authentik can be easily monitored multiple ways.
Configure your monitoring software to send requests to
/-/health/live/, which will return a HTTP 204 response as long as authentik is running. You can also send HTTP requests to
/-/health/ready/, which will return HTTP 204 if both PostgreSQL and Redis connections can be/have been established correctly.
The worker container can be monitored by running
/lifecycle/ak healthcheck in the worker container. This will ping the worker and ensure it can communicate with redis as required.
Both kinds of outpost (proxy and LDAP) listen on a separate port (9300), and can be monitored by sending HTTP requests to
Both docker-compose and Kubernetes deployments use these methods by default to determine when authentik is ready after starting, and to only route traffic to healthy instances, and unhealthy instances are restarted
Both the core authentik server and any outposts expose Prometheus metrics on a separate port (9300), which can be scraped to gather further insight into authentik's state. The metrics require no authentication, as they are hosted on a separate, non-exposed port by default.
You can find an example dashboard here: grafana.com