Nexeed
    • Introduction
    • User manual
      • Basic operation
      • Getting started
      • User
      • Groups
      • Roles
      • Organizations
      • Contracts
      • Modules
      • Identity providers
        • General Settings for the Identity Provider
        • Mapper Overview
      • Reports
      • Activity log
      • My Account
        • Overview: Login Tab
      • Configuration
        • Contents of the configuration file
        • How to work with the configuration file
    • Operations manual
      • Overview
      • System Architecture and Interfaces
      • System Requirements
        • macma/macma-webapp-backend
        • macma/macma-core
        • macma/macma-keycloak-mssql
      • Migration from Previous Versions
        • Migration to 1.37+
        • Migration to 1.34+
        • Migration to 1.33+
        • Migration to 1.32+
        • Migration to 1.31+
        • Migration to 1.29+
        • Migration to 1.28+
        • Migration to 1.27+
        • Migration to 1.26+
        • Migration to 1.25+
        • Migration to 1.21+
        • Migration to 1.20+
        • Migration to 1.19+
        • Migration to 1.18+
        • Migration to 1.17+
        • Migration to 1.16.0
        • Migration to 1.15.0
      • Setup and Configuration
        • Helm Configuration
        • macma/macma-core Configuration
        • macma/macma-keycloak-mssql Configuration
        • macma/macma-webapp-backend Configuration
        • Installation guide
        • Identity provider integration
        • Optional Configuration
        • Recommendations
        • Module Health Verification Endpoints and K8S Probes
      • Start and Shutdown
      • Regular Operations
        • Registering a new application in MACMA
          • Allowing application to use other applications
        • Change client secret of an application
      • Logging and Monitoring
        • Required Monitoring
        • Security Logging
          • Macma Security Events
          • Keycloak Security Events
          • Security Logging Format
        • Activity Logging
          • Activity Log Events
      • Known Limitations
        • Performance
        • General
        • Allowed characters and Internationalization
    • Developer documentation
      • Concepts
        • Authentication
        • Authorization
        • Resources
        • Roles
        • Sharing
      • Getting started
        • Registration
        • Authentication
        • Authorization
        • Multitenancy
      • How-to
        • Get & handle tokens
        • OAuth 2.0 for Mobile and Native Apps
        • Evolve authorization in your application lifecycle
        • Use Web Core for user login
        • Handle our integration events
        • Frequent How-To Questions for Application Developers
        • Do automated testing
        • Advertise things to colleagues
        • Integrate with additional environments
      • Deep dives
        • OAuth2 and its flows
        • OpenID Connect endpoints
    • Troubleshooting
      • Startup and availability
      • Identity provider integration
      • Resource deletion
      • Authentication
      • Authorization
    • API documentation
      • HTTP API
      • Event API
    • Glossary
Multitenant Access Control
  • Industrial Application System
  • Core Services
    • Block Management
    • Deviation Processor
    • ID Builder
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • Global Production Overview
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Product Setup Management
    • Part Traceability
    • Process Quality
    • Setup Specs
  • Execution
    • Line Control
    • Material Management
    • Order Management
    • Packaging Control
    • Rework Control
  • Intralogistics
    • AGV Control Center
    • Stock Management
    • Transport Management
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
    • Maintenance Management
    • Tool Management
  • Enterprise & Shopfloor Integration
    • Archiving Bridge
    • Data Publisher
    • Direct Data Link
    • Engineering UI
    • ERP Connectivity
    • Gateway
    • Information Router
    • Master Data Management
    • Orchestrator

Nexeed Learning Portal
  • Multitenant Access Control
  • Operations manual
  • Setup and Configuration
  • Module Health Verification Endpoints and K8S Probes
1.37.1 1.37.0

Module Health Verification Endpoints and K8S Probes

  • Health endpoint: Will be used by monitoring to determine the health state of a Microservice. The health endpoint will also include the states of the Liveness, Readiness and Ping States. It is not intended to be used by the container management system, but for privileged (authorization required) users like operators or tools of an operator. For that reason the endpoints are exposed and will provide additional information than a simple ok, nok status.

  • Readiness endpoint: Will be polled by Kubernetes to check, if a Microservice (pod) can accept traffic.

  • Liveness endpoint: Will be polled by Kubernetes to check, if a Microservice internal state is valid. Kubernetes will restart the Container if the liveness endpoint fails for the configured number of times.

  • Ping endpoint: Always returns OK. Is intended to be used as a subsequent call executed by the health endpoint implementation of a service. It ensures only that a service client is able to connect to a service.

Webapp

  • Health Endpoint

    • /health exposed externally as /health

    • Authorized on resource with id health and type urn:com:bosch:bci:operation with privilege EXECUTE

    • unauthorized: 401

      • No authorization (token) was provided with the request

    • forbidden: 403

      • The provided authorization (token) does not have the required permission to access the endpoint

    • down: 200

      • Status 200 is returned also when the Health State is down. Reason for being down and details can be found in the response body

      • We think that the microservice is not healthy in case of lost connection to Core.

    • up: 200

  • Liveness Endpoint

    • /health/liveness exposed externally as /health/liveness

    • down: 503

      • only during startup and shutdown it will be down

    • up: 200

  • Readiness Endpoint

    • /health/readiness exposed externally as /health/readiness

    • down: 503

      • only during startup and shutdown it will be down

    • up: 200

  • Ping Endpoint

    • /ping exposed externally as /webapp/ping

    • always up: 200

  • Dependencies

    • Core

      • Use cases:
        Lost connection to Core.
        Reasons:

        • Core instance crashed, restarted etc

        • Network issue between microservice and Core

      • General Behavior

        • The lost connection to Core will be logged.

        • The microservice is trying to reconnect infinitely.

        • We keep the Service alive and ready to accept requests.

      • Impact

        • UI still works if Core is down and the UI will show a proper error message.

  • Use cases

    • N/A

  • General Behavior

    • UI still works if Keycloak or Core is down and the UI will show a proper error message.

  • Impact

    • N/A

Core

  • Health Endpoint

    • /health exposed externally as /core/health

    • Authorized on resource with id health and type urn:com:bosch:bci:operation with privilege EXECUTE

    • unauthorized: 401

      • No authorization (token) was provided with the request

    • forbidden: 403

      • The provided authorization (token) does not have the required permission to access the endpoint

    • down: 200

      • Status 200 is returned also when the Health State is down. Reason for being down and details can be found in the response body (about the RabbitMQ, Database or Keycloak connection issue)

      • We think that the microservice is not healthy in case of lost connection to RabbitMQ, Database or Keycloak.

    • up: 200

  • Liveness Endpoint

    • /health/liveness exposed externally as /core/health/liveness

    • down: 503

      • During startup and shutdown

      • If MACMA’s own bootstrapping (performed immediately after startup) fails and all retry attempts are exhausted

    • up: 200

  • Readiness Endpoint

    • /health/readiness exposed externally as /core/health/readiness

    • down: 503

      • If Database or Keycloak are down we will not accept requests to the microservice

      • If MACMA’s own bootstrapping (performed immediately after startup) fails

    • up: 200

      • If RabbitMQ is down we can still accept requests to the microservice

  • Ping Endpoint

    • /ping exposed externally as /ping

    • always up: 200

  • Dependencies

    • RabbitMQ

      • Use cases:
        Lost connection to RabbitMQ.
        Reasons:

        • RabbitMQ instance crashed, restarted, etc.

        • Network issue between microservice and RabbitMQ

      • General Behavior

        • The lost connection to RabbitMQ will be logged when an event is tried to be sent.

        • We keep the Service alive and ready to accept requests.

        • The re-established connection to RabbitMQ will be logged for the first event that is sent after RabbitMQ comes back online.

      • Impact

        • API will still be functional

        • MACMA’s integration events will not be lost during RabbitMQ outage. MACMA saves the events to the database and retires to send them

    • Database

      • Use cases:
        Lost connection to the Database.
        Reasons:

        • Database instance crashed, restarted etc

        • Network issue between microservice and Database

      • General Behavior

        • The lost connection to Database will be logged on error.

        • The microservice is trying to reconnect infinitely.

        • We keep the Service alive, but it won’t be ready to accept any requests.

      • Impact

        • The API will no longer be functional

    • Keycloak

      • Use cases:
        Lost connection to Keycloak.
        Reasons:

        • Keycloak instance crashed, restarted etc

        • Network issue between microservice and Keycloak

        • Keycloak cannot accept traffic (readiness state is DOWN)

      • General Behavior

        • The lost connection to Keycloak will be logged on error.

        • The microservice is trying to reconnect infinitely.

        • We keep the Service alive, but it won’t be ready to accept any requests.

      • Impact

        • The API will no longer be functional

Keycloak

  • Health Endpoint

    • /auth/health exposed externally as /auth/health and /keycloak/health

    • Keycloak’s health endpoint does not follow the BCI specifications for the health endpoint, it has its own implementation

    • down: 503

      • Health endpoint is showing down and answering 503. We think that the microservice is not healthy in case of lost connection to the Database.

    • up: 200

  • Liveness Endpoint

    • /auth/health/live exposed externally as /auth/health/live and /keycloak/health/live

    • down: 503

      • Before Keycloak 19.0.0 the liveness endpoint has a dependency on the Database. Only starting with version 19.0.0 (MACMA version 1.20) this endpoint is independent of the database.

    • up: 200

  • Readiness Endpoint

    • /auth/health/ready exposed externally as /auth/health/ready and /keycloak/health/ready

    • down: 503

      • We will not accept requests to the microservice

    • up: 200

  • Ping Endpoint

    • Keycloak does not provide a ping endpoint; /auth/health/live can be used instead, as a replacement

  • Dependencies

    • Database

      • Use cases:
        Lost connection to the Database.
        Reasons:

        • Database instance crashed, restarted etc

        • Network issue between microservice and Database

      • General Behavior

        • The lost connection to Database will be logged on error.

        • The microservice is trying to reconnect infinitely.

        • We keep the Service alive, but it won’t be ready to accept any requests.

      • Impact

        • The API will no longer be functional

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2025, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses