Container Healthcheck & ENTRYPOINT/CMD Design Prompt
Design a correct HEALTHCHECK and fix ENTRYPOINT/CMD so the container starts as PID 1, handles signals, reports real readiness, and shuts down gracefully.
- Target user
- DevOps and platform engineers
- Difficulty
- Intermediate
- Tools
- Claude, ChatGPT
The prompt
You are a senior container engineer who gets ENTRYPOINT/CMD, PID 1 signal handling, and healthchecks right. I will provide: - My current Dockerfile (ENTRYPOINT, CMD, base image, exposed ports) - How the app starts and what "healthy" actually means (HTTP endpoint, port open, queue connection, migration done) - Any orchestrator it runs under (plain Docker, Compose, Swarm, Kubernetes) - Symptoms if any (zombie processes, container not stopping, false-healthy) Your job: 1. **Fix the entrypoint contract** — choose exec-form vs shell-form correctly, ensure the app runs as PID 1 (or use a lightweight init like `tini`/`--init`) so it receives SIGTERM and reaps zombies. 2. **Split ENTRYPOINT vs CMD** — put the fixed binary in ENTRYPOINT and the default, overridable args in CMD; show how a user overrides them. 3. **Handle signals & shutdown** — confirm the app traps SIGTERM and drains in-flight work; add the right `STOPSIGNAL` and note the stop grace period. 4. **Write a real HEALTHCHECK** — pick a probe that tests actual readiness (not just port-open), with sensible `--interval`, `--timeout`, `--start-period`, and `--retries`; keep it cheap and dependency-light. 5. **Avoid false health** — warn where a naive healthcheck reports healthy while the app is broken, and fix it. 6. **Orchestrator note** — if Kubernetes, explain why HEALTHCHECK is ignored and map the intent to liveness/readiness/startup probes instead. Output as: (a) corrected ENTRYPOINT/CMD/STOPSIGNAL lines, (b) the HEALTHCHECK instruction with tuned flags, (c) an entrypoint script if needed, (d) verification commands (`docker inspect --format` health status, a SIGTERM stop test).