fix(keycloak): use management port health endpoints for probes by mattia-eleuteri · Pull Request #2162 · cozystack/cozystack
This PR changes 10-29 lines, ignoring generated files.
Something isn't working
labels
Mar 6, 2026
Keycloak 26.x exposes dedicated health endpoints on the management port (9000) via /health/live and /health/ready. The previous probes used GET / on port 8080 which redirects to the configured KC_HOSTNAME (HTTPS), causing kubelet to fail the probe with "Probe terminated redirects" and eventually kill the pod in a crashloop. Changes: - Add KC_HEALTH_ENABLED=true to activate health endpoints - Expose management port 9000 in container ports - Switch liveness probe to /health/live on port 9000 - Switch readiness probe to /health/ready on port 9000 - Increase failure thresholds for more tolerance during startup Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: mattia-eleuteri <mattia@hidora.io>
Use a startupProbe to defer liveness/readiness checks until Keycloak has fully started, instead of relying on initialDelaySeconds. This is more robust for applications with variable startup times. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: mattia-eleuteri <mattia@hidora.io>
kvaps added a commit that referenced this pull request
Mar 10, 2026kvaps added a commit that referenced this pull request
Mar 10, 2026This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters