Node Configuration Template
Sample configuration
The following redpanda.yaml configuration file includes a complete list of all node properties and their descriptions.
For a summary of all available node properties, see node configuration properties reference.
This is not a valid Redpanda configuration file, but it shows the properties you can configure in the redpanda.yaml file. Ensure that all values entered are properly enclosed in quotes and escaped as necessary. For example, put passwords with special characters in single quotes.
|
# organization and cluster_id help Redpanda identify your system.
organization: ""
cluster_id: ""
redpanda:
# Path where redpanda will keep the data.
# Required.
data_directory: "var/lib/redpanda/data"
# Unique ID identifying the node in the cluster.
# Optional.
node_id: 1
# Controls how a new cluster is formed. This property must have the same value
# in all nodes in a cluster.
# Optional.
empty_seed_starts_cluster: false
# Enable the admin API.
# Default: true
enable_admin_api: true
# Admin API doc directory.
# Default: /usr/share/redpanda/admin-api-doc
admin_api_doc_dir: "/usr/share/redpanda/admin-api-doc"
# Address and port of admin server.
# Default: 127.0.0.1:9644
admin:
address: "0.0.0.0"
port: 9644
# TLS configuration for the admin server.
# Default: null
admin_api_tls:
# Whether to enable TLS for the admin server.
enabled: false
# Require client authentication
require_client_auth: false
# The path to the server certificate PEM file.
cert_file: ""
# The path to the server key PEM file
key_file: ""
# The path to the truststore PEM file. Only required if client authentication
# is enabled.
truststore_file: ""
# The IP address and port for the internal RPC server.
# Default: 127.0.0.0:33145
rpc_server:
address: "0.0.0.0"
port: 33145
# TLS configuration for the RPC server.
# Default: null
rpc_server_tls:
# Whether to enable TLS for the RPC server.
enabled: false
# Require client authentication
require_client_auth: false
# The path to the server certificate PEM file.
cert_file: ""
# The path to the server key PEM file
key_file: ""
# The path to the truststore PEM file. Only required if client authentication
# is enabled.
truststore_file: ""
# Address of RPC endpoint published to other cluster members.
# Default: 0.0.0.0:33145
advertised_rpc_api:
address: "0.0.0.0"
port: 33145
# Multiple listeners are also supported as per KIP-103.
# The names must match those in advertised_kafka_api
kafka_api:
- address: "0.0.0.0"
name: internal
port: 9092
- address: "0.0.0.0"
name: external
port: 9093
# A list of TLS configurations for the Kafka API listeners.
# Default: null
kafka_api_tls:
# The name of the specific listener this TLS to which this config
# will be applied. The names must match those in kafka_api.
- name: "external"
# Whether to enable TLS for the Kafka API.
enabled: true
# Require client authentication
require_client_auth: false
# The path to the server certificate PEM file.
cert_file: "certs/tls-cert.pem"
# The path to the server key PEM file
key_file: "certs/tls-key.pem"
# The path to the truststore PEM file. Only required if client authentication
# is enabled.
truststore_file: "certs/tls-ca.pem"
- name: "internal"
enabled: false
# Multiple listeners are also supported as per KIP-103.
# The names must match those in kafka_api
advertised_kafka_api:
- address: 0.0.0.0
name: internal
port: 9092
- address: redpanda-0.my.domain.com.
name: external
port: 9093
# List of the seed server addresses and ports used to join current cluster.
# If the seed_server list is empty the node will be a cluster root and it will form a new cluster.
# Default: []
seed_servers:
- host:
address: 192.168.0.1
port: 33145
# Rack identifier.
# Default: null
rack: "rack-id"
# The redpanda REST API provides a RESTful interface for producing and consuming messages with redpanda.
# To disable the REST API, remove this top-level config node
pandaproxy:
# A list of address and port to listen for Kafka REST API requests.
# Default: 0.0.0.0:8082
pandaproxy_api:
- address: "0.0.0.0"
name: internal
port: 8082
- address: "0.0.0.0"
name: external
port: 8083
# A list of TLS configurations for the REST API.
# Default: null
pandaproxy_api_tls:
- name: external
# Whether to enable TLS.
enabled: false
# Require client authentication
require_client_auth: false
# The path to the server certificate PEM file.
cert_file: ""
# The path to the server key PEM file
key_file: ""
# The path to the truststore PEM file. Only required if client
# authentication is enabled.
truststore_file: ""
- name: internal
enabled: false
# A list of address and port for the REST API to publish to client
# Default: from pandaproxy_api
advertised_pandaproxy_api:
- address: 0.0.0.0
name: internal
port: 8082
- address: "redpanda-rest-0.my.domain.com."
name: external
port: 8083
# How long to wait for an idle consumer before removing it.
# Default: 60000
consumer_instance_timeout_ms: 60000
# The REST API client
pandaproxy_client:
# List of address and port of the brokers
# Default: "127.0.0.1:9092
brokers:
- address: "127.0.0.1"
port: 9092
# TLS configuration for the brokers
broker_tls:
# Whether to enable TLS.
enabled: false
# Require client authentication
require_client_auth: false
# The path to the server certificate PEM file.
cert_file: ""
# The path to the server key PEM file
key_file: ""
# The path to the truststore PEM file. Only required if client authentication
# is enabled.
truststore_file: ""
# Number of times to retry a request to a broker
# Default: 5
retries: 5
# Delay (in milliseconds) for initial retry backoff
# Default: 100ms
retry_base_backoff_ms: 100
# Number of records to batch before sending to broker
# Default: 1000
produce_batch_record_count: 1000
# Number of bytes to batch before sending to broker
# Defautl 1MiB
produce_batch_size_bytes: 1048576
# Delay (in milliseconds) to wait before sending batch
# Default: 100ms
produce_batch_delay_ms: 100
# Interval (in milliseconds) for consumer request timeout
# Default: 100ms
consumer_request_timeout_ms: 100
# Max bytes to fetch per request
# Default: 1MiB
consumer_request_max_bytes: 1048576
# Timeout (in milliseconds) for consumer session
# Default: 10s
consumer_session_timeout_ms: 10000
# Timeout (in milliseconds) for consumer rebalance
# Default: 2s
consumer_rebalance_timeout_ms: 2000
# Interval (in milliseconds) for consumer heartbeats
# Default: 500ms
consumer_heartbeat_interval_ms: 500
# SASL mechanism to use for authentication
# Supported: SCRAM-SHA-{256,512}
# Default: ""
# Support for SASL is disabled when no mechanism is specified.
sasl_mechanism: ""
# Username for SCRAM authentication mechanisms
# Default: ""
scram_username: ""
# Password for SCRAM authentication mechanisms
# Default: ""
scram_password: ""
# The Schema Registry provides a RESTful interface for Schema storage, retrieval, and compatibility.
# To disable the Schema Registry, remove this top-level config node
schema_registry:
# A list of address and port to listen for Schema Registry API requests.
# Default: 0.0.0.0:8082
schema_registry_api:
- address: "0.0.0.0"
name: internal
port: 8081
- address: "0.0.0.0"
name: external
port: 18081
# The replication factor of Schema Registry's internal storage topic
schema_registry_replication_factor: 3
# A list of TLS configurations for the Schema Registry API.
# Default: null
schema_registry_api_tls:
- name: external
# Whether to enable TLS.
enabled: false
# Require client authentication
require_client_auth: false
# The path to the server certificate PEM file.
cert_file: ""
# The path to the server key PEM file
key_file: ""
# The path to the truststore PEM file. Only required if client
# authentication is enabled.
truststore_file: ""
- name: internal
enabled: false
# The Schema Registry client config
# See pandaproxy_client for a list of options
schema_registry_client:
rpk:
# Add optional flags to have rpk start redpanda with specific parameters.
# The available start flags are found in: /src/v/config/configuration.cc
additional_start_flags:
- "--overprovisioned"
- "--smp=2"
- "--memory=4G"
- "--default-log-level=info"
# The Kafka API configuration
kafka_api:
# A list of broker addresses that rpk will use
brokers:
- 192.168.72.34:9092
- 192.168.72.35:9092
# The TLS configuration to be used when interacting with the Kafka API.
# If present, TLS will be enabled. If missing or null, TLS will be disabled.
tls:
# The path to the client certificate (PEM). Only required if client authentication is
# enabled in the broker.
cert_file: ~/certs/cert.pem
# The path to the client certificate key (PEM). Only required if client authentication is
# enabled in the broker.
key_file: ~/certs/key.pem
# The path to the root CA certificate (PEM).
truststore_file: ~/certs/ca.pem
# The SASL config, if enabled in the brokers.
sasl:
user: user
password: 'pass'
type: SCRAM-SHA-256
# The Admin API configuration
admin_api:
# A list of the nodes' admin API addresses that rpk will use.
addresses:
- 192.168.72.34:9644
- 192.168.72.35:9644
# The TLS configuration to be used when with the Admin API.
# If present, TLS will be enabled. If missing or null, TLS will be disabled.
tls:
# The path to the client certificate (PEM). Only required if client authentication is
# enabled in the broker.
cert_file: ~/certs/admin-cert.pem
# The path to the client certificate key (PEM). Only required if client authentication is
# enabled in the broker.
key_file: ~/certs/admin-key.pem
# The path to the root CA certificate (PEM).
truststore_file: ~/certs/admin-ca.pem
# Available tuners. Set to true to enable, false to disable.
# Setup NIC IRQs affinity, sets up NIC RPS and RFS, sets up NIC XPS, increases socket
# listen backlog, increases the number of remembered connection requests, bans the
# IRQ Balance service from moving distributed IRQs.
# Default: false
tune_network: false
# Sets the preferred I/O scheduler for given block devices.
# It can work using both the device name or a directory, in which the device where
# directory is stored will be optimized. Sets either 'none' or 'noop' scheduler
# if supported.
# Default: false
tune_disk_scheduler: false
# Disables IOPS merging.
# Default: false
tune_disk_nomerges: false
# Distributes IRQs across cores with the method deemed the most appropriate for the
# current device type (i.e. NVMe).
# Default: false
tune_disk_irq: false
# Installs a systemd service to run fstrim weekly, or starts the default fstrim service
# which comes with most Linux distributions.
# Default: false
tune_fstrim: false
# Disables hyper-threading, sets the ACPI-cpufreq governor to 'performance'. Additionaly
# if system reboot is allowed: disables Intel P-States, disables Intel C-States,
# disables Turbo Boost.
# Default: false
tune_cpu: true
# Increases the number of allowed asynchronous IO events.
# Default: false
tune_aio_events: false
# Syncs NTP.
# Default: false
tune_clocksource: true
# Tunes the kernel to prefer keeping processes in-memory instead of swapping them out.
# Default: false
tune_swappiness: false
# Enables transparent hugepages (THP) to reduce TLB misses.
# Default: false
tune_transparent_hugepages: false
# Enables memory locking.
# Default: false
enable_memory_locking: false
# Installs a custom script to process coredumps and save them to the given directory.
# Default: false
tune_coredump: false
# The directory where all coredumps will be saved after they're processed.
# Default: ''
coredump_dir: "/var/lib/redpanda/coredump"
# Creates a "ballast" file so that, if a Redpanda node runs out of space,
# you can delete the ballast file to allow the node to resume operations and then
# delete a topic or records to reduce the space used by Redpanda.
# Default: false
tune_ballast_file: false
# The path where the ballast file will be created.
# Default: "/var/lib/redpanda/data/ballast"
ballast_file_path: "/var/lib/redpanda/data/ballast"
# The ballast file size.
# Default: "1GiB"
ballast_file_size: "1GiB"
# (Optional) The vendor, VM type and storage device type that redpanda will run on, in
# the format <vendor>:<vm>:<storage>. This hints to rpk which configuration values it
# should use for the redpanda IO scheduler.
# Default: ''
well_known_io: "aws:i3.xlarge:default"Was this helpful?