rsp2k/coredns
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

coredns: fix silently-broken healthcheck (distroless image has no wget)

Browse Source 
The original healthcheck `wget -qO- http://127.0.0.1:8080/health` has
been failing since day one because the CoreDNS image is distroless —
no shell, no HTTP client. The container has been running in
"(unhealthy)" status the whole time without anyone noticing because
nothing depends_on it.

Replace with `/coredns -version`, which is the thinnest honest check
the image can support. For deeper liveness/readiness, scrape
:8081/health from outside the container.
This commit is contained in:
Ryan Malloy 2026-05-16 14:01:22 -06:00
parent 3d47d67e89
commit b78cfb0b45
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docker-compose.yml
View File

@ -60,8 +60,14 @@ services:
# (ACME registration private key) is sibling to /caddy and is NOT # (ACME registration private key) is sibling to /caddy and is NOT
# exposed to CoreDNS — only /caddy is mounted. # exposed to CoreDNS — only /caddy is mounted.
- ./caddy-data/caddy:/etc/coredns/certs:ro - ./caddy-data/caddy:/etc/coredns/certs:ro
# CoreDNS's official image is distroless (no shell, no wget/curl), so
# the conventional `wget /health` healthcheck silently fails forever
# and Docker reports the container as unhealthy. The coredns binary
# itself supports a version flag, which exits 0 only if the binary
# is runnable — a thin but honest liveness probe. For deeper checks,
# query :8081/health from outside the container (curl from the host).
healthcheck: healthcheck:
test: ["CMD", "wget", "-qO-", "http://127.0.0.1:8080/health"] test: ["CMD", "/coredns", "-version"]
interval: 30s interval: 30s
timeout: 5s timeout: 5s
retries: 3 retries: 3