This is an automated email from the ASF dual-hosted git repository.
yufei pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git
The following commit(s) were added to refs/heads/main by this push:
new 0983911cd Site: Update production configuration page (#1606)
0983911cd is described below
commit 0983911cdc886604ac99c558b602644f01c15459
Author: Yufei Gu <[email protected]>
AuthorDate: Mon May 19 10:54:08 2025 -0700
Site: Update production configuration page (#1606)
---
.../configuring-polaris-for-production.md | 38 ++++++++++------------
1 file changed, 17 insertions(+), 21 deletions(-)
diff --git
a/site/content/in-dev/unreleased/configuring-polaris-for-production.md
b/site/content/in-dev/unreleased/configuring-polaris-for-production.md
index 84a3cec5e..3d0bfd232 100644
--- a/site/content/in-dev/unreleased/configuring-polaris-for-production.md
+++ b/site/content/in-dev/unreleased/configuring-polaris-for-production.md
@@ -17,23 +17,21 @@
# specific language governing permissions and limitations
# under the License.
#
-title: Configuring Apache Polaris (Incubating) for Production
-linkTitle: Deploying In Production
+title: Configuring Polaris for Production
+linkTitle: Production Configuration
type: docs
weight: 600
---
-## Configuring Polaris for Production
+The default server configuration is intended for development and testing. When
you deploy Polaris in production,
+review and apply the following checklist:
+- [ ] Configure OAuth2 keys
+- [ ] Enforce realm header validation (`require-header=true`)
+- [ ] Use a durable metastore (JDBC + PostgreSQL)
+- [ ] Bootstrap valid realms in the metastore
+- [ ] Disable local FILE storage
-The default server configuration is intended for development and testing. When
deploying Polaris in
-production, there are several best practices to keep in mind.
-
-Notable configuration used to secure a Polaris deployment are outlined below.
-
-For more information on how to configure Polaris and what configuration
options are available,
-refer to the [configuration reference page]({{% ref "configuration" %}}).
-
-### OAuth2
+### Configure OAuth2
Polaris authentication requires specifying a token broker factory type. Two
implementations are
supported out of the box:
@@ -209,13 +207,11 @@ curl -X POST
http://localhost:8181/api/catalog/v1/oauth/tokens \
-d "scope=PRINCIPAL_ROLE:ALL"
```
-## Other Configurations
-
-When deploying Polaris in production, consider adjusting the following
configurations:
-
-#### `polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES"`
-
-- By default, Polaris catalogs are allowed to be located in local filesystem
with the `FILE` storage
- type. This should be disabled for production systems.
-- Use this configuration to additionally disable any other storage types that
will not be in use.
+### Disable FILE Storage Type
+By default, Polaris allows using the local file system (`FILE`) for catalog
storage. This is fine for testing,
+but **not recommended for production**. To disable it, set the supported
storage types like this:
+```hocon
+polaris.features."SUPPORTED_CATALOG_STORAGE_TYPES" = [ "S3", "Azure" ]
+```
+Leave out `FILE` to prevent its use. Only include the storage types your setup
needs.
