Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider defining a helper "health check" utility for distroless scenarios #4300

Open
mthalman opened this issue Jan 5, 2023 · 4 comments
Open

Consider defining a helper "health check" utility for distroless scenarios #4300

mthalman opened this issue Jan 5, 2023 · 4 comments
Labels
area-infrastructure enhancement

Comments

@mthalman
Copy link
Member

mthalman commented Jan 5, 2023
edited

The use of the HEALTHCHECK instruction often involves the use of a command that executes an HTTP request to the application in order to verify its health. That command might be curl or wget for Linux containers. This becomes problematic for distroless/chiseled containers that would likely want to exclude such commands. How then would a call be made to verify the health of the app?

One solution is to include a basic .NET application that execute the HTTP request (see #4296). Depending on the ubiquity of such a solution, it might make sense for .NET to provide its own implementation of this application that can be easily injected into .NET distroless/chiseled solutions.

I'll illustrate this with an example. Let's say .NET publishes an httpclient image that contains a .NET app which simply sends an HTTP request to a URL provided as an argument. It returns 0 if the request succeeds and 1 if it fails. A distroless implementation could consume this app like the following:

# Build stage excluded for brevity
...

FROM mcr.microsoft.com/dotnet/nightly/runtime-deps:7.0-jammy-chiseled
WORKDIR /app
COPY --from=build /app .

# Inject the .NET httpclient into the image to use for the health check
COPY --from=mcr.microsoft.com/dotnet/httpclient:7.0 /httpclient.exe /
HEALTHCHECK CMD [ "/httpclient.exe", "http://localhost/healthz" ]

ENTRYPOINT ["./app"]

I think it'd be important to understand the landscape of how customers are using health checks to determine the suitability of a pre-defined tool like this. We obviously don't want to be reimplementing curl in .NET but allowing for a little bit of behavior customization in order to fulfill a large portion of customer scenarios seems reasonable.
@mthalman
Copy link
Member Author

[Triage]
As a first step, we'd like to provide documentation in the repo to help guide customer's on the pattern to implement this on their own in a way that doesn't depend on .NET providing a new tool. This is a low-cost solution and can also be used as a means to gather feedback from customers to determine the optimal solution that would meet their needs if we were to publish our own tool.

@mthalman mthalman mentioned this issue Jan 11, 2023
Open
This was referenced Jan 24, 2023
Merged
Open
@64J0
Copy link

64J0 commented Jul 19, 2023

Does this affect Kubernetes' probes?

I'm not 100% sure, but I think the probes commands are handled outside the container, so it must work even in a distroless environment. Is it correct?

@lbussell lbussell mentioned this issue Oct 26, 2023
Merged
@richlander
Copy link
Member

Does this affect Kubernetes' probes?

Not needed for Kubernetes. This is a docker compose need.

@Kralizek
Copy link

As far as I understand, having a way to ping the application from within the container is very important in the AWS space for people (like me) using ECS instead of EKS.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-infrastructure enhancement
Projects
.NET Docker
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Kralizek @richlander @mthalman @64J0