Enabling Health Checks and Metrics

tomasz · January 3, 2023, 2:56pm

In Keycloak 19.0.3 I was able to enable metrics and health checks by setting following environment variables in Dockerfile before calling kc.sh build.

FROM quay.io/keycloak/keycloak:19.0.3
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
...
RUN /opt/keycloak/bin/kc.sh build

Unfortunately this solution does not work in Keycloak 20.0.0 and or 20.0.2. I have also tried to enable health check and metrics endpoints by passing configuration directly to build command as shown below but it did not work either.

FROM quay.io/keycloak/keycloak:20.0.2
...
RUN /opt/keycloak/bin/kc.sh build --health-enabled=true --metrics-enabled=true

When I list the current configuration in the running container i get following configuration

./kc.sh show-config

kc.health-enabled =  false (PersistedConfigSource)
kc.metrics-enabled =  false (PersistedConfigSource)

midlane_jake · January 3, 2023, 7:53pm

Works for me with 20.0.2. I use a multistage Dockerfile, though I can’t see how it would make a difference.

FROM quay.io/keycloak/keycloak:20.0.2 as builder
# Expose metrics and healthcheck endpoints
ENV KC_METRICS_ENABLED=true
ENV KC_HEALTH_ENABLED=true
...
RUN /opt/keycloak/bin/kc.sh build


FROM quay.io/keycloak/keycloak:20.0.2
COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
...

Maybe you used the http-relative-path-option to expose them through different endpoints?

tomasz · January 4, 2023, 8:57am

I am using multistage Dockerfile as well but it does not work - independently of other settings show-config should show metrics-enabled and health-enabled as true but it is showing them as false.

FROM quay.io/keycloak/keycloak:20.0.2 as builder
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_DB=mysql
# Install custom providers
...
RUN /opt/keycloak/bin/kc.sh build

FROM quay.io/keycloak/keycloak:20.0.2
COPY --from=builder /opt/keycloak/ /opt/keycloak/
WORKDIR /opt/keycloak
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]

What did WORK for me is setting following environment variables when starting previously build container…

environment:
      KC_HEALTH_ENABLED: true
      KC_METRICS_ENABLED: true

Once the container is started i can see the following in show-config and endpoint are accessible…

kc.health-enabled =  true (KcEnvVarConfigSource)
kc.health.enabled =  true (KcEnvVarConfigSource)
kc.metrics-enabled =  true (KcEnvVarConfigSource)
kc.metrics.enabled =  true (KcEnvVarConfigSource)

Anyone has any idea why?

dasniko · January 4, 2023, 10:32am

When starting the server with command start only, Keycloak is doing an implicit build again, this behavior has changed and was different in previous versions.
So, if you do a build in your Dockerfile, start the server in optimized mode with
kc.sh start --optimized
Then, no implicit build will be performed and the previously build Keycloak image will be used with your proper settings.

tomasz · January 4, 2023, 11:11am

Thanks! That was it.

Topic		Replies	Views
KeyCloak 19.0.1: KC_* Environment variables are ignored Configuring the server	4	4167	September 6, 2022
KC database env configurations are ignored Configuring the server	2	1734	February 7, 2023
Microprofile Health endpoints	2	1911	October 25, 2019
Health endpoint Configuring the server	1	8052	March 9, 2022
Running Keycloak production on DigitalOean Configuring the server container	1	2548	April 26, 2022

Enabling Health Checks and Metrics

Related Topics