Docs Self-Managed Reference Broker Configuration Template This is documentation for Self-Managed v23.3, which is no longer supported. To view the latest available version of the docs, see v24.3. Broker Configuration Template Sample configuration The following redpanda.yaml configuration file includes a complete list of all broker properties and their descriptions. For a summary of all available broker properties, see Broker Configuration Properties. This is not a valid Redpanda configuration file, but it shows the properties you can configure in the redpanda.yaml file. Ensure that all values entered are properly enclosed in quotes and escaped as necessary. For example, put passwords with special characters in single quotes. # organization and cluster_id help Redpanda identify your system. organization: "" cluster_id: "" redpanda: # Path where Redpanda keeps the data. # Required. data_directory: "var/lib/redpanda/data" # Unique ID identifying the broker in the cluster. # Optional. node_id: 1 # Controls how a new cluster is formed. This property must have the same value # in all brokers in a cluster. # Optional. empty_seed_starts_cluster: false # Enable the Admin API. # Default: true enable_admin_api: true # Admin API doc directory. # Default: /usr/share/redpanda/admin-api-doc admin_api_doc_dir: "/usr/share/redpanda/admin-api-doc" # Address and port of admin server. # Default: 127.0.0.1:9644 admin: address: "0.0.0.0" port: 9644 # TLS configuration for the admin server. # Default: null admin_api_tls: # Whether to enable TLS for the admin server. enabled: false # Require client authentication require_client_auth: false # The path to the server certificate PEM file. cert_file: "" # The path to the server key PEM file key_file: "" # The path to the truststore PEM file. Only required if client authentication # is enabled. truststore_file: "" # The IP address and port for the internal RPC server. # Default should be a real IP address because this is configuring advertised_rpc_api, not rpc_server. # Default: 127.0.0.1:33145 rpc_server: address: "0.0.0.0" port: 33145 # TLS configuration for the RPC server. # Default: null rpc_server_tls: # Whether to enable TLS for the RPC server. enabled: false # Require client authentication require_client_auth: false # The path to the server certificate PEM file. cert_file: "" # The path to the server key PEM file key_file: "" # The path to the truststore PEM file. Only required if client authentication # is enabled. truststore_file: "" # Address of RPC endpoint published to other cluster members. # Default: 0.0.0.0:33145 advertised_rpc_api: address: "127.0.0.1" port: 33145 # Multiple listeners are supported per KIP-103. # The names must match those in advertised_kafka_api kafka_api: - address: "0.0.0.0" name: internal port: 9092 - address: "0.0.0.0" name: external port: 9093 # A list of TLS configurations for the Kafka API listeners. # Default: null kafka_api_tls: # The name of the specific listener to which this config # is applied. The names must match those in kafka_api. - name: "external" # Whether to enable TLS for the Kafka API. enabled: true # Require client authentication require_client_auth: false # The path to the server certificate PEM file. cert_file: "certs/tls-cert.pem" # The path to the server key PEM file key_file: "certs/tls-key.pem" # The path to the truststore PEM file. Only required if client authentication # is enabled. truststore_file: "certs/tls-ca.pem" - name: "internal" enabled: false # Multiple listeners are supported per KIP-103. # The names must match those in kafka_api # Default should be a real IP address because this is configuring advertised_rpc_api, not rpc_server. advertised_kafka_api: - address: 10.0.0.1 name: internal port: 9092 - address: redpanda-0.my.domain.com. name: external port: 9093 # List of the seed server addresses and ports used to join current cluster. # If the seed_server list is empty, the broker is a cluster root and forms a new cluster. # Default: [] seed_servers: - host: address: 192.168.0.1 port: 33145 # Rack identifier. # Default: null rack: "rack-id" # The Redpanda REST API provides a RESTful interface for producing and consuming messages with Redpanda. # To disable the REST API, remove this top-level config broker pandaproxy: # A list of address and port to listen for Kafka REST API requests. # Default: 0.0.0.0:8082 pandaproxy_api: - address: "0.0.0.0" name: internal port: 8082 - address: "0.0.0.0" name: external port: 8083 # A list of TLS configurations for the REST API. # Default: null pandaproxy_api_tls: - name: external # Whether to enable TLS. enabled: false # Require client authentication require_client_auth: false # The path to the server certificate PEM file. cert_file: "" # The path to the server key PEM file key_file: "" # The path to the truststore PEM file. Only required if client # authentication is enabled. truststore_file: "" - name: internal enabled: false # A list of address and port for the REST API to publish to client # Default: from pandaproxy_api # Default should be a real IP address because this is configuring advertised_rpc_api, not rpc_server. advertised_pandaproxy_api: - address: 10.0.0.1 name: internal port: 8082 - address: "redpanda-rest-0.my.domain.com." name: external port: 8083 # How long to wait for an idle consumer before removing it. # Default: 60000 consumer_instance_timeout_ms: 60000 # The REST API client pandaproxy_client: # List of address and port of the brokers # Default: "127.0.0.1:9092 brokers: - address: "127.0.0.1" port: 9092 # TLS configuration for the brokers broker_tls: # Whether to enable TLS. enabled: false # Require client authentication require_client_auth: false # The path to the server certificate PEM file. cert_file: "" # The path to the server key PEM file key_file: "" # The path to the truststore PEM file. Only required if client authentication # is enabled. truststore_file: "" # Number of times to retry a request to a broker # Default: 5 retries: 5 # Delay (in milliseconds) for initial retry backoff # Default: 100ms retry_base_backoff_ms: 100 # Number of records to batch before sending to broker # Default: 1000 produce_batch_record_count: 1000 # Number of bytes to batch before sending to broker # Defautl 1MiB produce_batch_size_bytes: 1048576 # Delay (in milliseconds) to wait before sending batch # Default: 100ms produce_batch_delay_ms: 100 # Interval (in milliseconds) for consumer request timeout # Default: 100ms consumer_request_timeout_ms: 100 # Max bytes to fetch per request # Default: 1MiB consumer_request_max_bytes: 1048576 # Timeout (in milliseconds) for consumer session # Default: 10s consumer_session_timeout_ms: 10000 # Timeout (in milliseconds) for consumer rebalance # Default: 2s consumer_rebalance_timeout_ms: 2000 # Interval (in milliseconds) for consumer heartbeats # Default: 500ms consumer_heartbeat_interval_ms: 500 # SASL mechanism to use for authentication # Supported: SCRAM-SHA-{256,512} # Default: "" # Support for SASL is disabled when no mechanism is specified. sasl_mechanism: "" # Username for SCRAM authentication mechanisms # Default: "" scram_username: "" # Password for SCRAM authentication mechanisms # Default: "" scram_password: "" # The Schema Registry provides a RESTful interface for schema storage, retrieval, and compatibility. # To disable the Schema Registry, remove this top-level config broker schema_registry: # A list of address and port to listen for Schema Registry API requests. # Default: 0.0.0.0:8082 schema_registry_api: - address: "0.0.0.0" name: internal port: 8081 - address: "0.0.0.0" name: external port: 18081 # The replication factor of Schema Registry's internal storage topic schema_registry_replication_factor: 3 # A list of TLS configurations for the Schema Registry API. # Default: null schema_registry_api_tls: - name: external # Whether to enable TLS. enabled: false # Require client authentication require_client_auth: false # The path to the server certificate PEM file. cert_file: "" # The path to the server key PEM file key_file: "" # The path to the truststore PEM file. Only required if client # authentication is enabled. truststore_file: "" - name: internal enabled: false # The Schema Registry client config # See pandaproxy_client for a list of options schema_registry_client: rpk: # Add optional flags to have rpk start Redpanda with specific parameters. # The available start flags are found in: /src/v/config/configuration.cc additional_start_flags: - "--overprovisioned" - "--smp=2" - "--memory=4G" - "--default-log-level=info" # The Kafka API configuration kafka_api: # A list of broker addresses that rpk will use brokers: - 192.168.72.34:9092 - 192.168.72.35:9092 # The TLS configuration to be used when interacting with the Kafka API. # If present, TLS is enabled. If missing or null, TLS is disabled. tls: # The path to the client certificate (PEM). Only required if client authentication is # enabled in the broker. cert_file: ~/certs/cert.pem # The path to the client certificate key (PEM). Only required if client authentication is # enabled in the broker. key_file: ~/certs/key.pem # The path to the root CA certificate (PEM). truststore_file: ~/certs/ca.pem # The SASL config, if enabled in the brokers. sasl: user: user password: 'pass' type: SCRAM-SHA-256 # The Admin API configuration admin_api: # A list of the brokers' Admin API addresses that rpk will use. addresses: - 192.168.72.34:9644 - 192.168.72.35:9644 # The TLS configuration to be used when with the Admin API. # If present, TLS is enabled. If missing or null, TLS is disabled. tls: # The path to the client certificate (PEM). Only required if client authentication is # enabled in the broker. cert_file: ~/certs/admin-cert.pem # The path to the client certificate key (PEM). Only required if client authentication is # enabled in the broker. key_file: ~/certs/admin-key.pem # The path to the root CA certificate (PEM). truststore_file: ~/certs/admin-ca.pem # Available tuners. Set to true to enable, false to disable. # Setup NIC IRQs affinity, sets up NIC RPS and RFS, sets up NIC XPS, increases socket # listen backlog, increases the number of remembered connection requests, bans the # IRQ Balance service from moving distributed IRQs. # Default: false tune_network: false # Sets the preferred I/O scheduler for given block devices. # It can work using both the device name or a directory, in which the device where # directory is stored is optimized. Sets either 'none' or 'noop' scheduler # if supported. # Default: false tune_disk_scheduler: false # Disables IOPS merging. # Default: false tune_disk_nomerges: false # Distributes IRQs across cores with the method deemed the most appropriate for the # current device type (i.e. NVMe). # Default: false tune_disk_irq: false # Installs a systemd service to run fstrim weekly, or starts the default fstrim service # which comes with most Linux distributions. # Default: false tune_fstrim: false # Disables hyper-threading, sets the ACPI-cpufreq governor to 'performance'. Additionaly # if system reboot is allowed: disables Intel P-States, disables Intel C-States, # disables Turbo Boost. # Default: false tune_cpu: true # Increases the number of allowed asynchronous IO events. # Default: false tune_aio_events: false # Syncs NTP. # Default: false tune_clocksource: true # Tunes the kernel to prefer keeping processes in-memory instead of swapping them out. # Default: false tune_swappiness: false # Enables transparent hugepages (THP) to reduce TLB misses. # Default: false tune_transparent_hugepages: false # Enables memory locking. # Default: false enable_memory_locking: false # Installs a custom script to process coredumps and save them to the given directory. # Default: false tune_coredump: false # The directory where all coredumps are saved after they're processed. # Default: '' coredump_dir: "/var/lib/redpanda/coredump" # Creates a "ballast" file, so if a Redpanda broker runs out of space, # you can delete the ballast file to allow the broker to resume operations and then # delete a topic or records to reduce the space used by Redpanda. # Default: false tune_ballast_file: false # The path where the ballast file is created. # Default: "/var/lib/redpanda/data/ballast" ballast_file_path: "/var/lib/redpanda/data/ballast" # The ballast file size. # Default: "1GiB" ballast_file_size: "1GiB" # (Optional) The vendor, VM type, and storage device type that Redpanda runs on, in # the format <vendor>:<vm>:<storage>. This hints to rpk which configuration values it # should use for the Redpanda IO scheduler. # Default: '' well_known_io: "aws:i3.xlarge:default" Suggested reading Schema Registry Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution Topic Configuration Properties API and SDK Reference