Keycloak Health Check 

### Motivation

So that OAuth2 Proxy will wait until the Keycloak service is healthy before performing OIDC discovery.

### Possible solution

health-check.sh

```
#!/bin/bash
exec 3<>/dev/tcp/localhost/9000

echo -e "GET /health/ready HTTP/1.1\nhost: localhost:9000\n" >&3

timeout --preserve-status 1 cat <&3 | grep -m 1 status | grep -m 1 UP
ERROR=$?

exec 3<&-
exec 3>&-

exit $ERROR
```

docker-compose.yml:

```
  keycloak:
    container_name: keycloak
    build:
      context: ./services/keycloak
      dockerfile: Dockerfile
    restart: unless-stopped
    healthcheck:
      test: "bash /opt/keycloak/health-check.sh"
      interval: 5s
      timeout: 10s
      retries: 12
    command:
      [
        'start-dev',
      ]

  ...

  oauth2-proxy:
    container_name: oauth2-proxy
    build:
      context: ./services/oauth2-proxy
      dockerfile: Dockerfile
    restart: unless-stopped
    command:
      [
        '--standard-logging=true',
        '--auth-logging=true',
        '--request-logging=true',
        '--skip-auth-preflight=true',
      ]

     ...

    depends_on:
      redis:
        condition: service_healthy
      keycloak:
        condition: service_healthy

```

Also see:
- Blog post: https://rob-ferguson.me/add-authn-to-hapi-fhir-with-oauth2-proxy-nginx-and-keycloak-part-2/
- Sample project: https://github.com/Robinyo/hapi-fhir-au

### Provider

keycloak-oidc

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Keycloak Health Check #2895

Motivation

Possible solution

Provider

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development