Feasibility of 1 Realm per Tenant at 10,000 Tenants Scale?

[lawrenz1]

We're evaluating Apache Polaris for a high-tenant deployment and need guidance on realm vs. catalog design. We're planning to use 1 tenant account per realm, and there can theoretically be up to 10,000 tenants, each with independent storage credentials and isolation requirements. Is this feasible, or should we use 1 realm with 10,000 catalogs (1 catalog per tenant) instead?

[adnanhemani]

This is a great question. It does somewhat depend on your security boundaries as well - if you require airgapping between tenants and there are no shared entities between the tenants (e.g. users, catalogs, roles, etc.) then realm is the best option. As for scaling concerns, I don't think anyone has tested realms at that level yet, but I don't see why 10,000 realms would result in worse performance than 10,000 catalogs with the exact same setup. 10,000 catalogs in a realm is something I have seen personally, along with 1,000s of realms per deployment (on Kubernetes cluster, to be exact).

[dimas-b]

@lawrenz1 : if you're planning to use existing ASF Polaris images, please note that the set of allowed realm IDs currently has to be configured on catalog startup via the polaris.realm-context.realms configuration option. Putting 10K realms there does not seem practical to me.

That said, I believe Polaris can be enhanced to support many realms without restart/reconfig, but that will require either a custom downstream build or some OSS code changes.

[lawrenz1]

Thanks all, so it sounds like 10000 catalogs is more feasible compared to realms atleast for now.

[flyrain]

To add to it, every realm configuration is static now. It's not possible if you want to dynamically add a realm for a new tenant without bootstrapping it and restarting the Polaris. We could improve on that as @dimas-b said, but not trivial effort.