Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Support management port for health and metrics #27629

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
vmuzikar merged 4 commits into from
Apr 3, 2024
Merged

Support management port for health and metrics #27629

vmuzikar merged 4 commits into from
Apr 3, 2024

Conversation

@mabartos
Copy link
Contributor

@mabartos mabartos commented Mar 6, 2024
edited
Loading

Closes #19334

Summary

  • Management interface is turned ON by default
    (https://github.com/keycloak/keycloak/pull/27629/files#r1538915621))
  • Added new named management port to k8s Service - not exposed by Ingress
  • Operator first-class citizens only: port
  • When TLS is configured for the main server, the management interface uses HTTPS
  • When TLS properties for the management interface are not explicitly set, they're inherited from the main HTTP server
  • When accessing the root of the management interface, the text Keycloak Management Interface is shown
  • Docs will be done in a separate PR

@mabartos mabartos force-pushed the managementPortsOnly branch 2 times, most recently from dc7995d to 5ecf2ad Compare March 8, 2024 10:05
@mabartos
Copy link
Contributor Author

mabartos commented Mar 8, 2024

@keycloak/cloud-native @ahus1 JFYI - the majority of the work is done. But it needs to be polished. It'd be great to review at least the semantics around this. Thanks!

@mabartos mabartos force-pushed the managementPortsOnly branch from 5ecf2ad to 9c8c7a9 Compare March 8, 2024 14:37
@ahus1
Copy link
Contributor

ahus1 commented Mar 8, 2024

@mabartos - I'm happy to see this feature evolve. It's been a while since I've added it to my wish-list.

I think enabling TLS for the management port is useful, so exposing for adding this. This includes also the client authentication.

The option I think is least useful is management-relative-path. Still people might put it behind a reverse proxy, and then they might want to have it, so I'd be ok to keep it.

Something that surprised me was that the management port answers with a 404, which makes it difficult to test for an admin if it has been set up correctly. I suggest to have a minimal 200 response, maybe something like this:
a9d19ae - this is an adapted snippet from the Quarkus docs, see https://quarkus.io/guides/management-interface-reference

Thinking about it a bit more, it should answer to management-relative-path configurable path, and the root path should redirect to that management-relative-path. WDYT?

@vmuzikar
Copy link
Contributor

vmuzikar commented Mar 8, 2024

The option I think is least useful is management-relative-path.

@ahus1 Thank you for the review! I agree. I don't have a relevant use case in mind that would benefit from changing the context root / relative path for metrics and health.

@mabartos mabartos force-pushed the managementPortsOnly branch 2 times, most recently from 5c5f52e to c795859 Compare March 12, 2024 17:48
This was referenced Mar 12, 2024
Closed
Closed
@mabartos mabartos force-pushed the managementPortsOnly branch 2 times, most recently from e5e2ecc to 6e1f007 Compare March 15, 2024 14:10
@keycloak-github-bot keycloak-github-bot bot mentioned this pull request Mar 15, 2024
Closed
@mabartos mabartos force-pushed the managementPortsOnly branch from 6e1f007 to d413251 Compare March 18, 2024 18:00
This was referenced Mar 18, 2024
Closed
Closed
Closed
@mabartos mabartos force-pushed the managementPortsOnly branch from d413251 to 4892613 Compare March 21, 2024 09:18
keycloak-github-bot[bot]
keycloak-github-bot bot reviewed Mar 21, 2024
View reviewed changes
Copy link

@keycloak-github-bot keycloak-github-bot bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unreported flaky test detected, please review

@keycloak-github-bot
Copy link

keycloak-github-bot bot commented Mar 21, 2024

Unreported flaky test detected

If the flaky tests below are affected by the changes, please review and update the changes accordingly. Otherwise, a maintainer should report the flaky tests prior to merging the PR.

org.keycloak.testsuite.admin.concurrency.ConcurrencyTest#testAllConcurrently

Keycloak CI - Base IT (1)

java.lang.RuntimeException: There were failures in threads. Failures count: 1
	at org.keycloak.testsuite.admin.concurrency.AbstractConcurrencyTest.run(AbstractConcurrencyTest.java:122)
	at org.keycloak.testsuite.admin.concurrency.AbstractConcurrencyTest.run(AbstractConcurrencyTest.java:63)
	at org.keycloak.testsuite.admin.concurrency.AbstractConcurrencyTest.run(AbstractConcurrencyTest.java:59)
	at org.keycloak.testsuite.admin.concurrency.ConcurrencyTest.concurrentTest(ConcurrencyTest.java:61)
...

Report flaky test

@mabartos mabartos force-pushed the managementPortsOnly branch 7 times, most recently from 6715fb7 to 94c4cfe Compare March 25, 2024 13:46
@mabartos
Copy link
Contributor Author

mabartos commented Apr 2, 2024

Would it make sense to put the management options under http, e.g. --http-management-port? From my perspective it logically belongs there.

@vmuzikar I'd like to follow the Quarkus approach, having it as a separate concept and not mixing it together. I see more UX benefits with that. As we'd use more fine-grained categories, the docs and help would be more readable. Additionally, the Keycloak options could be simpler in terms of the name length. Even for the consistency reasons, we'd need to have options like http-relative-path=http-management-relative-path, and https-certificate-file=https-management-certificate-file. Considering the default ordering of the props in docs, it'd be kinda messy and not so much user-friendly.

@vmuzikar Is it ok to have it separated?

@vmuzikar
Copy link
Contributor

vmuzikar commented Apr 2, 2024

@mabartos Thank you for the summary. @ahus1 Do you have any objections against 1-5?

I'd like to follow the Quarkus approach, having it as a separate concept and not mixing it together

+1 for a separated category. That totally makes sense to me from the readability perspective. What I meant was just the prefix of the option names. To me management sounds a bit ambiguous in Keycloak context. I realize Quarkus uses this naming but I'd argue it doesn't mean it's the best UX for Keycloak use case as well. ;) That's why I was proposing http-management to make it clear it's relevant to an HTTP(S) interface.

@mabartos
Copy link
Contributor Author

mabartos commented Apr 2, 2024

What I meant was just the prefix of the option names.

@vmuzikar Oh, I see. Ok, makes sense. We can mirror the convention set for Keycloak HTTP options - http-management-* and https-management-*.

@vmuzikar
Copy link
Contributor

vmuzikar commented Apr 2, 2024

We can mirror the convention set for Keycloak HTTP options

Exactly. :)

@mabartos mabartos marked this pull request as draft April 2, 2024 14:30
@mabartos mabartos force-pushed the managementPortsOnly branch from 0d7a680 to ddc57b8 Compare April 2, 2024 15:09
@mabartos mabartos marked this pull request as ready for review April 2, 2024 15:10
@mabartos mabartos force-pushed the managementPortsOnly branch 2 times, most recently from a3e9019 to 553d7c2 Compare April 2, 2024 16:19
@ahus1
Copy link
Contributor

ahus1 commented Apr 2, 2024

@vmuzikar / @mabartos - works for me. Looking forward to a green build and a merge.

@mabartos mabartos requested review from ahus1 and vmuzikar April 2, 2024 17:29
ahus1
ahus1 previously approved these changes Apr 2, 2024
View reviewed changes
Copy link
Contributor

@ahus1 ahus1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for this change, happy to see this in a good state to be merged.

@mabartos mabartos force-pushed the managementPortsOnly branch from 553d7c2 to 2acbbc9 Compare April 3, 2024 07:49
@mabartos
Copy link
Contributor Author

mabartos commented Apr 3, 2024
edited
Loading

@vmuzikar Thanks for the review. Comments should be addressed now.

@mabartos
Fix KeycloakDistConfiguratorTest
fc23415 
Signed-off-by: Martin Bartoš <[email protected]>
@keycloak-github-bot keycloak-github-bot bot mentioned this pull request Apr 3, 2024
Closed
vmuzikar
vmuzikar approved these changes Apr 3, 2024
View reviewed changes
Copy link
Contributor

@vmuzikar vmuzikar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mabartos Thank you for the changes! I reviewed the rest of the code and added some comments, none of them is really blocking from my perspective.

LGTM.

@mabartos mabartos mentioned this pull request Apr 3, 2024
Open
@vmuzikar vmuzikar merged commit 7f04830 into keycloak:main Apr 3, 2024
ahus1 added a commit to keycloak/keycloak-benchmark that referenced this pull request Apr 4, 2024
@ahus1
Align deployment with new management port used by Keycloak
2d7d339 
keycloak/keycloak#27629

Signed-off-by: Alexander Schwartz <[email protected]>
@ahus1 ahus1 mentioned this pull request Apr 4, 2024
Closed
@dalbani dalbani mentioned this pull request Feb 4, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vmuzikar vmuzikar vmuzikar approved these changes

@ahus1 ahus1 ahus1 left review comments

+1 more reviewer

@keycloak-github-bot keycloak-github-bot[bot] keycloak-github-bot[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@mabartos mabartos

Labels

flaky-test team/cloud-native team/core-clients team/core-iam

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support management port for health and metrics in Quarkus 3

3 participants

@mabartos @ahus1 @vmuzikar