-running migration, which has lead to container shutdowns and incomplete migrations.The refactored code:
503 Service Unavailable
for all requests exceptGET /api/op/definition
while the authentication and database dependencies are being setup. The hope is that deployments will send requests to that endpoint to determine healthiness and/or liveness. It is the only endpoint that does not require authentication or database access.healtheck.js
to use theGET /api/op/definition
endpointupdates our Dockerfile HEALTHCHECK statement with--start-interval=10s
so we enter healthy status sooner.