무인 업그레이드 후 Cron Docker 컨테이너가 제대로 재부팅되지 않음

면책 조항, 저는 일반적으로 Docker와 서버에 대한 경험이 거의 없습니다. 서버에 관련된 대부분의 일들은 전직 직원들이 만든 매뉴얼을 따라하고, 구글링을 많이 해서 합니다.

우리는 Docker Swarm을 사용하여 Docker 컨테이너에 대한 업데이트를 관리하고 있습니다. 또한 보안 업그레이드를 위해 무인 업그레이드를 사용합니다.
무인 업그레이드가 실행된 후 모든 컨테이너가 생성되고 모든 Docker 서비스가 정상적으로 실행됩니다(예:someappservice_cache또는someappservice_someappservice), 별도의 Docker 서비스에서 실행되는 Cron 인스턴스는 제외(someappservice_cron).
Docker 서비스를 수동으로 업데이트해야 할 때마다 이 문제는 발생하지 않습니다. 따라서 모든 무인 업그레이드가 실행된 후 Cron 서비스를 다시 정상적으로 실행하려면 Cron 서비스를 수동으로 다시 시작해야 합니다. 다음은 서비스를 수동으로 다시 시작하는 데 사용하는 명령입니다.

git checkout newappversion
sudo docker-compose build
sudo docker-compose config > someappservice.docker.stack
sudo docker stack deploy --compose-file someappservice.docker.stack someappservice
sudo docker service update --force someappservice_cron

무인 업그레이드가 완료된 후에 왜 작동하지 않는지 잘 모르겠습니다. 무엇이 잘못될 수 있는지 아는 사람이 있나요?

이것은 cron.Docker 파일입니다.

FROM alpine:latest

RUN apk add --update apk-cron curl tzdata

COPY docker-entrypoint.sh /
COPY crontab.txt timeout-check.sh notifications-email-daily.sh notifications-email-hourly.sh /

RUN /usr/bin/crontab /crontab.txt

CMD [ "/docker-entrypoint.sh" ]

이것은 docker-entrypoint.sh입니다.

#!/bin/sh

# start cron
/usr/sbin/crond -f -l 8

이것은 50개의 무인 업그레이드 파일입니다:

// Automatically upgrade packages from these (origin:archive) pairs
//
// Note that in Ubuntu security updates may pull in new dependencies
// from non-security sources (e.g. chromium). By allowing the release
// pocket these get automatically pulled in.
Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}";
    "${distro_id}:${distro_codename}-security";
    // Extended Security Maintenance; doesn't necessarily exist for
    // every release and this system may not have it installed, but if
    // available, the policy for updates is such that unattended-upgrades
    // should also install from here by default.
    "${distro_id}ESMApps:${distro_codename}-apps-security";
    "${distro_id}ESM:${distro_codename}-infra-security";
//  "${distro_id}:${distro_codename}-updates";
//  "${distro_id}:${distro_codename}-proposed";
//  "${distro_id}:${distro_codename}-backports";
};

// Python regular expressions, matching packages to exclude from upgrading
Unattended-Upgrade::Package-Blacklist {
    // The following matches all packages starting with linux-
//  "linux-";

    // Use $ to explicitely define the end of a package name. Without
    // the $, "libc6" would match all of them.
//  "libc6$";
//  "libc6-dev$";
//  "libc6-i686$";

    // Special characters need escaping
//  "libstdc\+\+6$";

    // The following matches packages like xen-system-amd64, xen-utils-4.1,
    // xenstore-utils and libxenstore3.0
//  "(lib)?xen(store)?";

    // For more information about Python regular expressions, see
    // https://docs.python.org/3/howto/regex.html
};

// This option controls whether the development release of Ubuntu will be
// upgraded automatically. Valid values are "true", "false", and "auto".
Unattended-Upgrade::DevRelease "auto";

// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run 
//   dpkg --force-confold --configure -a
// The default is true, to ensure updates keep getting installed
//Unattended-Upgrade::AutoFixInterruptedDpkg "true";

// Split the upgrade into the smallest possible chunks so that
// they can be interrupted with SIGTERM. This makes the upgrade
// a bit slower but it has the benefit that shutdown while a upgrade
// is running is possible (with a small delay)
//Unattended-Upgrade::MinimalSteps "true";

// Install all updates when the machine is shutting down
// instead of doing it in the background while the machine is running.
// This will (obviously) make shutdown slower.
// Unattended-upgrades increases logind's InhibitDelayMaxSec to 30s.
// This allows more time for unattended-upgrades to shut down gracefully
// or even install a few packages in InstallOnShutdown mode, but is still a
// big step back from the 30 minutes allowed for InstallOnShutdown previously.
// Users enabling InstallOnShutdown mode are advised to increase
// InhibitDelayMaxSec even further, possibly to 30 minutes.
//Unattended-Upgrade::InstallOnShutdown "false";

// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. A package that provides
// 'mailx' must be installed. E.g. "[email protected]"
//Unattended-Upgrade::Mail "";

// Set this value to one of:
//    "always", "only-on-error" or "on-change"
// If this is not set, then any legacy MailOnlyOnError (boolean) value
// is used to chose between "only-on-error" and "on-change"
//Unattended-Upgrade::MailReport "on-change";

// Remove unused automatically installed kernel-related packages
// (kernel images, kernel headers and kernel version locked tools).
//Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

// Do automatic removal of newly unused dependencies after the upgrade
//Unattended-Upgrade::Remove-New-Unused-Dependencies "true";

// Do automatic removal of unused packages after the upgrade
// (equivalent to apt-get autoremove)
//Unattended-Upgrade::Remove-Unused-Dependencies "false";

// Automatically reboot *WITHOUT CONFIRMATION* if
//  the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "true";

// Automatically reboot even if there are users currently logged in
// when Unattended-Upgrade::Automatic-Reboot is set to true
//Unattended-Upgrade::Automatic-Reboot-WithUsers "true";

// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
//  Default: "now"
Unattended-Upgrade::Automatic-Reboot-Time "23:10";

// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";

// Enable logging to syslog. Default is False
// Unattended-Upgrade::SyslogEnable "false";

// Specify syslog facility. Default is daemon
// Unattended-Upgrade::SyslogFacility "daemon";

// Download and install upgrades only on AC power
// (i.e. skip or gracefully stop updates on battery)
// Unattended-Upgrade::OnlyOnACPower "true";

// Download and install upgrades only on non-metered connection
// (i.e. skip or gracefully stop updates on a metered connection)
// Unattended-Upgrade::Skip-Updates-On-Metered-Connections "true";

// Verbose logging
// Unattended-Upgrade::Verbose "false";

// Print debugging information both in unattended-upgrades and
// in unattended-upgrade-shutdown
// Unattended-Upgrade::Debug "false";

// Allow package downgrade if Pin-Priority exceeds 1000
// Unattended-Upgrade::Allow-downgrade "false";

이는 docker-compose.yml의 일부입니다.

cron:
    build:
      context: cron
      dockerfile: cron.Dockerfile
    image: cron:latest
    depends_on:
      - someappservice
    networks:
      - someappservice
    deploy:
      replicas: 1