Replace Docker healthcheck with s6 readiness notifications#25
Merged
Conversation
Docker's healthcheck polling was used to determine when services were ready. s6-notifyoncheck provides the same readiness detection but integrates natively with the s6 supervision tree, enabling proper dependency ordering between services (e.g. buildkitd waits for dnsmasq and haproxy) without external polling.
The manual download (curl + tar + xz) added build complexity and pinned to a specific release archive. Alpine's apk repository already packages s6-overlay, so using it simplifies the Dockerfile and delegates version management to the base image's package index.
dash14
force-pushed
the
refactor/s6-readiness-notification
branch
from
872cd61 to
43ae83b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Replace Docker's
healthcheckwith s6 readiness notifications and manage buildkitd as an s6 service instead of the container's CMD.Why
Docker healthcheck was insufficient for startup ordering
The previous setup used Docker's
healthcheckto signal container readiness. However, this only tells Docker Compose that the container is healthy — it does not coordinate startup order within the container. buildkitd was launched as the container's CMD and could start before dnsmasq or haproxy were actually ready. While this race condition had not caused issues in practice, the startup order was not guaranteed and relied on timing rather than explicit dependency management.buildkitd needs to wait for dependencies
buildkitd depends on dnsmasq (DNS resolution for builds), haproxy (proxy enforcement), and iptables rules (network isolation). These must all be ready before buildkitd accepts connections. s6's dependency system (
dependencies.d/) enforces this ordering natively — buildkitd only starts after dnsmasq and haproxy report readiness and init-iptables completes.s6-overlay installation was unnecessarily complex
s6-overlay was downloaded from GitHub releases via curl + tar + xz at build time, requiring architecture detection and a multi-step extraction. Alpine's apk repository already packages s6-overlay, so using
apk addsimplifies the Dockerfile and eliminates the pinned archive download.Changes
buildkitdas an s6 longrun service with dependencies on dnsmasq, haproxy, and init-iptabless6-notifyoncheckwith health check scripts to dnsmasq and haproxy services for readiness notificationCMDfrom Dockerfile — buildkitd is now managed by s6healthcheckfrom compose.yml and setup/compose.ymlRUN chmod— files are committed with correct permissionsapk addinstead of downloading from GitHub releases