Closed andreas-hoehmann closed 7 months ago
hyness
commented
12 months ago The docker health check is unnecessary. Curl will not be added to this image. Please see one of the examples for how to configure this image through docker or docker compose. Closing
ahoehma
commented
12 months ago Ok. But please point me in the right direction @hyness. I can find only this: https://github.com/hyness/spring-cloud-config-server/blob/main/examples/native/docker-compose.yml. In my use case I have another service which needs the configserver so I added a "depends_on" with a "service_healthy" condition. But I can't see any example how you suggest to define such a health-check for your image. Thanks!
kyle-mcknight
commented
7 months ago Actually it is important and necessary to some people.
@ahoehma Our solution was to create a custom Dockerfile.
FROM hyness/spring-cloud-config-server:4.0.3
COPY --from=busybox:1.35.0-uclibc /bin/sh /bin/sh
COPY --from=ghcr.io/tarampampam/curl:8.6.0 /bin/curl /bin/curlAdds /bin/sh and curl.
Then use this in your docker compose file with the healthcheck.
hyness
commented
7 months ago My apologies for the tone and dismissive attitude to this issue. It's not my place to judge anyone's use case. What I can say, and should have said instead, is that this image was intended to be used in an enterprise environment where typically docker healthchecks are not used by orchestration frameworks like Kubernetes, ECS or a host of cloud providers that provide healthchecks outside the container image. Additionally, this image is distro-less to enhance it's security and keep it's size down. There are many known exploits in curl that could compromise security if included, and a large portion of users will not need it.
The images are produced with Cloud Native Buildpacks not through a Dockerfile, so it's not trivial to add it, even if it didn't have security implications. A multi-phase build like @kyle-mcknight provided is about the easiest way, but comes at the expense of potentially reduced security and having to maintain multiple build types which frankly I was happy to put behind me with buildpacks. However, I do see there is a buildpack that could potentially be added to allow for a docker healthcheck without adding curl. I'm going to re-open this issue to explore adding this in for the next release. If not, I'll add the workaround and credit Kyle in the README.
Thank you to @kyle-mcknight for providing a workaround and checking my attitude. My apologies again, @ahoehma
ahoehma
commented
7 months ago @hyness You don't need to apologize. Everything is okay 👍 @kyle-mcknight instead of building my own image may its possible to install curl (in k8s) with an "initContainer" or something. just an idea. But in k8s itself I can directly use the /actuator/health I guess. Nevermind :)
hyness
commented
7 months ago Hello @ahoehma, I have a version of the internal healthcheck that you can try if you like. It appears to be working as far as I can tell. The image says healthy once the app is up
Up 5 minutes (healthy)The docker image can pulled at ghcr.io/hyness/spring-cloud-config-server:936b1859-jre17
The healthcheck definition I used
healthcheck:
test: ["CMD", "health-check"]
start_interval: 30s
interval: 5s
retries: 10This will be included in the next release and will be documented in the README
I try this:
But everything I got from docker is this:
"Output": "OCI runtime exec failed: exec failed: unable to start container process: exec: \"curl\": executable file not found in $PATH: unknown"
I was not able to figure out what base image etc. you are using or what's possible in the image.
Please give me a hint how to enabled health-check.