daniellavoie commented on a change in pull request #5543: URL: https://github.com/apache/incubator-pinot/pull/5543#discussion_r439368799
########## File path: pinot-controller/src/main/java/org/apache/pinot/controller/ControllerConf.java ########## @@ -29,21 +29,28 @@ import org.apache.pinot.common.protocols.SegmentCompletionProtocol; import org.apache.pinot.common.utils.StringUtil; import org.apache.pinot.spi.filesystem.LocalPinotFS; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import static org.apache.pinot.common.utils.CommonConstants.Controller.CONFIG_OF_CONTROLLER_METRICS_PREFIX; import static org.apache.pinot.common.utils.CommonConstants.Controller.DEFAULT_METRICS_PREFIX; public class ControllerConf extends PropertiesConfiguration { - private static final Logger LOGGER = LoggerFactory.getLogger(ControllerConf.class); - private static final String CONTROLLER_VIP_HOST = "controller.vip.host"; private static final String CONTROLLER_VIP_PORT = "controller.vip.port"; private static final String CONTROLLER_VIP_PROTOCOL = "controller.vip.protocol"; private static final String CONTROLLER_HOST = "controller.host"; private static final String CONTROLLER_PORT = "controller.port"; + private static final String CONTROLLER_HTTP_ENABLED = "controller.http.enabled"; Review comment: @mcvsubbu I like your suggestion regarding "dynamic" protocol mapping. I'll rework in that sense. The reason the host config is available per "listener" is so you can configure from which hostname the listener may be accessed. This is very useful when you want to allow `http` access for your internal subnet traffic (inter-service stuff) and force https for anything holding a user-facing DNS hostname or IP. Most database I've operated have this option. Kafka has this concept for instance (even auth can be configured by listener). The default value for host could certainly be re-routed to `ControllerStarter.inferHostNameifNeeded()` but the goal here is not to form an identity but to define allowed access. The current implementation of this PR will default host to `0.0.0.0` if undefined. The is predictable and less likely to break anything. @jackjlli This PR aims to offer a smooth and low risk migration path to deployments who wants to turn `https` on. If it's either `http` or `https`, operators have less flexibility to plan their migration. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org