ADR-064: No force-delete annotation for finalizers

Category: development Provenance: human

Decision

No force-delete annotation for stuck finalizers. Users manually remove finalizers with kubectl patch when Keycloak is permanently unavailable. Standard Kubernetes pattern documented in troubleshooting guide.

Rationale

Industry standard approach (cert-manager, CloudNativePG, most operators rely on manual kubectl patch). Zero maintenance burden. Finalizers protect against data leaks - automatic removal contradicts their purpose. Manual removal forces user acknowledgment of consequences (orphaned realms/clients in Keycloak). Standard kubectl patch command is well-documented and universally available. Feature can be added later if proven necessary through usage patterns.

Agent Instructions

Do not implement force-delete annotations or timeout-based finalizer removal. When users report stuck resources, direct them to troubleshooting documentation for manual finalizer removal. Finalizers exist to prevent orphaned resources in Keycloak - removing them is user's explicit responsibility.

Rejected Alternatives

Immediate force-delete annotation

Too dangerous - no safety net, encourages careless usage, leaves orphaned resources in Keycloak without attempting cleanup.

Timeout-based automatic cleanup (Zalando PostgreSQL pattern)

Added complexity for rare edge case. Users can manually patch immediately if needed rather than waiting for timeout. Maintenance burden not justified by infrequent use.

Two-step confirmation annotation

Overly complex UX. Manual kubectl patch is simpler and achieves same result with clear user responsibility.