mohit7705 commented on issue #1367: URL: https://github.com/apache/datafusion-ballista/issues/1367#issuecomment-3720573118
## Design Proposal: Optional TLS via Channel and Server Factories ### Problem Currently, communication between clients, schedulers, and executors uses plain HTTP, which does not provide transport-level encryption. ### Goal Enable optional TLS support while keeping the default behavior unchanged (plain HTTP). ### Non-goals - Enforcing TLS by default - Implementing a full security or certificate management framework ### Proposed Solution Introduce configurable abstractions for: - `ChannelFactory` – responsible for creating outbound client channels - `ServerFactory` – responsible for creating inbound server listeners The existing HTTP-based implementation will remain the default. Users who require TLS can provide custom implementations (for example, using `rustls`) without modifying core logic. ### Configuration Factories can be selected via existing configuration mechanisms (e.g., config files or environment variables), allowing users to opt into TLS explicitly. ### Backward Compatibility This approach is fully backward-compatible. Existing deployments will continue to work without any changes. ### Next Steps After feedback and approval: 1. Identify instantiation points for channels and servers 2. Introduce factory interfaces 3. Wire configuration to select the desired factory implementation -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
