5

What's the best way to test the health of Keycloak configured as cluster deployed as docker swarm service?

I tried the below healthcheck for testing availability in Keycloak service descriptor:

   healthcheck:
      test: ["CMD-SHELL", "curl http://localhost:8080/auth/realms/[realm_name]"]
      interval: 30s
      timeout: 10s
      retries: 10
      start_period: 1m

Are there more things to check for? Couldn't find the documentation for this.

rok
  • 9,403
  • 17
  • 70
  • 126
  • 2
    check this jira https://issues.jboss.org/browse/KEYCLOAK-1578, other options discussed – ravthiru Nov 14 '18 at 22:37
  • You need to add the `--fail` option to your curl command if you want it to fail when it receives something other than a 200 – HectorJ Sep 02 '19 at 08:05

3 Answers3

2

With Keycloak 21 new micro base image is used, so 'curl' no longer included in Image so healthcheck will not work anymore.

If Keycloak configured without HTTPS my workaround is this:

#!/bin/bash
exec 3<>/dev/tcp/localhost/8080

echo -e "GET /auth/health/ready HTTP/1.1\nhost: localhost:8080\n" >&3

timeout --preserve-status 1 cat <&3 | grep -m 1 status | grep -m 1 UP
ERROR=$?

exec 3<&-
exec 3>&-

exit $ERROR
bruegth
  • 461
  • 5
  • 13
1

I prefer to listen directly the 'master' realm. Morover most recent Keycloak versions uses a different path (omitting 'auth'):

healthcheck:
  test: ["CMD", "curl", "-f", "http://0.0.0.0:8080/realms/master"]
  start_period: 10s
  interval: 30s
  retries: 3
  timeout: 5s
dev_hero
  • 194
  • 1
  • 7
1

One can also use the /health endpoint on the KeyCloak container as follows:

"healthCheck": {
  "retries": 3,
  "command": [
    "CMD-SHELL",
    "curl -f http://localhost:8080/health || exit 1"
   ],
   "timeout": 5,
   "interval": 60,
   "startPeriod": 300
 }
dingo
  • 443
  • 3
  • 16