Last active
September 7, 2024 19:06
-
-
Save sarath-soman/5d9aec06953bbd0990c648605d4dba07 to your computer and use it in GitHub Desktop.
Keycloak docker compose with health checks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Keycloak containers doesn't come with curl or wget in it, this forces the users to use alternative mechanisms to realise | |
# health check for the keycloak standard containers. This example leverages the capability of modern Java to dynamically | |
# compile a *.java source file and execute it on the fly using the `java` command. The HealthCheck class uses | |
# java.net.URL to open a connection to the `health/live` endpoint of keycloak and exits the process with a non-zero status | |
# if the http status is not `Ok` | |
version: '3' | |
services: | |
############################ | |
# Keycloak service | |
############################ | |
keycloak: | |
image: quay.io/keycloak/keycloak:22.0.5 | |
command: | |
- start-dev | |
- --import-realm | |
environment: | |
KEYCLOAK_ADMIN: admin | |
KEYCLOAK_ADMIN_PASSWORD: admin | |
DB_VENDOR: h2 | |
KC_HEALTH_ENABLED: true | |
ports: | |
- '8080:8080' | |
volumes: | |
- ./keycloak:/opt/keycloak/data/import | |
healthcheck: | |
test: ['CMD-SHELL', '[ -f /tmp/HealthCheck.java ] || echo "public class HealthCheck { public static void main(String[] args) throws java.lang.Throwable { System.exit(java.net.HttpURLConnection.HTTP_OK == ((java.net.HttpURLConnection)new java.net.URL(args[0]).openConnection()).getResponseCode() ? 0 : 1); } }" > /tmp/HealthCheck.java && java /tmp/HealthCheck.java http://localhost:8080/health/live'] | |
interval: 5s | |
timeout: 5s | |
retries: 30 | |
can also do
healthcheck:
test: ["CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/8080;echo -e \"GET /health/ready HTTP/1.1\r\nhost: http://localhost\r\nConnection: close\r\n\r\n\" >&3;grep \"HTTP/1.1 200 OK\" <&3"]
interval: 5s
timeout: 5s
retries: 3
can also do
healthcheck: test: ["CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/8080;echo -e \"GET /health/ready HTTP/1.1\r\nhost: http://localhost\r\nConnection: close\r\n\r\n\" >&3;grep \"HTTP/1.1 200 OK\" <&3"] interval: 5s timeout: 5s retries: 3
👍
Thanks a lot!
Happy to help
Thanks for sharing! 💯
Thanks for sharing! 💯
👍
test: ["CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/8080;echo -e 'GET /health/ready HTTP/1.1\r\nhost: http://localhost\r\nConnection: close\r\n\r\n' >&3;if [ $? -eq 0 ]; then echo 'Healthcheck Successful';exit 0;else echo 'Healthcheck Failed';exit 1;fi;"]
@patrickmichalina in my case keycloak:latest
this failed still by exit 1 other than 0, so I modified it a bit.
@michael-riha as of keycloak v25 the healthchecks metric endpoint is served on a different port which is by default port 9000
I am doing this:
- in the docker-compose:
... volumes: - ${BASE_PATH}/src/__test__/integration/healthcheck.sh:/opt/keycloak/bin/healthcheck.sh healthcheck: test: /opt/keycloak/bin/healthcheck.sh || exit 1 ...
- the healthcheck.sh is
/opt/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/${KC_HTTP_RELATIVE_PATH}/ --realm master --user ${KEYCLOAK_ADMIN} --password ${KEYCLOAK_ADMIN_PASSWORD} /opt/keycloak/bin/kcadm.sh get http://localhost:8080/${KC_HTTP_RELATIVE_PATH}/health
working for me using keycloak/keycloak:25.0.1
healthcheck:
test: ["CMD-SHELL", "exec 3<>/dev/tcp/127.0.0.1/9000;echo -e 'GET /health/ready HTTP/1.1\r\nhost: http://localhost\r\nConnection: close\r\n\r\n' >&3;if [ $? -eq 0 ]; then echo 'Healthcheck Successful';exit 0;else echo 'Healthcheck Failed';exit 1;fi;"]
interval: 30s
timeout: 10s
retries: 3
@marco-carvalho indeed this is the only solution that worked for me on the latest version.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks a lot!