NOTE: This was created by AI (gemini) based on my experience developing with chroma
Summary
The default ChromaDB Docker image (ghcr.io/chroma-core/chroma) is a "slim" distribution that does not include common networking utilities like curl, wget, or python.
When users attempt to implement a standard healthcheck in docker-compose.yml using these tools, the check fails with an OCI runtime error:
exec: "curl": executable file not found in $PATH.
Because the health check executes inside the container, it is limited to the binaries available in the image's /usr/bin/.
The Fix: Pure Bash Socket Check
Since the image includes bash, we can use Bash's built-in /dev/tcp device handler to perform a zero-dependency port check. This avoids the need to install additional packages or bloat the production image.
Recommended docker-compose.yml configuration:
services:
chromadb:
image: ghcr.io/chroma-core/chroma:latest
# ... other config ...
healthcheck:
# Use CMD to bypass the default /bin/sh and use bash directly
test: ["CMD", "/bin/bash", "-c", "</dev/tcp/localhost/8000"]
interval: 10s
timeout: 5s
retries: 3
start_period: 10sKey Technical Takeaways
- Direct Execution: Using ["CMD", "/bin/bash", ...] ensures that the command is interpreted by Bash even if the container's default shell is sh (which often lacks /dev/tcp support).
- Internal Context: The health check must target the internal container port (8000), regardless of what port is mapped to the host (e.g., 8080:8000).
- Start Period: Adding a start_period is crucial as ChromaDB requires a few seconds to initialize its database components before the port becomes responsive.
NOTE: This was created by AI (gemini) based on my experience developing with chroma
Summary
The default ChromaDB Docker image (ghcr.io/chroma-core/chroma) is a "slim" distribution that does not include common networking utilities like curl, wget, or python.
When users attempt to implement a standard healthcheck in docker-compose.yml using these tools, the check fails with an OCI runtime error:
exec: "curl": executable file not found in $PATH.
Because the health check executes inside the container, it is limited to the binaries available in the image's /usr/bin/.
The Fix: Pure Bash Socket Check
Since the image includes bash, we can use Bash's built-in /dev/tcp device handler to perform a zero-dependency port check. This avoids the need to install additional packages or bloat the production image.
Recommended docker-compose.yml configuration:
Key Technical Takeaways