#Monitoring

Alauda Build of Keycloak exposes built-in metrics compatible with Prometheus. Enabling metrics allows you to monitor Keycloak's health, performance, and usage in your observability stack.

#Enable Metrics

Metrics are enabled by setting the metrics-enabled option in the Keycloak CR:

spec:
  additionalOptions:
    - name: metrics-enabled
      value: "true"

Once enabled, Keycloak exposes a metrics endpoint at:

http://<keycloak-host>:9000/metrics

The metrics endpoint is served on the management port (default: 9000) via the spec.httpManagement.port field, separate from the main HTTP/HTTPS port.

#Key Metrics

The following categories of metrics are available:

#Configure Prometheus Scraping

Add the following scrape configuration to your Prometheus instance to collect Keycloak metrics:

scrape_configs:
  - job_name: keycloak
    static_configs:
      - targets:
          - <keycloak-service>:9000
    metrics_path: /metrics

If you are using the Prometheus Operator, create a ServiceMonitor:

apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  name: keycloak-metrics
  namespace: <namespace>
spec:
  selector:
    matchLabels:
      app: keycloak
  endpoints:
    - port: management
      path: /metrics
      interval: 30s

#Liveness and Readiness Probes

The Keycloak Operator configures liveness and readiness probes automatically. You can customize the probe parameters in the Keycloak CR:

spec:
  livenessProbe:
    periodSeconds: 10
    failureThreshold: 3
  readinessProbe:
    periodSeconds: 10
    failureThreshold: 3

The probes use the management endpoint at http://<pod>:9000/health/live and http://<pod>:9000/health/ready.

#Health Endpoints

Keycloak exposes three health endpoints on the management port: