oracle
diff --git a/‎docs-source/content/userguide/managing-domains/domain-lifecycle/startup.md
Lines changed: 155 additions & 67 deletions b/‎docs-source/content/userguide/managing-domains/domain-lifecycle/startup.md
Lines changed: 155 additions & 67 deletions
diff --git a/‎docs/domains/Domain.json
Lines changed: 26 additions & 0 deletions b/‎docs/domains/Domain.json
Lines changed: 26 additions & 0 deletions
diff --git a/‎docs/domains/Domain.md
Lines changed: 11 additions & 0 deletions b/‎docs/domains/Domain.md
Lines changed: 11 additions & 0 deletions
@@ -11,13 +11,16 @@ and which servers should be restarted. To start, stop, or restart servers, modif
 
 * [Starting and stopping servers](#starting-and-stopping-servers)
     * [Common starting and stopping scenarios](#common-starting-and-stopping-scenarios)
+* [Shutdown options](#shutdown-options)
 * [Restarting servers](#restarting-servers)
     * [Rolling restarts](#rolling-restarts)
     * [Common restarting scenarios](#common-restarting-scenarios)
 
 There are properties on the domain resource that specify which servers should be running
 and which servers should be restarted. To start, stop, or restart servers, modify these properties on the domain resource
-(for example, by using `kubectl` or the Kubernetes REST API).  The operator will notice the changes and apply them.
+(for example, by using `kubectl` or the Kubernetes REST API).  The operator will notice the changes and apply them.  Beginning,
+with operator version 2.2, there are now properties to control server shutdown handling, such as whether the shutdown
+will be graceful, the timeout, and if in-flight sessions are given the opportunity to complete.
 
 ### Starting and stopping servers
 
@@ -74,50 +77,60 @@ In this case, the domain resource does not need to specify `serverStartPolicy`,
 
 For example:
 ```
-   domain:
-     spec:
-       image: ...
-       replicas: 10
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    image: ...
+    replicas: 10
 ```
 
 #### Shut down all the servers
 Sometimes you need to completely shut down the domain (for example, take it out of service).
 ```
-   domain:
-     spec:
-       serverStartPolicy: "NEVER"
-       ...
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    serverStartPolicy: "NEVER"
+    ...
 ```
 
 #### Only start the Administration Server
 Sometimes you want to start the Administration Server only, that is, take the domain out of service but leave the Administration Server running so that you can administer the domain.
 ```
-   domain:
-     spec:
-       serverStartPolicy: "ADMIN_ONLY"
-       ...
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    serverStartPolicy: "ADMIN_ONLY"
+    ...
 ```
 
 #### Shut down a cluster
 To shut down a cluster (for example, take it out of service), add it to the domain resource and set its `serverStartPolicy` to `NEVER`.
 ```
-   domain:
-     spec:
-       clusters:
-       - clusterName: "cluster1"
-         serverStartPolicy: "NEVER"
-       ...
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    clusters:
+    - clusterName: "cluster1"
+      serverStartPolicy: "NEVER"
+    ...
 ```
 
 #### Shut down a specific standalone server
 To shut down a specific standalone server, add it to the domain resource and set its `serverStartPolicy` to `NEVER`.
 ```
-   domain:
-     spec:
-       managedServers:
-       - serverName: "server1"
-         serverStartPolicy: "NEVER"
-       ...
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    managedServers:
+    - serverName: "server1"
+      serverStartPolicy: "NEVER"
+    ...
 ```
 
 #### Force a specific clustered Managed Server to start
@@ -126,18 +139,81 @@ However, sometimes some of the Managed Servers are different (for example, suppo
 
 This is done by adding the server to the domain resource and setting its `serverStartPolicy` to `ALWAYS`.
 ```
-   domain:
-     spec:
-       managedServers:
-       - serverName: "cluster1_server1"
-         serverStartPolicy: "ALWAYS"
-       ...
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    managedServers:
+    - serverName: "cluster1_server1"
+      serverStartPolicy: "ALWAYS"
+    ...
 ```
 
 {{% notice note %}}
 The server will count toward the cluster's `replicas` count.  Also, if you configure more than the `replicas` servers count to `ALWAYS`, they will all be started, even though the `replicas` count will be exceeded.
 {{%/ notice %}}
 
+### Shutdown options
+
+The domain resource includes the element `serverPod` that is available under `spec`, `adminServer` and each entry of 
+`clusters` and `managedServers`. The `serverPod` element controls many details of how pods are created for server instances.
+
+The `shutdown` element of `serverPod` controls how servers will be shutdown.  This element has three properties:
+`shutdownType`, `timeoutSeconds`, and `ignoreSessions`.  The `shutdownType` property can be set to either `Graceful`, the default, 
+or `Forced` specifying the type of shutdown.  The `timeoutSeconds` property configures how long the server is given to 
+complete shutdown before the server is killed.  The `ignoreSessions` property, which is only applicable for graceful shutdown, when `false`,
+the default, allows the shutdown process to take longer to give time for any active sessions to complete up to the configured timeout.
+The operator runtime monitors this property but will not restart any server pods solely to adjust the shutdown options.
+Instead, server pods created or restarted because of another property change will be configured to shutdown, at the appropriate
+time, using the shutdown options set when the server pod is created.
+
+#### Shutdown environment variables
+
+The operator runtime configures shutdown behavior with the use of the following environment variables. Users may
+instead simply configure these environment variables directly.  When a user-configured environment variable is present,
+the operator will not override the environment variable based on the shutdown configuration.
+
+| Environment Variables | Default Value | Supported Values |
+| --- | --- | --- |
+| `SHUTDOWN_TYPE` | `Graceful` | `Graceful` or `Forced` |
+| `SHUTDOWN_TIMEOUT` | 30 | Whole number in seconds where 0 means no timeout |
+| `SHUTDOWN_IGNORE_SESSIONS` | `false` | Boolean indicating if active sessions should be ignored; only applicable if shutdown is graceful |
+
+#### `shutdown` rules
+
+You can specify the `serverPod` element, including the `shutdown` element, at the domain, cluster, and server levels. If
+`shutdown` is specified at multiple levels, such as for a cluster and for a member server that is part of that cluster,
+then the shutdown configuration for a specific server is the combination of all of the relevant values with each field
+having the value from the `shutdown` element at the most specific scope.  
+
+For instance, given the following domain resource:
+```
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    serverPod:
+      shutdown:
+        shutdownType: Graceful
+        timeoutSeconds: 45
+    clusters:
+    - clusterName: "cluster1"
+      serverPod:
+        shutdown:
+          ignoreSessions: true
+    managedServers:
+    - serverName: "cluster1_server1"
+      serverPod:
+        shutdown:
+          timeoutSeconds: 60
+          ignoreSessions: false
+    ...
+```
+
+Graceful shutdown is used for all servers in the domain because this is specified at the domain level and is not overridden at 
+any cluster or server level.  The "cluster1" cluster defaults to ignoring sessions; however, the "cluster1_server1" server
+instance will not ignore sessions and will have a longer timeout.
+
 ### Restarting servers
 
 The operator runtime automatically recreates (restarts) server pods when properties on the domain resource that affect server pods change (such as `image`, `volumes`, and `env`).
@@ -211,51 +287,59 @@ The servers will also be restarted if `restartVersion` is removed from the domai
 Set `restartVersion` at the domain level to a new value.
 
 ```
-   domain:
-     spec:
-       restartVersion: "domainV1"
-       ...
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    restartVersion: "domainV1"
+    ...
 ```
 
 #### Restart all the servers in the cluster
 
 Set `restartVersion` at the cluster level to a new value.
 
 ```
-   domain:
-     spec:
-       clusters:
-       - clusterName : "cluster1"
-         restartVersion: "cluster1V1"
-         maxUnavailable: 2
-       ...
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    clusters:
+    - clusterName : "cluster1"
+      restartVersion: "cluster1V1"
+      maxUnavailable: 2
+    ...
 ```
 
 #### Restart the Administration Server
 
 Set `restartVersion` at the `adminServer` level to a new value.
 
 ```
-   domain:
-     spec:
-       adminServer:
-         restartVersion: "adminV1"
-       ...
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    adminServer:
+      restartVersion: "adminV1"
+    ...
 ```
 
 #### Restart a standalone or clustered Managed Server
 
 Set `restartVersion` at the `managedServer` level to a new value.
 
 ```
-   domain:
-     spec:
-       managedServers:
-       - serverName: "standalone_server1"
-         restartVersion: "v1"
-       - serverName: "cluster1_server1"
-         restartVersion: "v1"
-       ...
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    managedServers:
+    - serverName: "standalone_server1"
+      restartVersion: "v1"
+    - serverName: "cluster1_server1"
+      restartVersion: "v1"
+    ...
 ```
 #### Full domain restarts
 
@@ -265,23 +349,27 @@ then restart them.  Unlike rolling restarts, the operator cannot detect and init
 To manually initiate a full domain restart:
 
 1. Change the domain level `serverStartPolicy` on the domain resource to `NEVER`.
-    ```
-       domain:
-         spec:
-           serverStartPolicy: "NEVER"
-           ...
-    ```
+```
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    serverStartPolicy: "NEVER"
+    ...
+```
 
 2. Wait for the operator to stop ALL the servers for that domain.
 
 3. To restart the domain, set the domain level `serverStartPolicy` back to `IF_NEEDED`. Alternatively, you do not
 have to specify the `serverStartPolicy` as the default value is `IF_NEEDED`.
 
-    ```
-       domain:
-         spec:
-           serverStartPolicy: "IF_NEEDED"
-           ...
-    ```
+```
+  kind: Domain
+  metadata:
+    name: domain1
+  spec:
+    serverStartPolicy: "IF_NEEDED"
+    ...
+```
 
 4. The operator will restart all the servers in the domain.
@@ -493,6 +493,10 @@
           "items": {
             "$ref": "https://github.com/garethr/kubernetes-json-schema/blob/master/v1.9.0/_definitions.json#/definitions/io.k8s.api.core.v1.Container"
           }
+        },
+        "shutdown": {
+          "description": "Configures how the operator should shutdown the server instance.",
+          "$ref": "#/definitions/Shutdown"
         }
       }
     },
@@ -521,6 +525,28 @@
         }
       }
     },
+    "Shutdown": {
+      "description": "Shutdown describes the configuration for shutting down a server instance.",
+      "type": "object",
+      "properties": {
+        "ignoreSessions": {
+          "description": "For graceful shutdown only, indicates to ignore pending HTTP sessions during in-flight work handling. Not required. Defaults to false.",
+          "type": "boolean"
+        },
+        "shutdownType": {
+          "description": "Tells the operator how to shutdown server instances. Not required. Defaults to graceful shutdown.",
+          "type": "string",
+          "enum": [
+            "Graceful",
+            "Forced"
+          ]
+        },
+        "timeoutSeconds": {
+          "description": "For graceful shutdown only, number of seconds to wait before aborting in-flight work and shutting down the server. Not required. Defaults to 30 seconds.",
+          "type": "number"
+        }
+      }
+    },
     "SubsystemHealth": {
       "type": "object",
       "properties": {
 
@@ -110,6 +110,7 @@ ServerPod describes the configuration for a Kubernetes pod for a server.
 | `podSecurityContext` | [Pod Security Context](k8s1.9.0.md#pod-security-context) | Pod-level security attributes. |
 | `readinessProbe` | [Probe Tuning](#probe-tuning) | Settings for the readiness probe associated with a server. |
 | `resources` | [Resource Requirements](k8s1.9.0.md#resource-requirements) | Memory and cpu minimum requirements and limits for the server. |
+| `shutdown` | [Shutdown](#shutdown) | Configures how the operator should shutdown the server instance. |
 | `volumeMounts` | array of [Volume Mount](k8s1.9.0.md#volume-mount) | Additional volume mounts for the server pod. |
 | `volumes` | array of [Volume](k8s1.9.0.md#volume) | Additional volumes to be created in the server pod. |
 
@@ -157,6 +158,16 @@ ServerPod describes the configuration for a Kubernetes pod for a server.
 | `periodSeconds` | number | The number of seconds between checks |
 | `timeoutSeconds` | number | The number of seconds with no response that indicates a failure |
 
+### Shutdown
+
+Shutdown describes the configuration for shutting down a server instance.
+
+| Name | Type | Description |
+| --- | --- | --- |
+| `ignoreSessions` | Boolean | For graceful shutdown only, indicates to ignore pending HTTP sessions during in-flight work handling. Not required. Defaults to false. |
+| `shutdownType` | string | Tells the operator how to shutdown server instances. Not required. Defaults to graceful shutdown. |
+| `timeoutSeconds` | number | For graceful shutdown only, number of seconds to wait before aborting in-flight work and shutting down the server. Not required. Defaults to 30 seconds. |
+
 ### Server Health
 
 | Name | Type | Description |