imp(docker): healtcheck and updated versions (#21)

* imp(docker): healtcheck and updated versions This improves the structure of the Dockerfile, uses the new DNS seeder version, which fixes some build issues and adds logging to coreDNS when there's an error * Apply suggestions from code review Co-authored-by: Conrado Gouvea <[email protected]> --------- Co-authored-by: Conrado Gouvea <[email protected]>
ZcashFoundation · Mar 15, 2024 · bcd77dc · bcd77dc
1 parent 78495f5
commit bcd77dc
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 26 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,19 +1,23 @@
-FROM golang:1.17.3-alpine3.14 as builder
-LABEL maintainer "Zcash Foundation <[email protected]>"
+ARG GO_VERSION=1.21.0
+ARG ALPINE_VERSION=3.18
+ARG COREDNS_VERSION=1.11.1
+ARG DNSSEEDER_VERSION=v0.2.4-beta
+
+FROM coredns/coredns:${COREDNS_VERSION} AS coredns
 
-ENV PATH /go/bin:/usr/local/go/bin:$PATH
-ENV GOPATH /go
+FROM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS builder
+LABEL maintainer "Zcash Foundation <[email protected]>"
 
 RUN apk --no-cache add \
-	bash \
 	ca-certificates \
+	libcap \
 	git \
 	make
 
-ENV COREDNS_VERSION v1.6.9
-ENV DNSSEEDER_VERSION v0.2.3
+ARG COREDNS_VERSION
+ARG DNSSEEDER_VERSION
 
-RUN git clone --depth 1 --branch ${COREDNS_VERSION} https://github.com/coredns/coredns /go/src/github.com/coredns/coredns
+RUN git clone --depth 1 --branch v${COREDNS_VERSION} https://github.com/coredns/coredns /go/src/github.com/coredns/coredns
 
 WORKDIR /go/src/github.com/coredns/coredns
 
@@ -23,28 +27,26 @@ RUN echo "replace github.com/btcsuite/btcd => github.com/ZcashFoundation/btcd v0
 
 RUN go get github.com/zcashfoundation/dnsseeder/dnsseed@${DNSSEEDER_VERSION}
 
-RUN make all \
-	&& mv coredns /usr/bin/coredns
+RUN make all && \
+	setcap cap_net_bind_service=+ep ./coredns
 
+FROM alpine:${ALPINE_VERSION} AS runner
 
-FROM alpine:latest
+RUN apk --no-cache add bind-tools
 
-RUN apk --no-cache add libcap
+USER nobody:nobody
 
-COPY --from=builder /usr/bin/coredns /usr/bin/coredns
-COPY --from=builder /etc/ssl/certs/ /etc/ssl/certs
+COPY --from=builder /go/src/github.com/coredns/coredns/coredns /usr/bin/coredns
+COPY --from=coredns /etc/ssl/certs /etc/ssl/certs
 
-COPY coredns/Corefile /etc/dnsseeder/Corefile
-
-RUN setcap 'cap_net_bind_service=+ep' /usr/bin/coredns
+COPY coredns/Corefile /etc/coredns/Corefile
 
 # DNS will bind to 53
-EXPOSE 53
-
-VOLUME /etc/dnsseeder
+EXPOSE 53 53/udp
 
-RUN adduser --disabled-password dnsseeder
-USER dnsseeder
+# Check if the Coredns container is healthy
+HEALTHCHECK --interval=5s --retries=10 CMD dig @0.0.0.0 mainnet.seeder.zfnd.org +dnssec >/dev/null
 
-ENTRYPOINT [ "coredns" ]
-CMD [ "-conf", "/etc/dnsseeder/Corefile"]
+# Start coredns with custom configuration file
+ENTRYPOINT ["coredns"]
+CMD ["-conf", "/etc/coredns/Corefile"]
diff --git a/coredns/Corefile b/coredns/Corefile
@@ -1,17 +1,25 @@
-mainnet.seeder.example.com {
+mainnet.seeder.zfnd.org {
     dnsseed {
         network mainnet
         bootstrap_peers mainnet.z.cash:8233 dnsseed.str4d.xyz:8233 mainnet.is.yolo.money:8233 mainnet.seeder.zfnd.org:8233
         crawl_interval 30m
         record_ttl 600
     }
+    # Add a log block to enable logging
+    log {
+        class denial error
+    }
 }
 
-testnet.seeder.example.com {
+testnet.seeder.zfnd.org {
     dnsseed {
         network testnet
         bootstrap_peers dnsseed.testnet.z.cash:18233 testnet.is.yolo.money:18233 testnet.seeder.zfnd.org:18233
         crawl_interval 15m
         record_ttl 300
     }
+    # Add a log block to enable logging
+    log {
+        class denial error
+    }
 }