Description

The current Keycloak image doesn't provide tools to analyze Keycloak or the JVM any more:

• jcmd - could be used to start Java Flight Recorder profiling
• tar - necessary for a kubectl cp to copy files from or to the running container (for example to pick up a JFR recording)
• curl - useful to test some URLs of Keycloak
• ps - show processes running the the container
• ...

This today requires building a custom image.

While the CustomResource of the Keycloak Operator allows specifying an alternative image, this image is assumed to be built/optimized already, so it can't be used to replace an un-optimized image. The current way to replace the unoptimized image is to set an environment variable on the Operator (which might complicated if the operator has been installed via OLM, and is un-obvious). (done for KC24 in #25015)

Motivation

• A developer might ask a customer to run some performance analysis. The customer shouldn't need to build a new image first to run the analysis.
• Changing something in the CR should be sufficient to switch Keycloak to the "analysis" mode

Details

Ideas:

• Provide a second image (like keycloak:nightly-debug) with additional pre-installed tools discarded in discussion below, replaced with next item
• Provide a ready-to-be-used Dockerfile with the usual debug and profiling tools as part of the docs
• Extend the CR with a flag to specify if the image is optimized or not, with the default that it is unoptimized. I assume that the "build" is no longer part of it comes as a surprise to users (as it came to me when I first tried out the option). (done for KC24 in Add optimized flag to Keycloak CR to indicate if custom image should be treated as optimized #25015)

So when a customer wants to debug Keycloak, they add/change the image in the CR and are ready to go.