Description

When shutting down Keycloak, any currently in-progress HTTP requests are terminated and do not complete.

Unfortunately the functionality in Quarkus is broken (at least IMHO how Keycloak would need it): quarkusio/quarkus#50625 - this is fixed for Quarkus 3.32

Value Proposition

Any in-progress HTTP requests should complete before stopping Keycloak. This helps with graceful rolling restarts and updated.

Goals

• Avoid request errors for callers. With a request aborting, the caller doesn't know if the request completed.
• Specify a fixed-duration pre-shutdown period, as we would need it on Kubernetes to care for loadbalancer re-configuration when the Pod already received their termination signal. This period also allows to drain TLS/HTTP keepalive connections.
• Specify a shutdown period during which the currently running requests are still processed. Once there are no more currently running requests, this period might finish early.

Non-Goals

Graceful shutdown of other tasks, for example background jobs.

Discussion

Quarkus options for this as of https://quarkus.io/guides/lifecycle#graceful-shutdown:

• quarkus.shutdown.delay-enabled / build-time option
• quarkus.shutdown.timeout / the shutdown period waiting for requests to finish, runtime option
• quarkus.shutdown.delay / length of pre-shutdown phase, runtime option

TODOs

• SPI option to configure pre-shutdown and shutdown period. Both set to 1 second by default. This is aligned with Kubernetes, see Add Keycloak pre-Stop hook defenseunicorns/uds-core#2289
• Update to the docs - tbd