<#import "/templates/guide.adoc" as tmpl> <#import "/templates/kc.adoc" as kc> <#import "/templates/options.adoc" as opts> <#import "/templates/links.adoc" as links> <@tmpl.guide title="Enabling {project_name} Health checks" summary="Learn how to enable and use {project_name} health checks" includedOptions="health-enabled"> {project_name} has built in support for health checks. This {section} describes how to enable and use the {project_name} health checks. The {project_name} health checks are exposed on the management port `9000` by default. For more details, see <@links.server id="management-interface" /> == {project_name} health check endpoints {project_name} exposes 4 health endpoints: * `/health/live` * `/health/ready` * `/health/started` * `/health` See the https://quarkus.io/guides/smallrye-health#running-the-health-check[Quarkus SmallRye Health docs] for information on the meaning of each endpoint. These endpoints respond with HTTP status `200 OK` on success or `503 Service Unavailable` on failure, and a JSON object like the following: .Successful response for endpoints without additional per-check information: [source, json] ---- { "status": "UP", "checks": [] } ---- .Successful response for endpoints with information on the database connection: [source, json] ---- { "status": "UP", "checks": [ { "name": "Keycloak database connections health check", "status": "UP" } ] } ---- == Enabling the health checks It is possible to enable the health checks using the build time option `health-enabled`: <@kc.build parameters="--health-enabled=true"/> By default, no check is returned from the health endpoints. == Using the health checks It is recommended that the health endpoints be monitored by external HTTP requests. Due to security measures that remove `curl` and other packages from the {project_name} container image, local command-based monitoring will not function easily. If you are not using {project_name} in a container, use whatever you want to access the health check endpoints. === curl You may use a simple HTTP HEAD request to determine the `+live+` or `+ready+` state of {project_name}. `+curl+` is a good HTTP client for this purpose. If {project_name} is deployed in a container, you must run this command from outside it due to the previously mentioned security measures. For example: [source, bash] ---- curl --head -fsS http://localhost:9000/health/ready ---- If the command returns with status 0, then {project_name} is `+live+` or `+ready+`, depending on which endpoint you called. Otherwise there is a problem. === Kubernetes Define a https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#http-probes[HTTP Probe] so that Kubernetes may externally monitor the health endpoints. Do not use a liveness command. === HEALTHCHECK The Containerfile `+HEALTHCHECK+` instruction defines a command that will be periodically executed inside the container as it runs. The {project_name} container does not have any CLI HTTP clients installed. Consider installing `+curl+` as an additional RPM, as detailed by the <@links.server id="containers" /> {section}. Note that your container may be less secure because of this. == Available Checks The table below shows the available checks. [%autowidth] |=== |Check | Description | Requires Metrics |Database |Returns the status of the database connection pool. |Yes |=== For some checks, you'll need to also enable metrics as indicated by the `Requires Metrics` column. To enable metrics use the `metrics-enabled` option as follows: <@kc.build parameters="--health-enabled=true --metrics-enabled=true"/>