Use http-pool-max-threads in HA guides

Closes keycloak#26849 Signed-off-by: Michal Hajas <mhajas@redhat.com> Signed-off-by: Alexander Schwartz <aschwart@redhat.com> Co-authored-by: Alexander Schwartz <aschwart@redhat.com>
miquelsi · Feb 13, 2024 · 83f3e91 · 83f3e91
1 parent ee126f7
commit 83f3e91
Show file tree

Hide file tree

Showing 7 changed files with 13 additions and 23 deletions.
diff --git a/docs/guides/high-availability/concepts-threads.adoc b/docs/guides/high-availability/concepts-threads.adoc
@@ -22,6 +22,8 @@ The Quarkus executor thread pool is configured in https://quarkus.io/guides/all-
 Depending on the available CPU cores, it can grow even larger.
 Threads are created as needed, and will end when no longer needed, so the system will scale up and down automatically.
 
+{project_name} allows configuring the maximum thread pool size by the `http-pool-max-threads` configuration option. See <@links.ha id="deploy-keycloak-kubernetes" /> for an example.
+
 When running on Kubernetes, adjust the number of worker threads to avoid creating more load than what the CPU limit allows for the Pod to avoid throttling, which would lead to congestion.
 When running on physical machines, adjust the number of worker threads to avoid creating more load than the node can handle to avoid congestion.
 Congestion would result in longer response times and an increased memory usage, and eventually an unstable system.

diff --git a/docs/guides/high-availability/deploy-keycloak-kubernetes.adoc b/docs/guides/high-availability/deploy-keycloak-kubernetes.adoc
@@ -3,7 +3,7 @@
 
 <@tmpl.guide
 title="Deploy {project_name} for HA with the {project_name} Operator"
-summary="Building block for a Keycloak deployment"
+summary="Building block for a {project_name} deployment"
 preview="true"
 previewDiscussionLink="https://github.com/keycloak/keycloak/discussions/25269"
 tileVisible="false" >
@@ -76,7 +76,7 @@ When running load tests, or when having a reverse proxy in front of HAProxy, you
 
 Add the following supplementary configuration under the `spec` in the {project_name} Custom Resource to disable sticky sessions.
 
-[source,yaml]
+[source,yaml,subs="attributes+"]
 ----
 spec:
     ingress:

diff --git a/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml b/docs/guides/high-availability/examples/generated/keycloak-ispn.yaml
@@ -745,7 +745,6 @@ spec:
   # tag::keycloak-ispn[]
   additionalOptions:
     # end::keycloak-ispn[]
-
     # tag::keycloak-queue-size[]
     - name: http-max-queued-requests
       value: "1000"
@@ -754,6 +753,8 @@ spec:
       value: json
     - name: metrics-enabled # <3>
       value: 'true'
+    - name: http-pool-max-threads # <4>
+      value: "200"
     # tag::keycloak-ispn[]
     - name: remote-store-host # <2>
       value: "infinispan.keycloak.svc"
@@ -783,8 +784,6 @@ spec:
       spec:
         containers:
           - env:
-              - name: 'QUARKUS_THREAD_POOL_MAX_THREADS' # <4>
-                value: "200"
               # end::keycloak[]
               # We want to have an externally provided username and password, therefore, we override those two environment variables
               - name: KEYCLOAK_ADMIN

diff --git a/docs/guides/high-availability/examples/generated/keycloak.yaml b/docs/guides/high-availability/examples/generated/keycloak.yaml
@@ -432,6 +432,7 @@ spec:
       - multi-site # <2>
   # tag::keycloak-ispn[]
   additionalOptions:
+    # end::keycloak-ispn[]
     # tag::keycloak-queue-size[]
     - name: http-max-queued-requests
       value: "1000"
@@ -440,28 +441,21 @@ spec:
       value: json
     - name: metrics-enabled # <3>
       value: 'true'
+    - name: http-pool-max-threads # <4>
+      value: "66"
   http:
     tlsSecret: keycloak-tls-secret
   instances: 3
-  # tag::keycloak-ispn[]
   unsupported:
     podTemplate:
       # end::keycloak[]
-      # end::keycloak-ispn[]
       metadata:
         annotations:
           checksum/config: c73adcb155290b2da36c94852649862ca6c5ceab4be2f51bde509cd07276ca3d-34c125a6d541ad11d915b6d4f128a9281329070f67d06de917c9c3201e9326c1--01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b-v1.27.0
       # tag::keycloak[]
-      # tag::keycloak-ispn[]
       spec:
-        # end::keycloak-ispn[]
-
-        # tag::keycloak-ispn[]
         containers:
           - env:
-              # end::keycloak-ispn[]
-              - name: 'QUARKUS_THREAD_POOL_MAX_THREADS' # <4>
-                value: "66"
               # end::keycloak[]
               # We want to have an externally provided username and password, therefore, we override those two environment variables
               - name: KEYCLOAK_ADMIN
@@ -477,13 +471,10 @@ spec:
                     key: password
                     optional: false
                 # tag::keycloak[]
-              # tag::keycloak-ispn[]
               - name: JAVA_OPTS_APPEND # <5>
                 value: >
                   -Xms512m -Xmx1524m
-
                 # end::keycloak[]
-                # end::keycloak-ispn[]
             ports:
             # tag::keycloak[]
             resources:
@@ -502,12 +493,10 @@ spec:
             #   exec:
             #     command:
             #       - 'true'
-            # tag::keycloak-ispn[]
             volumeMounts:
               - name: keycloak-providers
                 mountPath: /opt/keycloak/providers
                 readOnly: true
-        # tag::keycloak-ispn[]
         volumes:
           - name: keycloak-providers
             configMap:

diff --git a/docs/guides/high-availability/partials/aurora/aurora-multiaz-create-procedure.adoc b/docs/guides/high-availability/partials/aurora/aurora-multiaz-create-procedure.adoc
@@ -241,7 +241,7 @@ aws rds create-db-cluster \
 ----
 +
 NOTE: You should replace the `--master-username` and `--master-user-password` values.
-The values specified here must be used when configuring the Keycloak DB credentials.
+The values specified here must be used when configuring the {project_name} database credentials.
 +
 .Output:
 [source,json]

diff --git a/docs/guides/high-availability/partials/infinispan/infinispan-credentials.adoc b/docs/guides/high-availability/partials/infinispan/infinispan-credentials.adoc
@@ -1,7 +1,7 @@
 [[infinispan-credentials]]
 . Configure the credential to access the Infinispan cluster.
 +
-Keycloak needs this credential to be able to authenticate with the Infinispan cluster.
+{project_name} needs this credential to be able to authenticate with the Infinispan cluster.
 The following `identities.yaml` file sets the username and password with admin permissions
 +
 [source,yam,subs="+attributes"]

diff --git a/...des/high-availability/partials/threads/executor-jgroups-thread-calculation.adoc b/...des/high-availability/partials/threads/executor-jgroups-thread-calculation.adoc
@@ -1,5 +1,5 @@
 The number of JGroup threads is `200` by default.
 While it can be configured using the property Java system property `jgroups.thread_pool.max_threads`, we advise keeping it at this value.
 As shown in experiments, the total number of Quarkus worker threads in the cluster must not exceed the number of threads in the JGroup thread pool of 200 in each node to avoid deadlocks in the JGroups communication.
-Given a Keycloak cluster with four Pods, each Pod should then have 50 Quarkus worker threads.
-Use the Quarkus configuration options `quarkus.thread-pool.max-threads` to configure the maximum number of Quarkus worker threads.
+Given a {project_name} cluster with four Pods, each Pod should then have 50 Quarkus worker threads.
+Use the {project_name} configuration option `http-pool-max-threads` to configure the maximum number of Quarkus worker threads.