[docker-compose] Trillian healthchecks don't work #1200
Description
This is my fault :-(
Endeavoring to minimize the Docker image sizes of the Trillian "trio" and not being aware (at the time) that these were used for anything other than Kubernetes (its healthchecks don't suffer Docker's limitation), I converted the Dockerfiles to multi-stage builds and used Distroless for the runtime.
Distroless images do not include a shell. Docker Healthchecks require (CMD) a shell to run.
So the healthchecks fail when used by Docker and Docker Compose, e.g:
docker-compose ps
WARNING: Some services (init) use the 'deploy' key, which will be ignored. Compose does not support 'deploy' configuration - use `docker stack deploy` to deploy to a swarm.
Name Command State Ports
------------------------------------------------------------------------------------------------------------------------------
keytransparency_log-server_1 /trillian_log_server --mys ... Up (unhealthy)
keytransparency_log-signer_1 /trillian_log_signer --mys ... Up (unhealthy)
keytransparency_map-server_1 /trillian_map_server --mys ... Up (unhealthy)
...
keytransparency_sequencer_1 /go/bin/keytransparency-se ... Up (healthy) 0.0.0.0:8083->8081/tcp
keytransparency_server_1 /go/bin/keytransparency-se ... Up (healthy) 0.0.0.0:443->8080/tcp, 0.0.0.0:8081->8081/tcp
prometheus-to-sd /monitor --stackdriver-pre ... Exit 255
Recommend
The easiest (albeit not good) solution is to remove the healthchecks from the Trillian servers:
keytransparency/docker-compose.yml
Line 62 in 5ac39fe
keytransparency/docker-compose.yml
Line 87 in 5ac39fe
keytransparency/docker-compose.yml
Line 109 in 5ac39fe
An alternative would be to bundle a simple healthcheck binary in the images that may be used instead:
https://github.com/DazWilkin/golang-healthcheck