[Backport release-1.0] fix(keycloak): use management port health endpoints for probes by github-actions[bot] · Pull Request #2178 · cozystack/cozystack
and others added 2 commits
March 10, 2026 07:15Keycloak 26.x exposes dedicated health endpoints on the management port (9000) via /health/live and /health/ready. The previous probes used GET / on port 8080 which redirects to the configured KC_HOSTNAME (HTTPS), causing kubelet to fail the probe with "Probe terminated redirects" and eventually kill the pod in a crashloop. Changes: - Add KC_HEALTH_ENABLED=true to activate health endpoints - Expose management port 9000 in container ports - Switch liveness probe to /health/live on port 9000 - Switch readiness probe to /health/ready on port 9000 - Increase failure thresholds for more tolerance during startup Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: mattia-eleuteri <mattia@hidora.io> (cherry picked from commit 0873691)
Use a startupProbe to defer liveness/readiness checks until Keycloak has fully started, instead of relying on initialDelaySeconds. This is more robust for applications with variable startup times. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: mattia-eleuteri <mattia@hidora.io> (cherry picked from commit d18ed79)
This PR changes 10-29 lines, ignoring generated files.
Something isn't working
labels
Mar 10, 2026
kvaps
deleted the
backport-2162-to-release-1.0
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters