Keycloak Health Check SPI Proposal
750 views
Skip to first unread message
Thomas Darimont
Aug 25, 2021, 3:50:36 AM8/25/21
to Keycloak Dev
Dear Keycloak Developers,
In Keycloak Projects, we often need to integrate with different systems.
Often it is vital for Keycloak that those external systems are reachable from
Keycloak and work as expected. In such cases, it is helpful to get fast feedback
if a downstream component is not reachable. This is usually achieved with
custom health checks.
Currently, Keycloak provides no explicit SPI for implementing custom health-checks.
However, the Wildfly and Quarkus based distributions support the smallrye-health SPI
to register custom health checks.
In Wildfly, those health checks are usually exposed via the management port under http://localhost:9990/health.
Here is an example of how one can add custom health-checks with for smallrye-health [0].
Those health checks usually cover the health information of the Keycloak instance overall.
That's fine if you have only a single realm. Still, it is pretty limited if you have dedicated
realms that integrate with different systems (SAP, Webservice, LDAP, AD,
custom Database, external auth-provider, etc. ...). Each system might need another
way to check whether a particular service is reachable/operational from Keycloak.
For such cases, it would be helpful to have a dedicated SPI with some default
configurations that allow developers to implement custom (realm-specific) health checks.
A while ago, I implemented a PoC for this in my keycloak-health-checks repository [1].
For this SPI, I effectively took inspiration from Spring Boots health-check SPI and
retrofitted it in a lean way for Keycloak.
Do you think it makes sense to have something like this as an official SPI?
Cheers,
Thomas
Václav Muzikář
Aug 25, 2021, 11:15:57 AM8/25/21
to Thomas Darimont, Keycloak Dev
Hi Thomas,
I believe that would be a great addition. We need to improve in this area, but it requires some alignment with Quarkus distribution and Operator. Let's get back to this after the PTOs season to discuss this in more detail.
Thanks!
--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/58d24b96-08b3-4eac-a7de-6fa0a6ad14d9n%40googlegroups.com.
Václav Muzikář
Senior Software Engineer
Keycloak / Red Hat Single Sign-On
Red Hat Czech s.r.o.
Senior Software Engineer
Keycloak / Red Hat Single Sign-On
Red Hat Czech s.r.o.
Perot Francis
Apr 6, 2022, 10:17:51 AM4/6/22
to Václav Muzikář, Thomas Darimont, Keycloak Dev
Hi all,
I’m just refreshing this old thread… For our product (Cloudtrust), it would be interesting too…
Francis P.
From: keyclo...@googlegroups.com <keyclo...@googlegroups.com>
On Behalf Of Václav Muzikár
Sent: mercredi, 25 août 2021 17:15
To: Thomas Darimont <thomas....@googlemail.com>
Cc: Keycloak Dev <keyclo...@googlegroups.com>
Subject: Re: [keycloak-dev] Keycloak Health Check SPI Proposal
|
|
EXTERNAL MESSAGE - This email comes from outside ELCA companies. |
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/CAMQSZyhdLRG6SETaOqDyZ_6o-oQdmH4Lupf9fJDzxgTBFtYDEQ%40mail.gmail.com.
Thomas Darimont
Apr 6, 2022, 11:55:41 AM4/6/22
to Perot Francis, Václav Muzikář, Keycloak Dev
Hello Perot,
you can already define custom health checks as CDI components for Keycloak-legacy and Keycloak.X if metrics are enabled.
Cheers,
Thomas
Perot Francis
Apr 6, 2022, 11:58:16 AM4/6/22
to Thomas Darimont, Václav Muzikář, Keycloak Dev
Nice, thanks.
Francis
Reply all
Reply to author
Forward
0 new messages