[keycloak-user] Keycloak Open Network Sockets Keep Growing

[Scott Baugher]

Bottom line up-front:  Keycloak's open socket connections (file handles)
keep growing.

I'm running Keycloak 3.2.1 Final in production on MS Azure using Ubuntu
16.04 LTS.

All clients interact with Keycloak using the Javascript adapter.

I have two Keycloak servers configured in HA mode.  I have tried running
the servers behind an Azure load balancer, and directly exposed to the
Internet (to eliminate the load balancer as an issue), with no difference.

I have also kept the servers in HA mode, but pulled one out of the load
balancer pool.  The server no longer in the pool does not see its
connections grow.

Monitored over a period of several days, the Java process associated with
Keycloak starts around 400 file handles when the server is started, and
keeps climbing by 30 - 80 handles per hour until it reaches the maximum, at
which point keycloak stops functioning.

If I do an "lsof -p [keycloak-pid]", it has hundreds to thousands of
network socket connections open to real customer IP addresses (far more
than would ever be expected based on the number of users).  The number of
connections never goes down (until the server is rebooted).

I looked through all of issues resolved in every release since 3.2.1, but
see nothing related to this.  Does anyone have any idea what could possibly
be going on?