Skip to content

Site: Update production configuration page #1606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
May 19, 2025
Merged

Site: Update production configuration page #1606

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1bbb559
Update the production-configuration.md
May 18, 2025
3c47ef8
Update the production-configuration.md
May 18, 2025
4e5bee9
Update the production-configuration.md
May 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 17 additions & 21 deletions site/content/in-dev/unreleased/configuring-polaris-for-production.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,23 +17,21 @@
# specific language governing permissions and limitations
# under the License.
#
title: Configuring Apache Polaris (Incubating) for Production
linkTitle: Deploying In Production
title: Configuring Polaris for Production
linkTitle: Production Configuration
type: docs
weight: 600
---

## Configuring Polaris for Production
The default server configuration is intended for development and testing. When you deploy Polaris in production,
review and apply the following checklist:
- [ ] Configure OAuth2 keys
- [ ] Enforce realm header validation (`require-header=true`)
- [ ] Use a durable metastore (JDBC + PostgreSQL)
- [ ] Bootstrap valid realms in the metastore
- [ ] Disable local FILE storage
Copy link
Contributor

@pingtimeout pingtimeout May 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given that #1566 has been merged, that bullet point should not be necessary. Am I missing something?

Edit: my bad, 1566 has not been merged yet.


The default server configuration is intended for development and testing. When deploying Polaris in
production, there are several best practices to keep in mind.

Notable configuration used to secure a Polaris deployment are outlined below.

For more information on how to configure Polaris and what configuration options are available,
refer to the [configuration reference page]({{% ref "configuration" %}}).

### OAuth2
### Configure OAuth2

Polaris authentication requires specifying a token broker factory type. Two implementations are
supported out of the box:
Expand Down Expand Up @@ -209,13 +207,11 @@ curl -X POST http://localhost:8181/api/catalog/v1/oauth/tokens \
-d "scope=PRINCIPAL_ROLE:ALL"
```

## Other Configurations

When deploying Polaris in production, consider adjusting the following configurations:

#### `polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES"`

- By default, Polaris catalogs are allowed to be located in local filesystem with the `FILE` storage
type. This should be disabled for production systems.
- Use this configuration to additionally disable any other storage types that will not be in use.
### Disable FILE Storage Type
By default, Polaris allows using the local file system (`FILE`) for catalog storage. This is fine for testing,
Copy link
Contributor

@pingtimeout pingtimeout May 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same, given that #1566 has been merged, this sentence is false, isn't it?

EDIT: my bad, 1566 has not been merged yet. Let's wait for a couple of hours/days until either of #1532 and #1566 is merged. Both these PRs will remove the need for this doc section, and they are needed for 1.0.

but **not recommended for production**. To disable it, set the supported storage types like this:
```hocon
polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES" = [ "S3", "Azure" ]
```
Leave out `FILE` to prevent its use. Only include the storage types your setup needs.