Jib: support configuring a Docker HEALTHCHECK

Hi @jack-kerouac , since the default base image gcr.io/distroless/java does not include a shell, Docker healthchecks would be, by design, not usable. However, you can still use a different base image with a shell and set health checks when you run the image (with docker run for instance).

When running on Kubernetes, no shell is needed as you can configure liveness and readiness probes directly.

Closing but feel free to add additional comments if needed.

Hello @coollog, i would like to question your assumtion, that by design, a shell is needed to run a HEALTHCHECK.

The docs state that

The command after the CMD keyword can be either a shell command (e.g. HEALTHCHECK CMD /bin/check-running) or an exec array (as with other Dockerfile commands; see e.g. ENTRYPOINT for details).

So why should
HEALTHCHECK --interval=5m --timeout=3s CMD ["java", "-cp", "/app/resources/:/app/classes/:/app/libs/*", "com.company.content.feed.consumer.ContentFeedConsumerApplication", "health"]
not work?

The main application contains code like this:
if (args == health){
if checkfile.timestamp > 3600 exit(-1) else exit(0)
}

@werty1st Thanks for the tip. Reopening to potentially address this with the exec form of HEALTHCHECK. For implementators' reference: see Healthcheck in container config spec

HEALTHCHECK is very important for check container is healthy or not , especially for java service

This would be super useful to have with ECS health checks. I'd love to see support added.

tl;dr - if you feel strongly about health checks, comment on this OCI thread/submit a PR adding it to the spec to get a discussion going: https://github.com/opencontainers/image-spec/issues/749

To give an update on this issue, we've been going back and forth as a team about whether or not to support health checks with Jib. Our thoughts so far are as follows:

• At the very least, we plan on inheriting health check configurations from the base image. We're aiming to have support for this in the next release.
• We're leaning against adding healthchecks to the plugin configuration for now. Jib is intended to be an opinionated, easy to use image builder for Java kubernetes/OCI users. At the moment, kubernetes doesn't support health checks defined in the docker container config (only its liveness/readiness probes), and health checks aren't part of the OCI spec. Adding configuration options for such a docker-specific use case adds questionable value at the cost of adding a decent amount of extra complexity to Jib. As discussed above, the most likely case for health checks in java containers involves running another java application every time the health check is scheduled to run, which seems heavy-weight (would mean spinning up a new JVM every interval seconds).
• We're more open to adding healthchecks as a jib-core library feature, since jib-core is a general container builder, but may hold off on it for reason described above that it's still a very docker-specific feature. Would like to do this if OCI adds support, though.

If health checks are something people feel strongly about, this issue is currently open for adding it to the OCI spec. I would recommend reading through the thread/starting the discussion back up to get them added to the OCI spec if you feel you get a lot of value out of health checks.