I would like to see the clarification between the broker protocol handlers and proxy protocol handlers before moving it to a vote thread.
I can see how it will cause confusion for protocol developers. Yunze brought a good idea on KoP. But I don't think that's the right direction. If you can give an example of the usage of a proxy handler and how it is different from using a broker handler, that would help me understand this PIP. The reason why Pulsar proxy is built is to have a "smart" proxy that is aware of Pulsar protocol. The Pulsar proxy can be replaced with other mature proxy software with SNI routing or multiple advertised listeners now. Hence I am afraid that we are taking the wrong direction here. Here are various reasons. 1) The ProxyService is essentially a Pulsar admin client. Broker service also provides a Pulsar admin client. I am not sure how Proxy PH will simplify the protocol handler development. Please use an example to demonstrate it. 2) The Authorization & Authentication services in ProxyService are only used when proxies are configured to use zookeeper for broker discovery. However, this option is not recommended when running Pulsar proxies in Kubernetes. Instead, using a broker discovery service is recommended. In order to make PH work, you are forcing proxy to be tight with the zookeeper. 3) Configuring authentication and authorization in proxy is already challenging. There are a few different combinations. A typical Pulsar setup is to forward the authentication credentials to the brokers to authenticate and authorize. If you don't do this correctly, it will introduce security holes because a connection can potentially grab the superuser credential configured in proxy and use superuser credentials to access brokers. From this perspective, I think proxy protocol handler doesn't make things simpler instead it makes things complicated when it comes to authentication and authorization. I would like to see these questions are answered before moving to a vote. - Sijie On Wed, Sep 1, 2021 at 12:55 PM Enrico Olivelli <eolive...@gmail.com> wrote: > Any other comment? > > I would like to start a VOTE, but I feel we saw too few comments here > > Please take a look. > I believe it will be a good fit for 2.9.0 release, that is going to be > released in the end of September > > > Enrico > > Il Mar 31 Ago 2021, 18:14 Michael Marshall <mikemars...@gmail.com> ha > scritto: > > > +1, just read through the PIP. Looks good to me. > > > > - Michael > > > > On Mon, Aug 30, 2021 at 3:47 AM Enrico Olivelli <eolive...@gmail.com> > > wrote: > > > > > Hello Pulsar fellows, > > > > > > I have prepared a PIP about adding support for Protocol Handlers > > > > > > This is the GDoc > > > > > > > > > > > > https://docs.google.com/document/d/1Hlc_BOpQTkWX8FgrvWSfk6h5xTQKMXnTcSuil0Nznrg/edit?usp=sharing > > > > > > > > > This is the PR for the implementation > > > https://github.com/apache/pulsar/pull/11838/files > > > > > > I am pretty sure that this PIP will make life of developers of Protocol > > > Handlers and of Administrators who deploy Protocol Handlers very nicer > > > > > > We are still working on the formal PIP process, at the moment I am > > sharing > > > with you the document. > > > My understanding is that after the discussion, I will start a VOTE > > thread, > > > and if the VOTE passes we can move forward with reviewing the PR, and > > > hopefully merge this feature for Pulsar 2.9.0 > > > > > > Enrico > > > > > >
