In Keycloak 19.0.3 I was able to enable metrics and health checks by setting following environment variables in Dockerfile before calling kc.sh build.
FROM quay.io/keycloak/keycloak:19.0.3
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
...
RUN /opt/keycloak/bin/kc.sh build
Unfortunately this solution does not work in Keycloak 20.0.0 and or 20.0.2. I have also tried to enable health check and metrics endpoints by passing configuration directly to build command as shown below but it did not work either.
FROM quay.io/keycloak/keycloak:20.0.2
...
RUN /opt/keycloak/bin/kc.sh build --health-enabled=true --metrics-enabled=true
When I list the current configuration in the running container i get following configuration
Works for me with 20.0.2. I use a multistage Dockerfile, though I can’t see how it would make a difference.
FROM quay.io/keycloak/keycloak:20.0.2 as builder
# Expose metrics and healthcheck endpoints
ENV KC_METRICS_ENABLED=true
ENV KC_HEALTH_ENABLED=true
...
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:20.0.2
COPY --from=builder /opt/keycloak/lib/quarkus/ /opt/keycloak/lib/quarkus/
...
Maybe you used the http-relative-path-option to expose them through different endpoints?
I am using multistage Dockerfile as well but it does not work - independently of other settings show-config should show metrics-enabled and health-enabled as true but it is showing them as false.
FROM quay.io/keycloak/keycloak:20.0.2 as builder
ENV KC_HEALTH_ENABLED=true
ENV KC_METRICS_ENABLED=true
ENV KC_DB=mysql
# Install custom providers
...
RUN /opt/keycloak/bin/kc.sh build
FROM quay.io/keycloak/keycloak:20.0.2
COPY --from=builder /opt/keycloak/ /opt/keycloak/
WORKDIR /opt/keycloak
ENTRYPOINT ["/opt/keycloak/bin/kc.sh", "start"]
What did WORK for me is setting following environment variables when starting previously build container…
When starting the server with command start only, Keycloak is doing an implicit build again, this behavior has changed and was different in previous versions.
So, if you do a build in your Dockerfile, start the server in optimized mode with kc.sh start --optimized
Then, no implicit build will be performed and the previously build Keycloak image will be used with your proper settings.