Node Configuration Template

Sample configuration

The following redpanda.yaml configuration file includes a complete list of all node properties and their descriptions. For a summary of all available node properties refer to node configuration properties reference.

This is not a valid Redpanda configuration file, but it shows the parameters that you can configure in the redpanda.yaml file.
# organization and cluster_id help Redpanda identify your system.
organization: ""
cluster_id: ""

redpanda:
  # Path where redpanda will keep the data.
  # Required.
  data_directory: "var/lib/redpanda/data"

  # Unique ID identifying the node in the cluster.
  # Required.
  node_id: 1

  # Enable the admin API.
  # Default: true
  enable_admin_api: true

  # Admin API doc directory.
  # Default: /usr/share/redpanda/admin-api-doc
  admin_api_doc_dir: "/usr/share/redpanda/admin-api-doc"

  # Address and port of admin server.
  # Default: 127.0.0.1:9644
  admin:
    address: "0.0.0.0"
    port: 9644

  # TLS configuration for the admin server.
  # Default: null
  admin_api_tls:
    # Whether to enable TLS for the admin server.
    enabled: false
    # Require client authentication
    require_client_auth: false
    # The path to the server certificate PEM file.
    cert_file: ""
    # The path to the server key PEM file
    key_file: ""
    # The path to the truststore PEM file. Only required if client authentication
    # is enabled.
    truststore_file: ""

  # The IP address and port for the internal RPC server.
  # Default: 127.0.0.0:33145
  rpc_server:
    address: "0.0.0.0"
    port: 33145

  # TLS configuration for the RPC server.
  # Default: null
  rpc_server_tls:
    # Whether to enable TLS for the RPC server.
    enabled: false
    # Require client authentication
    require_client_auth: false
    # The path to the server certificate PEM file.
    cert_file: ""
    # The path to the server key PEM file
    key_file: ""
    # The path to the truststore PEM file. Only required if client authentication
    # is enabled.
    truststore_file: ""

  # Address of RPC endpoint published to other cluster members.
  # Default: 0.0.0.0:33145
  advertised_rpc_api:
    address: "0.0.0.0"
    port: 33145

  # Multiple listeners are also supported as per KIP-103.
  # The names must match those in advertised_kafka_api
  kafka_api:
  - address: "0.0.0.0"
    name: internal
    port: 9092
  - address: "0.0.0.0"
    name: external
    port: 9093

  # A list of TLS configurations for the Kafka API listeners.
  # Default: null
  kafka_api_tls:
    # The name of the specific listener this TLS to which this config
    # will be applied. The names must match those in kafka_api.
  - name: "external"
    # Whether to enable TLS for the Kafka API.
    enabled: true
    # Require client authentication
    require_client_auth: false
    # The path to the server certificate PEM file.
    cert_file: "certs/tls-cert.pem"
    # The path to the server key PEM file
    key_file: "certs/tls-key.pem"
    # The path to the truststore PEM file. Only required if client authentication
    # is enabled.
    truststore_file: "certs/tls-ca.pem"

  - name: "internal"
    enabled: false

  # Multiple listeners are also supported as per KIP-103.
  # The names must match those in kafka_api
  advertised_kafka_api:
  - address: 0.0.0.0
    name: internal
    port: 9092
  - address: redpanda-0.my.domain.com.
    name: external
    port: 9093

  # List of the seed server IP addresses and ports used to join current cluster.
  # If the seed_server list is empty the node will be a cluster root and it will form a new cluster.
  # Default: []
  seed_servers:
    - host:
      address: 192.168.0.1
      port: 33145

  # Rack identifier.
  # Default: null
  rack: "rack-id"

# The redpanda REST API provides a RESTful interface for producing and consuming messages with redpanda.
# To disable the REST API, remove this top-level config node
pandaproxy:
  # A list of address and port to listen for Kafka REST API requests.
  # Default: 0.0.0.0:8082
  pandaproxy_api:
  - address: "0.0.0.0"
    name: internal
    port: 8082
  - address: "0.0.0.0"
    name: external
    port: 8083

  # A list of TLS configurations for the REST API.
  # Default: null
  pandaproxy_api_tls:
  - name: external
    # Whether to enable TLS.
    enabled: false
    # Require client authentication
    require_client_auth: false
    # The path to the server certificate PEM file.
    cert_file: ""
    # The path to the server key PEM file
    key_file: ""
    # The path to the truststore PEM file. Only required if client
    # authentication is enabled.
    truststore_file: ""
  - name: internal
    enabled: false

  # A list of address and port for the REST API to publish to client
  # Default: from pandaproxy_api
  advertised_pandaproxy_api:
    - address: 0.0.0.0
      name: internal
      port: 8082
    - address: "redpanda-rest-0.my.domain.com."
      name: external
      port: 8083

  # How long to wait for an idle consumer before removing it.
  # Default: 60000
  consumer_instance_timeout_ms: 60000

# The REST API client
pandaproxy_client:
  # List of address and port of the brokers
  # Default: "127.0.0.1:9092
  brokers:
   - address: "127.0.0.1"
     port: 9092

  # TLS configuration for the brokers
  broker_tls:
    # Whether to enable TLS.
    enabled: false
    # Require client authentication
    require_client_auth: false
    # The path to the server certificate PEM file.
    cert_file: ""
    # The path to the server key PEM file
    key_file: ""
    # The path to the truststore PEM file. Only required if client authentication
    # is enabled.
    truststore_file: ""

  # Number of times to retry a request to a broker
  # Default: 5
  retries: 5

  # Delay (in milliseconds) for initial retry backoff
  # Default: 100ms
  retry_base_backoff_ms: 100

  # Number of records to batch before sending to broker
  # Default: 1000
  produce_batch_record_count: 1000

  # Number of bytes to batch before sending to broker
  # Defautl 1MiB
  produce_batch_size_bytes: 1048576

  # Delay (in milliseconds) to wait before sending batch
  # Default: 100ms
  produce_batch_delay_ms: 100

  # Interval (in milliseconds) for consumer request timeout
  # Default: 100ms
  consumer_request_timeout_ms: 100

  # Max bytes to fetch per request
  # Default: 1MiB
  consumer_request_max_bytes: 1048576

  # Timeout (in milliseconds) for consumer session
  # Default: 10s
  consumer_session_timeout_ms: 10000

  # Timeout (in milliseconds) for consumer rebalance
  # Default: 2s
  consumer_rebalance_timeout_ms: 2000

  # Interval (in milliseconds) for consumer heartbeats
  # Default: 500ms
  consumer_heartbeat_interval_ms: 500

  # SASL mechanism to use for authentication
  # Supported: SCRAM-SHA-{256,512}
  # Default: ""
  # Support for SASL is disabled when no mechanism is specified.
  sasl_mechanism: ""

  # Username for SCRAM authentication mechanisms
  # Default: ""
  scram_username: ""

  # Password for SCRAM authentication mechanisms
  # Default: ""
  scram_password: ""

# The Schema Registry provides a RESTful interface for Schema storage, retrieval, and compatibility.
# To disable the Schema Registry, remove this top-level config node
schema_registry:
  # A list of address and port to listen for Schema Registry API requests.
  # Default: 0.0.0.0:8082
  schema_registry_api:
  - address: "0.0.0.0"
    name: internal
    port: 8081
  - address: "0.0.0.0"
    name: external
    port: 18081

  # The replication factor of Schema Registry's internal storage topic
  schema_registry_replication_factor: 3

  # A list of TLS configurations for the Schema Registry API.
  # Default: null
  schema_registry_api_tls:
  - name: external
    # Whether to enable TLS.
    enabled: false
    # Require client authentication
    require_client_auth: false
    # The path to the server certificate PEM file.
    cert_file: ""
    # The path to the server key PEM file
    key_file: ""
    # The path to the truststore PEM file. Only required if client
    # authentication is enabled.
    truststore_file: ""
  - name: internal
    enabled: false

# The Schema Registry client config
# See pandaproxy_client for a list of options
schema_registry_client:

rpk:
  # Add optional flags to have rpk start redpanda with specific parameters.
  # The available start flags are found in: /src/v/config/configuration.cc
  additional_start_flags:
    - "--overprovisioned"
    - "--smp=2"
    - "--memory=4G"
    - "--default-log-level=info"

  # The Kafka API configuration
  kafka_api:
    # A list of broker addresses that rpk will use
    brokers:
    - 192.168.72.34:9092
    - 192.168.72.35:9092

    # The TLS configuration to be used when interacting with the Kafka API.
    # If present, TLS will be enabled. If missing or null, TLS will be disabled.
    tls:
      # The path to the client certificate (PEM). Only required if client authentication is
      # enabled in the broker.
      cert_file: ~/certs/cert.pem
      # The path to the client certificate key (PEM). Only required if client authentication is
      # enabled in the broker.
      key_file: ~/certs/key.pem
      # The path to the root CA certificate (PEM).
      truststore_file: ~/certs/ca.pem

    # The SASL config, if enabled in the brokers.
    sasl:
      user: user
      password: pass
      type: SCRAM-SHA-256

  # The Admin API configuration
  admin_api:
    # A list of the nodes' admin API addresses that rpk will use.
    addresses:
    - 192.168.72.34:9644
    - 192.168.72.35:9644
    # The TLS configuration to be used when with the Admin API.
    # If present, TLS will be enabled. If missing or null, TLS will be disabled.
    tls:
      # The path to the client certificate (PEM). Only required if client authentication is
      # enabled in the broker.
      cert_file: ~/certs/admin-cert.pem
      # The path to the client certificate key (PEM). Only required if client authentication is
      # enabled in the broker.
      key_file: ~/certs/admin-key.pem
      # The path to the root CA certificate (PEM).
      truststore_file: ~/certs/admin-ca.pem

  # Available tuners. Set to true to enable, false to disable.

  # Setup NIC IRQs affinity, sets up NIC RPS and RFS, sets up NIC XPS, increases socket
  # listen backlog, increases the number of remembered connection requests, bans the
  # IRQ Balance service from moving distributed IRQs.
  # Default: false
  tune_network: false

  # Sets the preferred I/O scheduler for given block devices.
  # It can work using both the device name or a directory, in which the device where
  # directory is stored will be optimized. Sets either 'none' or 'noop' scheduler
  # if supported.
  # Default: false
  tune_disk_scheduler: false

  # Disables IOPS merging.
  # Default: false
  tune_disk_nomerges: false

  # Distributes IRQs across cores with the method deemed the most appropriate for the
  # current device type (i.e. NVMe).
  # Default: false
  tune_disk_irq: false

  # Installs a systemd service to run fstrim weekly, or starts the default fstrim service
  # which comes with most Linux distributions.
  # Default: false
  tune_fstrim: false

  # Disables hyper-threading, sets the ACPI-cpufreq governor to 'performance'. Additionaly
  # if system reboot is allowed: disables Intel P-States, disables Intel C-States,
  # disables Turbo Boost.
  # Default: false
  tune_cpu: true

  # Increases the number of allowed asynchronous IO events.
  # Default: false
  tune_aio_events: false

  # Syncs NTP.
  # Default: false
  tune_clocksource: true

  # Tunes the kernel to prefer keeping processes in-memory instead of swapping them out.
  # Default: false
  tune_swappiness: false

  # Enables transparent hugepages (THP) to reduce TLB misses.
  # Default: false
  tune_transparent_hugepages: false

  # Enables memory locking.
  # Default: false
  enable_memory_locking: false

  # Installs a custom script to process coredumps and save them to the given directory.
  # Default: false
  tune_coredump: false

  # The directory where all coredumps will be saved after they're processed.
  # Default: ''
  coredump_dir: "/var/lib/redpanda/coredump"

  # Creates a "ballast" file so that, if a Redpanda node runs out of space,
  # you can delete the ballast file to allow the node to resume operations and then
  # delete a topic or records to reduce the space used by Redpanda.
  # Default: false
  tune_ballast_file: false

  # The path where the ballast file will be created.
  # Default: "/var/lib/redpanda/data/ballast"
  ballast_file_path: "/var/lib/redpanda/data/ballast"

  # The ballast file size.
  # Default: "1GiB"
  ballast_file_size: "1GiB"

  # (Optional) The vendor, VM type and storage device type that redpanda will run on, in
  # the format <vendor>:<vm>:<storage>. This hints to rpk which configuration values it
  # should use for the redpanda IO scheduler.
  # Default: ''
  well_known_io: "aws:i3.xlarge:default"

Suggested reading

  • Working with schema registry article