From 767a8da50b6c7d83f8a737b6c2b2e5e314ad39a1 Mon Sep 17 00:00:00 2001 From: Masaki Yatsu Date: Sat, 8 Nov 2025 23:12:56 +0900 Subject: [PATCH] feat(keycloak): enable service monitor --- keycloak/justfile | 60 +++++++++++++++++++ keycloak/keycloak-cr.gomplate.yaml | 2 + .../keycloak-servicemonitor.gomplate.yaml | 22 +++++++ 3 files changed, 84 insertions(+) create mode 100644 keycloak/keycloak-servicemonitor.gomplate.yaml diff --git a/keycloak/justfile b/keycloak/justfile index 3d1e640..51b3a93 100644 --- a/keycloak/justfile +++ b/keycloak/justfile @@ -695,3 +695,63 @@ get-client-scope realm scope_name: export KEYCLOAK_REALM={{ realm }} export SCOPE_NAME={{ scope_name }} dotenvx run -q -f ../.env.local -- tsx ./scripts/get-client-scope.ts + +# Enable Prometheus monitoring +enable-monitoring: + #!/bin/bash + set -euo pipefail + echo "Enabling Prometheus monitoring for Keycloak..." + + # Label namespace to enable monitoring + kubectl label namespace ${KEYCLOAK_NAMESPACE} buun.channel/enable-monitoring=true --overwrite + + # Enable metrics in Keycloak CR + kubectl patch keycloak keycloak -n ${KEYCLOAK_NAMESPACE} --type=json -p '[ + { + "op": "add", + "path": "/spec/additionalOptions/-", + "value": { + "name": "metrics-enabled", + "value": "true" + } + } + ]' + + echo "Waiting for Keycloak to restart with metrics enabled..." + kubectl wait --for=condition=Ready keycloak/keycloak -n ${KEYCLOAK_NAMESPACE} --timeout=600s + + # Create ServiceMonitor + echo "Creating ServiceMonitor..." + gomplate -f keycloak-servicemonitor.gomplate.yaml | kubectl apply -f - + + kubectl get servicemonitor keycloak -n ${KEYCLOAK_NAMESPACE} + echo "✓ Keycloak monitoring enabled" + +# Disable Prometheus monitoring +disable-monitoring: + #!/bin/bash + set -euo pipefail + echo "Disabling Prometheus monitoring for Keycloak..." + + # Delete ServiceMonitor + kubectl delete servicemonitor keycloak -n ${KEYCLOAK_NAMESPACE} --ignore-not-found + + # Remove metrics option from Keycloak CR + kubectl patch keycloak keycloak -n ${KEYCLOAK_NAMESPACE} --type=json -p '[ + { + "op": "remove", + "path": "/spec/additionalOptions", + "value": null + } + ]' + kubectl patch keycloak keycloak -n ${KEYCLOAK_NAMESPACE} --type=merge -p '{"spec":{"additionalOptions":[ + {"name":"http-enabled","value":"true"}, + {"name":"hostname-strict","value":"false"}, + {"name":"hostname-strict-https","value":"false"}, + {"name":"proxy","value":"edge"} + ]}}' + + # Remove namespace label + kubectl label namespace ${KEYCLOAK_NAMESPACE} buun.channel/enable-monitoring- + + echo "✓ Keycloak monitoring disabled" diff --git a/keycloak/keycloak-cr.gomplate.yaml b/keycloak/keycloak-cr.gomplate.yaml index 08a1577..e4ba666 100644 --- a/keycloak/keycloak-cr.gomplate.yaml +++ b/keycloak/keycloak-cr.gomplate.yaml @@ -47,6 +47,8 @@ spec: value: "false" - name: proxy value: edge + - name: metrics-enabled + value: "true" # Bootstrap admin configuration bootstrapAdmin: diff --git a/keycloak/keycloak-servicemonitor.gomplate.yaml b/keycloak/keycloak-servicemonitor.gomplate.yaml new file mode 100644 index 0000000..f49463e --- /dev/null +++ b/keycloak/keycloak-servicemonitor.gomplate.yaml @@ -0,0 +1,22 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: keycloak + namespace: {{ .Env.KEYCLOAK_NAMESPACE }} + labels: + app: keycloak + release: kube-prometheus-stack +spec: + selector: + matchLabels: + app: keycloak + endpoints: + - port: management + path: /metrics + interval: 30s + scheme: http + metricRelabelings: + - sourceLabels: [__name__] + regex: 'vendor_(.*)' + targetLabel: __name__ + replacement: 'keycloak_$1'