daniellavoie commented on a change in pull request #5543:
URL: https://github.com/apache/incubator-pinot/pull/5543#discussion_r439368799
##########
File path:
pinot-controller/src/main/java/org/apache/pinot/controller/ControllerConf.java
##########
@@ -29,21 +29,28 @@
import org.apache.pinot.common.protocols.SegmentCompletionProtocol;
import org.apache.pinot.common.utils.StringUtil;
import org.apache.pinot.spi.filesystem.LocalPinotFS;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import static
org.apache.pinot.common.utils.CommonConstants.Controller.CONFIG_OF_CONTROLLER_METRICS_PREFIX;
import static
org.apache.pinot.common.utils.CommonConstants.Controller.DEFAULT_METRICS_PREFIX;
public class ControllerConf extends PropertiesConfiguration {
- private static final Logger LOGGER =
LoggerFactory.getLogger(ControllerConf.class);
-
private static final String CONTROLLER_VIP_HOST = "controller.vip.host";
private static final String CONTROLLER_VIP_PORT = "controller.vip.port";
private static final String CONTROLLER_VIP_PROTOCOL =
"controller.vip.protocol";
private static final String CONTROLLER_HOST = "controller.host";
private static final String CONTROLLER_PORT = "controller.port";
+ private static final String CONTROLLER_HTTP_ENABLED =
"controller.http.enabled";
Review comment:
@mcvsubbu I like your suggestion regarding "dynamic" protocol mapping.
I'll rework in that sense.
The reason the host config is available per "listener" is so you can
configure from which hostname the listener may be accessed. This is very useful
when you want to allow `http` access for your internal subnet traffic
(inter-service stuff) and force https for anything holding a user-facing DNS
hostname or IP. Most database I've operated have this option. Kafka has this
concept for instance (even auth can be configured by listener). The default
value for host could certainly be re-routed to
`ControllerStarter.inferHostNameifNeeded()` but the goal here is not to form an
identity but to define allowed access. The current implementation of this PR
will default host to `0.0.0.0` if undefined. The is predictable and less likely
to break anything.
@jackjlli This PR aims to offer a smooth and low risk migration path to
deployments who wants to turn `https` on. If it's either `http` or `https`,
operators have less flexibility to plan their migration.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org
For additional commands, e-mail: commits-h...@pinot.apache.org
