|
1 | 1 | # Health Check Support in nerdctl |
2 | 2 |
|
3 | | -`nerdctl` supports Docker-compatible health checks for containers, allowing users to monitor container health via a user-defined command. |
| 3 | +`nerdctl` supports Docker-compatible health checks for containers, allowing you to monitor container health through user-defined commands. |
4 | 4 |
|
5 | | -Currently, health checks can be triggered manually using the nerdctl container healthcheck command. Automatic orchestration (e.g., periodic checks) will be added in a future update. |
| 5 | +## Configuration Options |
6 | 6 |
|
7 | 7 | Health checks can be configured in multiple ways: |
8 | 8 |
|
9 | | -1. At container creation time using nerdctl run or nerdctl create with `--health-*` flags |
| 9 | +1. At container creation time using `nerdctl run` or `nerdctl create` with these flags: |
| 10 | + - `--health-cmd`: Command to run to check health |
| 11 | + - `--health-interval`: Time between running the check (default: 30s) |
| 12 | + - `--health-timeout`: Maximum time to allow one check to run (default: 30s) |
| 13 | + - `--health-retries`: Consecutive failures needed to report unhealthy (default: 3) |
| 14 | + - `--health-start-period`: Start period for the container to initialize before starting health-retries countdown |
| 15 | + - `--no-healthcheck`: Disable any container-specified HEALTHCHECK |
| 16 | + |
10 | 17 | 2. At image build time using HEALTHCHECK in a Dockerfile |
11 | | -3. In docker-compose.yaml files, if using nerdctl compose |
| 18 | +3. In docker-compose.yaml files when using nerdctl compose |
12 | 19 |
|
13 | | -When a container is created, nerdctl determines the health check configuration based on the following priority: |
| 20 | +## Configuration Priority |
14 | 21 |
|
15 | | -1. **CLI flags** take highest precedence (e.g., `--health-cmd`, etc.) |
16 | | -2. If no CLI flags are set, nerdctl will use any health check defined in the image. |
17 | | -3. If neither is present, no health check will be configured |
| 22 | +When a container is created, nerdctl determines the health check configuration based on this priority: |
18 | 23 |
|
19 | | -Example: |
| 24 | +1. CLI flags take highest precedence (e.g., `--health-cmd`, etc.) |
| 25 | +2. If no CLI flags are set, nerdctl will use any health check defined in the image |
| 26 | +3. If neither is present, no health check will be configured |
20 | 27 |
|
21 | | -```bash |
22 | | -nerdctl run --name web --health-cmd="curl -f http://localhost || exit 1" --health-interval=30s --health-timeout=5s --health-retries=3 nginx |
23 | | -``` |
| 28 | +## Automatic Health Checks with systemd |
24 | 29 |
|
25 | | -### Disabling Health Checks |
| 30 | +On Linux systems with systemd, nerdctl automatically creates and manages systemd timer units to execute health checks at the configured intervals. This provides reliable scheduling and execution of health checks without requiring a persistent daemon. |
26 | 31 |
|
27 | | -You can disable health checks using the following flag during container create/run: |
| 32 | +### Requirements for Automatic Health Checks |
28 | 33 |
|
29 | | -```bash |
30 | | ---no-healthcheck |
31 | | -``` |
| 34 | +- systemd must be available on the system |
| 35 | +- Container must not be running in rootless mode |
| 36 | +- Environment variable `DISABLE_HC_SYSTEMD` must not be set to "true" |
32 | 37 |
|
33 | | -### Running Health Checks Manually |
| 38 | +### How It Works |
34 | 39 |
|
35 | | -nerdctl provides a container healthcheck command that can be manually triggered by the user. This command runs the |
36 | | -configured health check inside the container and reports the result. It serves as the entry point for executing |
37 | | -health checks, especially in scenarios where external scheduling is used. |
| 40 | +1. When a container with health checks is created, nerdctl: |
| 41 | + - Creates a systemd timer unit for the container |
| 42 | + - Configures the timer according to the health check interval |
| 43 | + - Starts monitoring the container's health status |
38 | 44 |
|
39 | | -Example: |
| 45 | +2. The health check status can be one of: |
| 46 | + - `starting`: During container initialization |
| 47 | + - `healthy`: When health checks are passing |
| 48 | + - `unhealthy`: After specified number of consecutive failures |
| 49 | +## Examples |
40 | 50 |
|
| 51 | +1. Basic health check that verifies a web server: |
| 52 | +```bash |
| 53 | +nerdctl run -d --name web \ |
| 54 | + --health-cmd="curl -f http://localhost/ || exit 1" \ |
| 55 | + --health-interval=5s \ |
| 56 | + --health-retries=3 \ |
| 57 | + nginx |
41 | 58 | ``` |
42 | | -nerdctl container healthcheck <container-id> |
| 59 | + |
| 60 | +2. Health check with initialization period: |
| 61 | +```bash |
| 62 | +nerdctl run -d --name app \ |
| 63 | + --health-cmd="./health-check.sh" \ |
| 64 | + --health-interval=30s \ |
| 65 | + --health-timeout=10s \ |
| 66 | + --health-retries=3 \ |
| 67 | + --health-start-period=60s \ |
| 68 | + myapp |
43 | 69 | ``` |
44 | 70 |
|
45 | | -### Future Work (WIP) |
| 71 | +3. Disable health checks: |
| 72 | +```bash |
| 73 | +nerdctl run --no-healthcheck myapp |
| 74 | +``` |
46 | 75 |
|
47 | | -Since nerdctl is daemonless and does not have a persistent background process, we rely on systemd(or external schedulers) |
48 | | -to invoke nerdctl container healthcheck at configured intervals. This allows periodic health checks for containers in a |
49 | | -systemd-based environment. We are actively working on automating health checks, where we will listen to container lifecycle |
50 | | -events and generate appropriate systemd service and timer units. This will enable nerdctl to support automated, |
51 | | -Docker-compatible health checks by leveraging systemd for scheduling and lifecycle integration. |
|
0 commit comments