Skip to content

Image value not used for health-startup-cmd #27724

New issue
New issue
Open
#27857
Open
Image value not used for health-startup-cmd#27724
#27857
Assignees
arsenalzp
Labels
kind/featureCategorizes issue or PR as related to a new feature.triagedIssue has been triaged
@betelgeuse

Description

@betelgeuse
betelgeuse
opened on Dec 9, 2025

Issue Description

For health-cmd we have:

podman/docs/source/markdown/options/health-cmd.md

Line 14 in ed132b7

Note: The default values are used even if healthcheck is configured in the image.

For health-startup-cmd there's no documentation that the configuration from the image would be used and this matches how at least 5.4.2 seems to behave https://github.com/containers/podman/blob/ed132b7a720e6562d54646081f80f685338f15c5/docs/source/markdown/options/health-startup-cmd.md

Steps to reproduce the issue

Given an image built with buildkit:

$ docker inspect -f '{{json .Config.Healthcheck}}' $IMAGE
{"Test":["CMD-SHELL","pg_isready -U postgres"],"Interval":3600000000000,"StartPeriod":60000000000,"StartInterval":1000000000}

Describe the results you received

With docker pg_isready is run every second:

            "Health": {
                "Status": "healthy",
                "FailingStreak": 0,
                "Log": [
                    {
                        "Start": "2025-12-09T12:03:03.836191549Z",
                        "End": "2025-12-09T12:03:04.227778507Z",
                        "ExitCode": 2,
                        "Output": "/var/run/postgresql:5432 - no response\n"
                    },
                    {
                        "Start": "2025-12-09T12:03:05.229269716Z",
                        "End": "2025-12-09T12:03:05.4471183Z",
                        "ExitCode": 2,
                        "Output": "/var/run/postgresql:5432 - no response\n"
                    },
                    {
                        "Start": "2025-12-09T12:03:06.448626008Z",
                        "End": "2025-12-09T12:03:06.691341842Z",
                        "ExitCode": 0,
                        "Output": "/var/run/postgresql:5432 - accepting connections\n"
                    }
                ]
            }

With podman it's only run once and then scheduled

2025-12-09 11:14:41.340943129 +0000 UTC container health_status feeb1bb73a5b00ea57ace734c4d4def9a4cb76631f1a2b2877d0655fc47a0005 (image=IMAGE, name=postgres, health_status=starting, health_failing_streak=0, health_log=, PODMAN_SYSTEMD_UNIT=postgres.service)

Describe the results you expected

Podman behavior should match Docker.

podman info output

host:
  arch: amd64
  buildahVersion: 1.39.3
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - memory
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon_2.1.12-4_amd64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: unknown'
  cpuUtilization:
    idlePercent: 98.53
    systemPercent: 0.5
    userPercent: 0.96
  cpus: 2
  databaseBackend: sqlite
  distribution:
    codename: trixie
    distribution: debian
    version: "13"
  eventLogger: journald
  freeLocks: 2046
  hostname: postgres
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.12.41+deb13-cloud-amd64
  linkmode: dynamic
  logDriver: journald
  memFree: 1439248384
  memTotal: 4012314624
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: Unknown
    package: netavark_1.14.0-2_amd64
    path: /usr/lib/podman/netavark
    version: netavark 1.14.0
  ociRuntime:
    name: crun
    package: crun_1.21-1_amd64
    path: /usr/bin/crun
    version: |-
      crun version 1.21
      commit: 10269840aa07fb7e6b7e1acff6198692d8ff5c88
      rundir: /run/user/0/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: ""
    package: ""
    version: ""
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  rootlessNetworkCmd: pasta
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 0
  swapTotal: 0
  uptime: 0h 44m 50.00s
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries: {}
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 1
    stopped: 0
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 39990112256
  graphRootUsed: 1925476352
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "true"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 1
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 5.4.2
  BuildOrigin: Debian
  Built: 1753478586
  BuiltTime: Fri Jul 25 21:23:06 2025
  GitCommit: ""
  GoVersion: go1.24.4
  Os: linux
  OsArch: linux/amd64
  Version: 5.4.2

Podman in a container

No

Privileged Or Rootless

None

Upstream Latest Release

Yes

Additional environment details

Additional environment details

Additional information

If later release has fixed the behaviour, at minimum the documentation in main need updating.

Metadata

Metadata

Assignees

Labels

kind/featureCategorizes issue or PR as related to a new feature.triagedIssue has been triaged

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions