tuanit03 commented on issue #3640: URL: https://github.com/apache/polaris/issues/3640#issuecomment-3839775756
Thank you for replying, **@dimas-b** I updated the storage config but I’m still seeing the same error. I understand that to bypass Polaris’s Credential Vending mechanism you must use the following configs and store the S3 key in Spark: ```text stsUnavailable: true, polaris.features."SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION": "true" polaris.features.realm-overrides."polaris"."SKIP_CREDENTIAL_SUBSCOPING_INDIRECTION": "true" ``` However, I’m having an issue with a custom endpoint: Polaris automatically resolves the endpoint via DNS through the proxy, even though I set `NO_PROXY`. Inside the Polaris container I can still connect to this S3 endpoint: ```bash [polaris@e9a836e1cb6b ~]$ curl -v --noproxy s3-it-hn.company.net https://s3-it-hn.company.net/ * Trying 210.123.456.789:443... * Connected to s3-it-hn.company.net (210.123.456.789) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/pki/tls/certs/ca-bundle.crt * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.3 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Unknown (23): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: C=VN; ST=Ha Noi; O=company; CN=*.company.net * start date: Nov 14 00:00:00 2025 GMT * expire date: Nov 17 23:59:59 2026 GMT * subjectAltName: host "s3-it-hn.company.net" matched cert's "*.company.net" * issuer: C=US; O=DigiCert Inc; CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * TLSv1.2 (OUT), TLS header, Unknown (23): * TLSv1.2 (OUT), TLS header, Unknown (23): * TLSv1.2 (OUT), TLS header, Unknown (23): * Using Stream ID: 1 (easy handle 0x62485f07b950) * TLSv1.2 (OUT), TLS header, Unknown (23): > GET / HTTP/2 > Host: s3-it-hn.company.net > user-agent: curl/7.76.1 > accept: */* > * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.2 (OUT), TLS header, Unknown (23): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.2 (IN), TLS header, Unknown (23): < HTTP/2 200 < x-amz-request-id: tx00000-default < content-type: application/xml < date: Tue, 03 Feb 2026 08:02:10 GMT < * TLSv1.2 (IN), TLS header, Unknown (23): * Connection #0 to host s3-it-hn.company.net left intact <?xml version="1.0" encoding="UTF-8"?><ListAllMyBucketsResult xmlns="http://s3.amazonaws.com/doc/2006-03-01/";><Owner><ID>anonymous</ID><DisplayName></DisplayName></Owner><Buckets></Buckets></ListAllMyBucketsResult> ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
