From 1bbb559fdfc7fbb2c0e75caeccb1571f3aaab64f Mon Sep 17 00:00:00 2001 From: Yufei Gu Date: Sun, 18 May 2025 16:48:05 -0700 Subject: [PATCH 1/3] Update the production-configuration.md --- ...duction.md => production-configuration.md} | 36 +++++++++---------- 1 file changed, 16 insertions(+), 20 deletions(-) rename site/content/in-dev/unreleased/{configuring-polaris-for-production.md => production-configuration.md} (89%) diff --git a/site/content/in-dev/unreleased/configuring-polaris-for-production.md b/site/content/in-dev/unreleased/production-configuration.md similarity index 89% rename from site/content/in-dev/unreleased/configuring-polaris-for-production.md rename to site/content/in-dev/unreleased/production-configuration.md index 84a3cec5eb..fdd2affd22 100644 --- a/site/content/in-dev/unreleased/configuring-polaris-for-production.md +++ b/site/content/in-dev/unreleased/production-configuration.md @@ -17,21 +17,19 @@ # specific language governing permissions and limitations # under the License. # -title: Configuring Apache Polaris (Incubating) for Production -linkTitle: Deploying In Production +title: Configuring Polaris for Production +linkTitle: Production Configuration type: docs weight: 600 --- -## Configuring Polaris for Production - -The default server configuration is intended for development and testing. When deploying Polaris in -production, there are several best practices to keep in mind. - -Notable configuration used to secure a Polaris deployment are outlined below. - -For more information on how to configure Polaris and what configuration options are available, -refer to the [configuration reference page]({{% ref "configuration" %}}). +The default server configuration is intended for development and testing. When you deploy Polaris in production, +start with this short checklist: +- [ ] Set OAuth2 keys +- [ ] Enforce realm header (`require-header=true`) +- [ ] Use durable metastore (JDBC + PostgreSQL) +- [ ] Bootstrap valid realms in metastore +- [ ] Disable FILE storage type ### OAuth2 @@ -209,13 +207,11 @@ curl -X POST http://localhost:8181/api/catalog/v1/oauth/tokens \ -d "scope=PRINCIPAL_ROLE:ALL" ``` -## Other Configurations - -When deploying Polaris in production, consider adjusting the following configurations: - -#### `polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES"` - -- By default, Polaris catalogs are allowed to be located in local filesystem with the `FILE` storage - type. This should be disabled for production systems. -- Use this configuration to additionally disable any other storage types that will not be in use. +### Disable FILE Storage Type +By default, Polaris allows using the local file system (`FILE`) for catalog storage. This is fine for testing, +but **not recommended for production**. To disable it, set the supported storage types like this: +```hocon +polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES" = [ "S3", "Azure" ] +``` +Leave out `FILE` to prevent its use. Only include the storage types your setup needs. From 3c47ef82d37ef14ebafd39cc20f27152b634d2b6 Mon Sep 17 00:00:00 2001 From: Yufei Gu Date: Sun, 18 May 2025 16:49:51 -0700 Subject: [PATCH 2/3] Update the production-configuration.md --- .../unreleased/production-configuration.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/site/content/in-dev/unreleased/production-configuration.md b/site/content/in-dev/unreleased/production-configuration.md index fdd2affd22..3d0bfd232c 100644 --- a/site/content/in-dev/unreleased/production-configuration.md +++ b/site/content/in-dev/unreleased/production-configuration.md @@ -24,14 +24,14 @@ weight: 600 --- The default server configuration is intended for development and testing. When you deploy Polaris in production, -start with this short checklist: -- [ ] Set OAuth2 keys -- [ ] Enforce realm header (`require-header=true`) -- [ ] Use durable metastore (JDBC + PostgreSQL) -- [ ] Bootstrap valid realms in metastore -- [ ] Disable FILE storage type - -### OAuth2 +review and apply the following checklist: +- [ ] Configure OAuth2 keys +- [ ] Enforce realm header validation (`require-header=true`) +- [ ] Use a durable metastore (JDBC + PostgreSQL) +- [ ] Bootstrap valid realms in the metastore +- [ ] Disable local FILE storage + +### Configure OAuth2 Polaris authentication requires specifying a token broker factory type. Two implementations are supported out of the box: From 4e5bee938ebad3eee8c97713d66d222e84d18b64 Mon Sep 17 00:00:00 2001 From: Yufei Gu Date: Sun, 18 May 2025 16:55:52 -0700 Subject: [PATCH 3/3] Update the production-configuration.md --- ...ion-configuration.md => configuring-polaris-for-production.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename site/content/in-dev/unreleased/{production-configuration.md => configuring-polaris-for-production.md} (100%) diff --git a/site/content/in-dev/unreleased/production-configuration.md b/site/content/in-dev/unreleased/configuring-polaris-for-production.md similarity index 100% rename from site/content/in-dev/unreleased/production-configuration.md rename to site/content/in-dev/unreleased/configuring-polaris-for-production.md