Skip to content

Commit

Permalink
feature: Set scheme for probes and serviceMonitor (#784)
Browse files Browse the repository at this point in the history 
The new health endpoints used by the three probes (liveness, readiness
and startup) as well as the metrics endpoint are now served on a
dedicated interface with its own port. The scheme of the interface only
servers HTTP or HTTPS. If the main keycloak interface serves HTTPS,
the internal management interface will also serve HTTPS, regardless if
the main keycloak interface servers plain HTTP or not.

It's therefore impossible for the probes or the serviceMonitor to work
with a plain HTTP scheme, if keycloak has HTTPS enabled.

We therefore need a way to specify the scheme of the internalPort via
helm values to be able to set a custom scheme for the probes and the
serviceMonitor

Signed-off-by: Nicolas Bigler <[email protected]>
  • Loading branch information
@TheBigLee
TheBigLee authored Aug 23, 2024
1 parent a3382d8 commit 5c65821
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 1 deletion.
2 changes: 2 additions & 0 deletions charts/keycloakx/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,8 @@ The following table lists the configurable parameters of the Keycloak-X chart an
| `proxy.enabled` | If `true`, the `KC_PROXY` env variable will be set to the configured mode | `true` |
| `proxy.mode` | The configured proxy mode | `edge` |
| `http.relativePath` | The relative http path (context-path) | `/auth` |
| `http.internalPort` | The port of the internal management interface | `http-internal` |
| `http.internalScheme` | The scheme of the internal management interface | `HTTP` |
| `metrics.enabled` | If `true` then the metrics endpoint is exposed | `true` |
| `health.enabled` | If `true` then the health endpoint is exposed. If the `readinessProbe` is is needed `metrics.enable` must be `true`. | `true` |
| `serviceMonitor.enabled` | If `true`, a ServiceMonitor resource for the prometheus-operator is created | `false` |
Expand Down
1 change: 1 addition & 0 deletions charts/keycloakx/templates/servicemonitor.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ spec:
endpoints:
- port: {{ tpl .port $ | quote }}
path: {{ tpl .path $ | quote }}
scheme: {{ .Values.http.internalScheme | lower }}
interval: {{ .interval }}
scrapeTimeout: {{ .scrapeTimeout }}
{{- end }}
Expand Down
4 changes: 3 additions & 1 deletion charts/keycloakx/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,9 @@
"type": "array"
},
"http": {
"relativePath": "string"
"relativePath": "string",
"internalPort": "string",
"internalScheme": "string"
},
"image": {
"$ref": "#/definitions/image"
Expand Down
4 changes: 4 additions & 0 deletions charts/keycloakx/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,7 @@ livenessProbe: |
httpGet:
path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/live'
port: '{{ .Values.http.internalPort }}'
scheme: '{{ .Values.http.internalScheme }}'
initialDelaySeconds: 0
timeoutSeconds: 5
Expand All @@ -175,6 +176,7 @@ readinessProbe: |
httpGet:
path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health/ready'
port: '{{ .Values.http.internalPort }}'
scheme: '{{ .Values.http.internalScheme }}'
initialDelaySeconds: 10
timeoutSeconds: 1
Expand All @@ -183,6 +185,7 @@ startupProbe: |
httpGet:
path: '{{ tpl .Values.http.relativePath $ | trimSuffix "/" }}/health'
port: '{{ .Values.http.internalPort }}'
scheme: '{{ .Values.http.internalScheme }}'
initialDelaySeconds: 15
timeoutSeconds: 1
failureThreshold: 60
Expand Down Expand Up @@ -420,6 +423,7 @@ http:
# For backwards compatibility reasons we set this to the value used by previous Keycloak versions.
relativePath: "/auth"
internalPort: http-internal
internalScheme: HTTP

serviceMonitor:
# If `true`, a ServiceMonitor resource for the prometheus-operator is created
Expand Down

0 comments on commit 5c65821

Please sign in to comment.