UnownHash / Fletchling

10 stars 3 forks source link

Fix Docker compose healthcheck #44

Closed Cronick closed 7 months ago

Cronick commented 7 months ago

gcr.io/distroless/static-debian11 doesn't include curl by default, and because it's distroless. There is not really an obvious way (from what I can see) to get it installed.

Proposal is to change base image to debian:stable-slim and install curl into the container. This will increase the image size by 4x, from what I could test on my own machine, and not as "secure" as a distroless.

So just opening the discussion now, if we should have a working healthcheck or not 😄

Fabio1988 commented 7 months ago

What about this article? https://medium.com/@aminmir326/health-checks-for-distroless-containers-a2180c4c4fcf

Might be a workaround

na-ji commented 7 months ago

What I usually do on distroless images is just to copy the curl binary from a busybox image. It's easy and works well. Keeping the advantage of distroless with little downside.

Cronick commented 7 months ago

What I usually do on distroless images is just to copy the curl binary from a busybox image. It's easy and works well. Keeping the advantage of distroless with little downside.

Will give that an attempt tomorrow then, if no-one beats me to do it 😄

comstud commented 7 months ago

Oops. Didn’t think about this. I only tested that the route worked in the service. Copying curl binary would be the better solution IMO

lenisko commented 7 months ago

Guilty! I'm not running Fletchling inside a docker 😶

lenisko commented 7 months ago

@Cronick you might want to use that solution (well with maybe younger version of bbox) https://github.com/GoogleContainerTools/distroless/issues/183#issuecomment-571723446

Cronick commented 7 months ago

Could not find a busybox image with curl. So just aimed for the next best wget.

comstud commented 7 months ago

yeah, i saw the same thing last night. This looks like what I'd come up with, but I wanted to give you a chance to fix up your PR. :) Thanks!