|
17 | 17 | # specific language governing permissions and limitations |
18 | 18 | # under the License. |
19 | 19 | # |
20 | | -title: Configuring Apache Polaris (Incubating) for Production |
21 | | -linkTitle: Deploying In Production |
| 20 | +title: Configuring Polaris for Production |
| 21 | +linkTitle: Production Configuration |
22 | 22 | type: docs |
23 | 23 | weight: 600 |
24 | 24 | --- |
25 | 25 |
|
26 | | -## Configuring Polaris for Production |
| 26 | +The default server configuration is intended for development and testing. When you deploy Polaris in production, |
| 27 | +review and apply the following checklist: |
| 28 | +- [ ] Configure OAuth2 keys |
| 29 | +- [ ] Enforce realm header validation (`require-header=true`) |
| 30 | +- [ ] Use a durable metastore (JDBC + PostgreSQL) |
| 31 | +- [ ] Bootstrap valid realms in the metastore |
| 32 | +- [ ] Disable local FILE storage |
27 | 33 |
|
28 | | -The default server configuration is intended for development and testing. When deploying Polaris in |
29 | | -production, there are several best practices to keep in mind. |
30 | | - |
31 | | -Notable configuration used to secure a Polaris deployment are outlined below. |
32 | | - |
33 | | -For more information on how to configure Polaris and what configuration options are available, |
34 | | -refer to the [configuration reference page]({{% ref "configuration" %}}). |
35 | | - |
36 | | -### OAuth2 |
| 34 | +### Configure OAuth2 |
37 | 35 |
|
38 | 36 | Polaris authentication requires specifying a token broker factory type. Two implementations are |
39 | 37 | supported out of the box: |
@@ -209,13 +207,11 @@ curl -X POST http://localhost:8181/api/catalog/v1/oauth/tokens \ |
209 | 207 | -d "scope=PRINCIPAL_ROLE:ALL" |
210 | 208 | ``` |
211 | 209 |
|
212 | | -## Other Configurations |
213 | | - |
214 | | -When deploying Polaris in production, consider adjusting the following configurations: |
215 | | - |
216 | | -#### `polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES"` |
217 | | - |
218 | | -- By default, Polaris catalogs are allowed to be located in local filesystem with the `FILE` storage |
219 | | - type. This should be disabled for production systems. |
220 | | -- Use this configuration to additionally disable any other storage types that will not be in use. |
| 210 | +### Disable FILE Storage Type |
| 211 | +By default, Polaris allows using the local file system (`FILE`) for catalog storage. This is fine for testing, |
| 212 | +but **not recommended for production**. To disable it, set the supported storage types like this: |
| 213 | +```hocon |
| 214 | +polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES" = [ "S3", "Azure" ] |
| 215 | +``` |
| 216 | +Leave out `FILE` to prevent its use. Only include the storage types your setup needs. |
221 | 217 |
|
0 commit comments