Browse Source
The way Docker health checks work is:
1. The container is started
2. Docker waits a full healthcheck `interval`
3. A healthcheck is made. If OK, mark as healthy
The problem is that (as described in 2.), Docker always
waits a full interval before doing the first check.
The `interval` configuration serves 2 purposes:
- wait time before the first health check
- wait time between subsequent health checks
This annoyance is also described in: https://github.com/moby/moby/issues/33410
The way this manifests as a problem is when reverse-proxying with Traefik,
like we do by default in https://github.com/spantaleev/vaultwarden-docker-ansible-deploy
Traefik refuses to reverse-proxy to containers which are unhealthy
(Health Status=starting is also considered unhealthy).
This means that Vaultwarden, with its current 60 second healthcheck interval
will take a full minute to become healthy and to be reachable by Traefik.
In vaultwarden-docker-ansible-deploy, we currently work around this by
overriding the default health check interval:
015c459970/roles/custom/devture_vaultwarden/templates/vaultwarden.service.j2 (L15-L36)
With our workaround (which this patch also applies), it *only* takes 10 seconds
after Vaultwarden startup and until Traefik would reverse-proxy to it.
pull/2996/head
Slavi Pantaleev
3 years ago
1 changed files with 1 additions and 1 deletions
Loading…
Reference in new issue