feat(keycloak): enable service monitor
This commit is contained in:
Masaki Yatsu
@@ -695,3 +695,63 @@ get-client-scope realm scope_name:
|
|||||||
export KEYCLOAK_REALM={{ realm }}
|
export KEYCLOAK_REALM={{ realm }}
|
||||||
export SCOPE_NAME={{ scope_name }}
|
export SCOPE_NAME={{ scope_name }}
|
||||||
dotenvx run -q -f ../.env.local -- tsx ./scripts/get-client-scope.ts
|
dotenvx run -q -f ../.env.local -- tsx ./scripts/get-client-scope.ts
|
||||||
|
|
||||||
|
# Enable Prometheus monitoring
|
||||||
|
enable-monitoring:
|
||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
echo "Enabling Prometheus monitoring for Keycloak..."
|
||||||
|
|
||||||
|
# Label namespace to enable monitoring
|
||||||
|
kubectl label namespace ${KEYCLOAK_NAMESPACE} buun.channel/enable-monitoring=true --overwrite
|
||||||
|
|
||||||
|
# Enable metrics in Keycloak CR
|
||||||
|
kubectl patch keycloak keycloak -n ${KEYCLOAK_NAMESPACE} --type=json -p '[
|
||||||
|
{
|
||||||
|
"op": "add",
|
||||||
|
"path": "/spec/additionalOptions/-",
|
||||||
|
"value": {
|
||||||
|
"name": "metrics-enabled",
|
||||||
|
"value": "true"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]'
|
||||||
|
|
||||||
|
echo "Waiting for Keycloak to restart with metrics enabled..."
|
||||||
|
kubectl wait --for=condition=Ready keycloak/keycloak -n ${KEYCLOAK_NAMESPACE} --timeout=600s
|
||||||
|
|
||||||
|
# Create ServiceMonitor
|
||||||
|
echo "Creating ServiceMonitor..."
|
||||||
|
gomplate -f keycloak-servicemonitor.gomplate.yaml | kubectl apply -f -
|
||||||
|
|
||||||
|
kubectl get servicemonitor keycloak -n ${KEYCLOAK_NAMESPACE}
|
||||||
|
echo "✓ Keycloak monitoring enabled"
|
||||||
|
|
||||||
|
# Disable Prometheus monitoring
|
||||||
|
disable-monitoring:
|
||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
echo "Disabling Prometheus monitoring for Keycloak..."
|
||||||
|
|
||||||
|
# Delete ServiceMonitor
|
||||||
|
kubectl delete servicemonitor keycloak -n ${KEYCLOAK_NAMESPACE} --ignore-not-found
|
||||||
|
|
||||||
|
# Remove metrics option from Keycloak CR
|
||||||
|
kubectl patch keycloak keycloak -n ${KEYCLOAK_NAMESPACE} --type=json -p '[
|
||||||
|
{
|
||||||
|
"op": "remove",
|
||||||
|
"path": "/spec/additionalOptions",
|
||||||
|
"value": null
|
||||||
|
}
|
||||||
|
]'
|
||||||
|
kubectl patch keycloak keycloak -n ${KEYCLOAK_NAMESPACE} --type=merge -p '{"spec":{"additionalOptions":[
|
||||||
|
{"name":"http-enabled","value":"true"},
|
||||||
|
{"name":"hostname-strict","value":"false"},
|
||||||
|
{"name":"hostname-strict-https","value":"false"},
|
||||||
|
{"name":"proxy","value":"edge"}
|
||||||
|
]}}'
|
||||||
|
|
||||||
|
# Remove namespace label
|
||||||
|
kubectl label namespace ${KEYCLOAK_NAMESPACE} buun.channel/enable-monitoring-
|
||||||
|
|
||||||
|
echo "✓ Keycloak monitoring disabled"
|
||||||
|
|||||||
@@ -47,6 +47,8 @@ spec:
|
|||||||
value: "false"
|
value: "false"
|
||||||
- name: proxy
|
- name: proxy
|
||||||
value: edge
|
value: edge
|
||||||
|
- name: metrics-enabled
|
||||||
|
value: "true"
|
||||||
|
|
||||||
# Bootstrap admin configuration
|
# Bootstrap admin configuration
|
||||||
bootstrapAdmin:
|
bootstrapAdmin:
|
||||||
|
|||||||
22
keycloak/keycloak-servicemonitor.gomplate.yaml
Normal file
22
keycloak/keycloak-servicemonitor.gomplate.yaml
Normal file
@@ -0,0 +1,22 @@
|
|||||||
|
apiVersion: monitoring.coreos.com/v1
|
||||||
|
kind: ServiceMonitor
|
||||||
|
metadata:
|
||||||
|
name: keycloak
|
||||||
|
namespace: {{ .Env.KEYCLOAK_NAMESPACE }}
|
||||||
|
labels:
|
||||||
|
app: keycloak
|
||||||
|
release: kube-prometheus-stack
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: keycloak
|
||||||
|
endpoints:
|
||||||
|
- port: management
|
||||||
|
path: /metrics
|
||||||
|
interval: 30s
|
||||||
|
scheme: http
|
||||||
|
metricRelabelings:
|
||||||
|
- sourceLabels: [__name__]
|
||||||
|
regex: 'vendor_(.*)'
|
||||||
|
targetLabel: __name__
|
||||||
|
replacement: 'keycloak_$1'
|
||||||
Reference in New Issue
Block a user