dimas-b commented on code in PR #3066: URL: https://github.com/apache/polaris/pull/3066#discussion_r2534729580
########## site/content/in-dev/unreleased/configuring-polaris-for-production.md: ########## @@ -23,35 +23,39 @@ type: docs weight: 600 --- -The default server configuration is intended for development and testing. When you deploy Polaris in production, -review and apply the following checklist: +The default server configuration is intended for development and testing. When you deploy Polaris in production, review +and apply the following checklist: + - [ ] Configure OAuth2 keys - [ ] Enforce realm header validation (`require-header=true`) - [ ] Use a durable metastore (JDBC + PostgreSQL) - [ ] Bootstrap valid realms in the metastore - [ ] Disable local FILE storage +- [ ] Polaris Server Header Review Comment: Why is `Polaris Server Header` a critical point for production configuration? ########## site/content/in-dev/unreleased/configuring-polaris-for-production.md: ########## @@ -23,35 +23,39 @@ type: docs weight: 600 --- -The default server configuration is intended for development and testing. When you deploy Polaris in production, -review and apply the following checklist: +The default server configuration is intended for development and testing. When you deploy Polaris in production, review +and apply the following checklist: + - [ ] Configure OAuth2 keys - [ ] Enforce realm header validation (`require-header=true`) - [ ] Use a durable metastore (JDBC + PostgreSQL) - [ ] Bootstrap valid realms in the metastore - [ ] Disable local FILE storage +- [ ] Polaris Server Header +- [ ] Upgrade considerations +- [ ] Cloud Storage Specific Configuration ### Configure OAuth2 -Polaris authentication requires specifying a token broker factory type. Two implementations are -supported out of the box: +Polaris authentication requires specifying a token broker factory type. Two implementations are supported out of the Review Comment: nit: I'd prefer not to change the formatting on existing lines when the text itself does not change. It complicates reviews and skews line authorship attribution. ########## site/content/in-dev/unreleased/configuring-polaris-for-production.md: ########## @@ -210,27 +204,39 @@ curl -X POST http://localhost:8181/api/catalog/v1/oauth/tokens \ ``` ### Disable FILE Storage Type -By default, Polaris allows using the local file system (`FILE`) for catalog storage. This is fine for testing, -but **not recommended for production**. To disable it, set the supported storage types like this: + +By default, Polaris allows using the local file system (`FILE`) for catalog storage. This is fine for testing, but **not +recommended for production**. To disable it, set the supported storage types like this: + ```hocon polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES" = [ "S3", "Azure" ] ``` + Leave out `FILE` to prevent its use. Only include the storage types your setup needs. ### Polaris Server Header -Polaris can emit an informational `Server` HTTP response header using Quarkus' built-in header -configuration. Add the following property to one of the supported configuration sources (for example, -`application.properties`) to enable it with the Polaris version string: +Polaris can emit an informational `Server` HTTP response header using Quarkus' built-in header configuration. Add the +following property to one of the supported configuration sources (for example, `application.properties`) to enable it +with the Polaris version string: ```properties quarkus.http.header."Server".value=Polaris/${quarkus.application.version} ``` -If you prefer to scope the header to specific environments, only set the property for the desired -profile (for example, `%prod`). +If you prefer to scope the header to specific environments, only set the property for the desired profile (for example, +`%prod`). + +### Cloud Storage Specific Configuration + +GCS + Polaris: When using token vending for fine-grained access in Google Cloud Storage (GCS) with Apache Iceberg on Review Comment: GCS is one of several possible cloud storage implementations. I believe it would be nicer to move this section into a sub-page under https://polaris.apache.org/in-dev/unreleased/configuring-polaris-for-production/ Other cloud storage options can get dedicated pages parallel to that one later. WDYT? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
