# Define Health Checks in Every Dockerfile
## Rule
Every production Dockerfile MUST include a HEALTHCHECK instruction. Docker Compose services MUST define health checks for dependency ordering.
## Format
```dockerfile
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD <health check command>
```
## Good Examples
### HTTP Service
```dockerfile
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD ["wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000/health"]
```
### PostgreSQL
```dockerfile
HEALTHCHECK --interval=10s --timeout=5s --retries=5 \
CMD ["pg_isready", "-U", "postgres"]
```
### Redis
```dockerfile
HEALTHCHECK --interval=10s --timeout=3s --retries=3 \
CMD ["redis-cli", "ping"]
```
### Docker Compose
```yaml
services:
api:
build: .
healthcheck:
test: ["CMD", "wget", "--spider", "http://localhost:3000/health"]
interval: 30s
timeout: 5s
retries: 3
start_period: 10s
db:
image: postgres:16
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s
timeout: 5s
retries: 5
app:
depends_on:
db:
condition: service_healthy
```
## Bad Examples
```dockerfile
# BAD: No health check at all
FROM node:20-slim
CMD ["node", "index.js"]
# BAD: Using curl in distroless (curl not available)
HEALTHCHECK CMD curl -f http://localhost:3000/health
```
## Parameter Guide
| Parameter | Purpose | Recommended |
|-----------|---------|-------------|
| `--interval` | Time between checks | 10-30s |
| `--timeout` | Max time per check | 3-5s |
| `--start-period` | Grace period on startup | 10-60s |
| `--retries` | Failures before unhealthy | 3-5 |
## Enforcement
- Hadolint rule to flag missing HEALTHCHECK
- CI pipeline check for HEALTHCHECK in production Dockerfiles
- Kubernetes liveness/readiness probes supplement Docker health checks