1
<#import "/templates/guide.adoc" as tmpl>
2
<#import "/templates/kc.adoc" as kc>
3
<#import "/templates/options.adoc" as opts>
4
<#import "/templates/links.adoc" as links>
7
title="Enabling {project_name} Health checks"
8
summary="Learn how to enable and use {project_name} health checks"
9
includedOptions="health-enabled">
11
{project_name} has built in support for health checks. This {section} describes how to enable and use the Keycloak health checks.
13
== {project_name} health check endpoints
15
{project_name} exposes 4 health endpoints:
22
See the https://quarkus.io/guides/smallrye-health#running-the-health-check[Quarkus SmallRye Health docs] for information on the meaning of each endpoint.
24
These endpoints respond with HTTP status `200 OK` on success or `503 Service Unavailable` on failure, and a JSON object like the following:
26
.Successful response for endpoints without additional per-check information:
35
.Successful response for endpoints with information on the database connection:
42
"name": "Keycloak database connections health check",
49
== Enabling the health checks
50
It is possible to enable the health checks using the build time option `health-enabled`:
52
<@kc.build parameters="--health-enabled=true"/>
54
By default, no check is returned from the health endpoints.
56
== Using the health checks
58
It is recommended that the health endpoints be monitored by external HTTP requests. Due to security measures that remove `curl` and other packages from the {project_name} container image, local command-based monitoring will not function easily.
60
If you are not using {project_name} in a container, use whatever you want to access the health check endpoints.
64
You may use a simple HTTP HEAD request to determine the `+live+` or `+ready+` state of {project_name}. `+curl+` is a good HTTP client for this purpose.
66
If {project_name} is deployed in a container, you must run this command from outside it due to the previously mentioned security measures. For example:
70
curl --head -fsS http://localhost:8080/health/ready
73
If the command returns with status 0, then {project_name} is `+live+` or `+ready+`, depending on which endpoint you called. Otherwise there is a problem.
77
Define a https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#http-probes[HTTP Probe] so that Kubernetes may externally monitor the health endpoints. Do not use a liveness command.
81
The Dockerfile image `+HEALTHCHECK+` instruction defines a command that will be periodically executed inside the container as it runs. The {project_name} container does not have any CLI HTTP clients installed. Consider installing `+curl+` as an additional RPM, as detailed by the <@links.server id="containers" /> {section}. Note that your container may be less secure because of this.
85
The table below shows the available checks.
89
|Check | Description | Requires Metrics
92
|Returns the status of the database connection pool.
97
For some checks, you'll need to also enable metrics as indicated by the `Requires Metrics` column. To enable metrics
98
use the `metrics-enabled` option as follows:
100
<@kc.build parameters="--health-enabled=true --metrics-enabled=true"/>