Redpanda Helm Chart Specification

Version: 5.8.13 Type: application AppVersion: v24.1.11

This page describes the official Redpanda Helm Chart. In particular, this page describes the contents of the chart’s values.yaml file. Each of the settings is listed and described on this page, along with any default values.

For instructions on how to install and use the chart, including how to override and customize the chart’s values, refer to the deployment documentation.


Autogenerated from chart metadata using helm-docs v1.11.0

Requirements

Kubernetes: ^1.21.0-0

Repository Name Version

https://charts.redpanda.com

connectors

>=0.1.2 <1.0

https://charts.redpanda.com

console

>=0.5 <1.0

Settings

affinity

Affinity constraints for scheduling Pods, can override this for StatefulSets and Jobs. For details, see the Kubernetes documentation.

Default: {}

auditLogging

Audit logging for a redpanda cluster, must have enabled sasl and have one kafka listener supporting sasl authentication for audit logging to work. Note this feature is only available for redpanda versions >= v23.3.0.

Default:

{"clientMaxBufferSize":16777216,"enabled":false,"enabledEventTypes":null,"excludedPrincipals":null,"excludedTopics":null,"listener":"internal","partitions":12,"queueDrainIntervalMs":500,"queueMaxBufferSizePerShard":1048576,"replicationFactor":null}

auditLogging.clientMaxBufferSize

Defines the number of bytes (in bytes) allocated by the internal audit client for audit messages.

Default: 16777216

auditLogging.enabled

Enable or disable audit logging, for production clusters we suggest you enable, however, this will only work if you also enable sasl and a listener with sasl enabled.

Default: false

auditLogging.enabledEventTypes

Event types that should be captured by audit logs, default is [admin, authenticate, management].

Default: nil

auditLogging.excludedPrincipals

List of principals to exclude from auditing, default is null.

Default: nil

auditLogging.excludedTopics

List of topics to exclude from auditing, default is null.

Default: nil

auditLogging.listener

Kafka listener name, note that it must have authenticationMethod set to sasl. For external listeners, use the external listener name, such as default.

Default: "internal"

auditLogging.partitions

Integer value defining the number of partitions used by a newly created audit topic.

Default: 12

auditLogging.queueDrainIntervalMs

In ms, frequency in which per shard audit logs are batched to client for write to audit log.

Default: 500

auditLogging.queueMaxBufferSizePerShard

Defines the maximum amount of memory used (in bytes) by the audit buffer in each shard.

Default: 1048576

auditLogging.replicationFactor

Defines the replication factor for a newly created audit log topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided, Redpanda will use the internal_topic_replication_factor cluster config value. Default is null

Default: nil

auth

Authentication settings. For details, see the SASL documentation.

Default:

{"sasl":{"enabled":false,"mechanism":"SCRAM-SHA-512","secretRef":"redpanda-users","users":[]}}

auth.sasl.enabled

Enable SASL authentication. If you enable SASL authentication, you must provide a Secret in auth.sasl.secretRef.

Default: false

auth.sasl.mechanism

The authentication mechanism to use for the superuser. Options are SCRAM-SHA-256 and SCRAM-SHA-512.

Default: "SCRAM-SHA-512"

auth.sasl.secretRef

A Secret that contains your superuser credentials. For details, see the SASL documentation.

Default: "redpanda-users"

auth.sasl.users

Optional list of superusers. These superusers will be created in the Secret whose name is defined in auth.sasl.secretRef. If this list is empty, the Secret in auth.sasl.secretRef must already exist in the cluster before you deploy the chart. Uncomment the sample list if you wish to try adding sample sasl users or override to use your own.

Default: []

clusterDomain

Default Kubernetes cluster domain.

Default: "cluster.local"

commonLabels

Additional labels to add to all Kubernetes objects. For example, my.k8s.service: redpanda.

Default: {}

config

This section contains various settings supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these settings comes with some risk. Use these settings to customize various Redpanda configurations that are not covered in other sections. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup. For descriptions of these properties, see the configuration documentation.

Default:

{"cluster":{"default_topic_replications":3},"node":{"crash_loop_limit":5},"pandaproxy_client":{},"rpk":{},"schema_registry_client":{},"tunable":{"compacted_log_segment_size":67108864,"group_topic_partitions":16,"kafka_batch_max_bytes":1048576,"kafka_connection_rate_limit":1000,"log_segment_size":134217728,"log_segment_size_max":268435456,"log_segment_size_min":16777216,"max_compacted_log_segment_size":536870912,"topic_partitions_per_shard":1000}}

config.node

Node (broker) properties. See the property reference documentation.

Default: {"crash_loop_limit":5}

config.node.crash_loop_limit

Crash loop limit A limit on the number of consecutive times a broker can crash within one hour before its crash-tracking logic is reset. This limit prevents a broker from getting stuck in an infinite cycle of crashes. User can disable this crash loop limit check by the following action: * One hour elapses since the last crash * The node configuration file, redpanda.yaml, is updated via config.cluster or config.node or config.tunable objects * The startup_log file in the node’s data_directory is manually deleted Default to 5 REF: https://docs.redpanda.com/current/reference/node-properties/#crash_loop_limit

Default: 5

config.tunable

Tunable cluster properties.

Default:

{"compacted_log_segment_size":67108864,"group_topic_partitions":16,"kafka_batch_max_bytes":1048576,"kafka_connection_rate_limit":1000,"log_segment_size":134217728,"log_segment_size_max":268435456,"log_segment_size_min":16777216,"max_compacted_log_segment_size":536870912,"topic_partitions_per_shard":1000}

connectors

Redpanda Managed Connectors settings For a reference of configuration settings, see the Redpanda Connectors documentation.

Default:

{"deployment":{"create":false},"enabled":false,"test":{"create":false}}

console

Redpanda Console settings. For a reference of configuration settings, see the Redpanda Console documentation.

Default:

{"config":{},"configmap":{"create":false},"deployment":{"create":false},"enabled":true,"secret":{"create":false}}

enterprise

Enterprise (optional) For details, see the License documentation.

Default:

{"license":"","licenseSecretRef":{}}

enterprise.license

license (optional).

Default: ""

enterprise.licenseSecretRef

Secret name and key where the license key is stored.

Default: {}

external

External access settings. For details, see the Networking and Connectivity documentation.

Default:

{"enabled":true,"service":{"enabled":true},"type":"NodePort"}

external.enabled

Enable external access for each Service. You can toggle external access for each listener in listeners.<service name>.external.<listener-name>.enabled.

Default: true

external.service

Service allows you to manage the creation of an external kubernetes service object

Default: {"enabled":true}

external.service.enabled

Enabled if set to false will not create the external service type You can still set your cluster with external access but not create the supporting service (NodePort/LoadBalander). Set this to false if you rather manage your own service.

Default: true

external.type

External access type. Only NodePort and LoadBalancer are supported. If undefined, then advertised listeners will be configured in Redpanda, but the helm chart will not create a Service. You must create a Service manually. Warning: If you use LoadBalancers, you will likely experience higher latency and increased packet loss. NodePort is recommended in cases where latency is a priority.

Default: "NodePort"

fullnameOverride

Override redpanda.fullname template.

Default: ""

image

Redpanda Docker image settings.

Default:

{"pullPolicy":"IfNotPresent","repository":"docker.redpanda.com/redpandadata/redpanda","tag":""}

image.pullPolicy

The imagePullPolicy. If image.tag is latest', the default is `Always.

Default: "IfNotPresent"

image.repository

Docker repository from which to pull the Redpanda Docker image.

Default:

"docker.redpanda.com/redpandadata/redpanda"

image.tag

The Redpanda version. See DockerHub for: All stable versions and all unstable versions.

Default: Chart.appVersion.

imagePullSecrets

Pull secrets may be used to provide credentials to image repositories See the Kubernetes documentation.

Default: []

license_key

DEPRECATED Enterprise license key (optional). For details, see the License documentation.

Default: ""

license_secret_ref

DEPRECATED Secret name and secret key where the license key is stored.

Default: {}

listeners

Listener settings. Override global settings configured above for individual listeners. For details, see the listeners documentation.

Default:

{"admin":{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}},"http":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}},"kafka":{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}},"rpc":{"port":33145,"tls":{"cert":"default","requireClientAuth":false}},"schemaRegistry":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}}}

listeners.admin

Admin API listener (only one).

Default:

{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}}

listeners.admin.external

Optional external access settings.

Default:

{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}}

listeners.admin.external.default

Name of the external listener.

Default:

{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}

listeners.admin.external.default.tls

The port advertised to this listener’s external clients. List one port if you want to use the same port for each broker (would be the case when using NodePort service). Otherwise, list the port you want to use for each broker in order of StatefulSet replicas. If undefined, listeners.admin.port is used.

Default: {"cert":"external"}

listeners.admin.port

The port for both internal and external connections to the Admin API.

Default: 9644

listeners.admin.tls

Optional TLS section (required if global TLS is enabled)

Default:

{"cert":"default","requireClientAuth":false}

listeners.admin.tls.cert

Name of the Certificate used for TLS (must match a Certificate name that is registered in tls.certs).

Default: "default"

listeners.admin.tls.requireClientAuth

If true, the truststore file for this listener is included in the ConfigMap.

Default: false

listeners.http

HTTP API listeners (aka PandaProxy).

Default:

{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}}

listeners.kafka

Kafka API listeners.

Default:

{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}}

listeners.kafka.external.default.advertisedPorts

If undefined, listeners.kafka.external.default.port is used.

Default: [31092]

listeners.kafka.external.default.port

The port used for external client connections.

Default: 9094

listeners.kafka.port

The port for internal client connections.

Default: 9093

listeners.rpc

RPC listener (this is never externally accessible).

Default:

{"port":33145,"tls":{"cert":"default","requireClientAuth":false}}

listeners.schemaRegistry

Schema registry listeners.

Default:

{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}}

logging

Log-level settings.

Default:

{"logLevel":"info","usageStats":{"enabled":true}}

logging.logLevel

Log level Valid values (from least to most verbose) are: warn, info, debug, and trace.

Default: "info"

logging.usageStats

Send usage statistics back to Redpanda Data. For details, see the stats reporting documentation.

Default: {"enabled":true}

monitoring

Monitoring. This will create a ServiceMonitor that can be used by Prometheus-Operator or VictoriaMetrics-Operator to scrape the metrics.

Default:

{"enabled":false,"labels":{},"scrapeInterval":"30s"}

nameOverride

Override redpanda.name template.

Default: ""

nodeSelector

Node selection constraints for scheduling Pods, can override this for StatefulSets. For details, see the Kubernetes documentation.

Default: {}

post_install_job.enabled

Default: true

post_upgrade_job.enabled

Default: true

rackAwareness

Rack Awareness settings. For details, see the Rack Awareness documentation.

Default:

{"enabled":false,"nodeAnnotation":"topology.kubernetes.io/zone"}

rackAwareness.enabled

When running in multiple racks or availability zones, use a Kubernetes Node annotation value as the Redpanda rack value. Enabling this requires running with a service account with `get'' Node permissions. To have the Helm chart configure these permissions, set `serviceAccount.create=true and rbac.enabled=true.

Default: false

rackAwareness.nodeAnnotation

The common well-known annotation to use as the rack ID. Override this only if you use a custom Node annotation.

Default:

"topology.kubernetes.io/zone"

rbac

Role Based Access Control.

Default:

{"annotations":{},"enabled":false}

rbac.annotations

Annotations to add to the rbac resources.

Default: {}

rbac.enabled

Enable for features that need extra privileges. If you use the Redpanda Operator, you must deploy it with the --set rbac.createRPKBundleCRs=true flag to give it the required ClusterRoles.

Default: false

resources

Pod resource management. This section simplifies resource allocation by providing a single location where resources are defined. Helm sets these resource values within the statefulset.yaml and configmap.yaml templates. The default values are for a development environment. Production-level values and other considerations are documented, where those values are different from the default. For details, see the Pod resources documentation.

Default:

{"cpu":{"cores":1},"memory":{"container":{"max":"2.5Gi"}}}

resources.cpu

CPU resources. For details, see the Pod resources documentation.

Default: {"cores":1}

resources.cpu.cores

Redpanda makes use of a thread per core model. For details, see this blog. For this reason, Redpanda should only be given full cores. Note: You can increase cores, but decreasing cores is not currently supported. See the GitHub issue. This setting is equivalent to --smp, resources.requests.cpu, and resources.limits.cpu. For production, use 4 or greater. To maximize efficiency, use the static CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. See https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy.

Default: 1

resources.memory

Memory resources For details, see the Pod resources documentation.

Default:

{"container":{"max":"2.5Gi"}}

resources.memory.container

Enables memory locking. For production, set to true. enable_memory_locking: false It is recommended to have at least 2Gi of memory per core for the Redpanda binary. This memory is taken from the total memory given to each container. The Helm chart allocates 80% of the container’s memory to Redpanda, leaving the rest for the Seastar subsystem (reserveMemory) and other container processes. So at least 2.5Gi per core is recommended in order to ensure Redpanda has a full 2Gi. These values affect --memory and --reserve-memory flags passed to Redpanda and the memory requests/limits in the StatefulSet. Valid suffixes: k, M, G, T, P, Ki, Mi, Gi, Ti, Pi To create Guaranteed Pod QoS for Redpanda brokers, provide both container max and min values for the container. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a memory limit and a memory request. * For every container in the Pod, the memory limit must equal the memory request.

Default: {"max":"2.5Gi"}

resources.memory.container.max

Maximum memory count for each Redpanda broker. Equivalent to resources.limits.memory. For production, use 10Gi or greater.

Default: "2.5Gi"

serviceAccount

Service account management.

Default:

{"annotations":{},"create":false,"name":""}

serviceAccount.annotations

Annotations to add to the service account.

Default: {}

serviceAccount.create

Specifies whether a service account should be created.

Default: false

serviceAccount.name

The name of the service account to use. If not set and serviceAccount.create is true, a name is generated using the redpanda.fullname template.

Default: ""

statefulset.additionalRedpandaCmdFlags

Additional flags to pass to redpanda,

Default: []

statefulset.additionalSelectorLabels

Additional labels to be added to statefulset label selector. For example, my.k8s.service: redpanda.

Default: {}

statefulset.annotations

DEPRECATED Please use statefulset.podTemplate.annotations. Annotations are used only for Statefulset.spec.template.metadata.annotations. The StatefulSet does not have any dedicated annotation.

Default: {}

statefulset.initContainers.configurator.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.

Default: {}

statefulset.initContainers.fsValidator.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.

Default: {}

statefulset.initContainers.setDataDirOwnership.enabled

In environments where root is not allowed, you cannot change the ownership of files and directories. Enable setDataDirOwnership when using default minikube cluster configuration.

Default: false

statefulset.initContainers.setDataDirOwnership.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.

Default: {}

statefulset.initContainers.setTieredStorageCacheDirOwnership.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.

Default: {}

statefulset.initContainers.tuning.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.

Default: {}

statefulset.nodeSelector

Node selection constraints for scheduling Pods of this StatefulSet. These constraints override the global nodeSelector value. For details, see the Kubernetes documentation.

Default: {}

statefulset.podAffinity

Inter-Pod Affinity rules for scheduling Pods of this StatefulSet. For details, see the Kubernetes documentation.

Default: {}

statefulset.podAntiAffinity

Anti-affinity rules for scheduling Pods of this StatefulSet. For details, see the Kubernetes documentation. You may either edit the default settings for anti-affinity rules, or specify new anti-affinity rules to use instead of the defaults.

Default:

{"custom":{},"topologyKey":"kubernetes.io/hostname","type":"hard","weight":100}

statefulset.podAntiAffinity.custom

Change podAntiAffinity.type to custom and provide your own podAntiAffinity rules here.

Default: {}

statefulset.podAntiAffinity.topologyKey

The topologyKey to be used. Can be used to spread across different nodes, AZs, regions etc.

Default: "kubernetes.io/hostname"

statefulset.podAntiAffinity.type

Valid anti-affinity types are soft, hard, or custom. Use custom if you want to supply your own anti-affinity rules in the podAntiAffinity.custom object.

Default: "hard"

statefulset.podAntiAffinity.weight

Weight for soft anti-affinity rules. Does not apply to other anti-affinity types.

Default: 100

statefulset.podTemplate.annotations

Additional annotations to apply to the Pods of this StatefulSet.

Default: {}

statefulset.podTemplate.labels

Additional labels to apply to the Pods of this StatefulSet.

Default: {}

statefulset.podTemplate.spec

A subset of Kubernetes’ PodSpec type that will be merged into the redpanda StatefulSet via a strategic merge patch.

Default: {"containers":[]}

statefulset.priorityClassName

PriorityClassName given to Pods of this StatefulSet. For details, see the Kubernetes documentation.

Default: ""

statefulset.replicas

Number of Redpanda brokers (Redpanda Data recommends setting this to the number of worker nodes in the cluster)

Default: 3

statefulset.sideCars.configWatcher.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a memory limit and a memory request. * For every container in the Pod, the memory limit must equal the memory request. * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. To maximize efficiency, use the static CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. For details, see https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy

Default: {}

statefulset.sideCars.controllers.image.repository

Default:

"docker.redpanda.com/redpandadata/redpanda-operator"

statefulset.sideCars.controllers.image.tag

Default: "v2.1.10-23.2.18"

statefulset.sideCars.controllers.resources

To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. To maximize efficiency, use the static CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. For details, see https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy

Default: {}

statefulset.startupProbe

Adjust the period for your probes to meet your needs. For details, see the Kubernetes documentation.

Default:

{"failureThreshold":120,"initialDelaySeconds":1,"periodSeconds":10}

statefulset.terminationGracePeriodSeconds

Termination grace period in seconds is time required to execute preStop hook which puts particular Redpanda Pod (process/container) into maintenance mode. Before settle down on particular value please put Redpanda under load and perform rolling upgrade or rolling restart. That value needs to accommodate two processes: * preStop hook needs to put Redpanda into maintenance mode * after preStop hook Redpanda needs to handle gracefully SIGTERM signal Both processes are executed sequentially where preStop hook has hard deadline in the middle of terminationGracePeriodSeconds. REF: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination

Default: 90

statefulset.tolerations

Taints to be tolerated by Pods of this StatefulSet. These tolerations override the global tolerations value. For details, see the Kubernetes documentation.

Default: []

statefulset.topologySpreadConstraints[0].topologyKey

Default:

"topology.kubernetes.io/zone"

statefulset.updateStrategy.type

Default: "RollingUpdate"

storage

Persistence settings. For details, see the storage documentation.

Default:

{"hostPath":"","persistentVolume":{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""},"tiered":{"config":{"cloud_storage_access_key":"","cloud_storage_api_endpoint":"","cloud_storage_azure_container":null,"cloud_storage_azure_managed_identity_id":null,"cloud_storage_azure_shared_key":null,"cloud_storage_azure_storage_account":null,"cloud_storage_bucket":"","cloud_storage_cache_size":5368709120,"cloud_storage_credentials_source":"config_file","cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false,"cloud_storage_region":"","cloud_storage_secret_key":""},"credentialsSecretRef":{"accessKey":{"configurationKey":"cloud_storage_access_key"},"secretKey":{"configurationKey":"cloud_storage_secret_key"}},"hostPath":"","mountType":"emptyDir","persistentVolume":{"annotations":{},"labels":{},"storageClass":""}}}

storage.hostPath

Absolute path on the host to store Redpanda’s data. If unspecified, then an emptyDir volume is used. If specified but persistentVolume.enabled is true, storage.hostPath has no effect.

Default: ""

storage.persistentVolume

If persistentVolume.enabled is true, a PersistentVolumeClaim is created and used to store Redpanda’s data. Otherwise, storage.hostPath is used.

Default:

{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""}

storage.persistentVolume.annotations

Additional annotations to apply to the created PersistentVolumeClaims.

Default: {}

storage.persistentVolume.labels

Additional labels to apply to the created PersistentVolumeClaims.

Default: {}

storage.persistentVolume.nameOverwrite

Option to change volume claim template name for tiered storage persistent volume if tiered.mountType is set to persistentVolume

Default: ""

storage.persistentVolume.storageClass

To disable dynamic provisioning, set to -. If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack).

Default: ""

storage.tiered.config

Tiered Storage settings Requires enterprise.licenseKey or enterprised.licenseSecretRef For details, see the Tiered Storage documentation.

Default:

{"cloud_storage_access_key":"","cloud_storage_api_endpoint":"","cloud_storage_azure_container":null,"cloud_storage_azure_managed_identity_id":null,"cloud_storage_azure_shared_key":null,"cloud_storage_azure_storage_account":null,"cloud_storage_bucket":"","cloud_storage_cache_size":5368709120,"cloud_storage_credentials_source":"config_file","cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false,"cloud_storage_region":"","cloud_storage_secret_key":""}

storage.tiered.config.cloud_storage_access_key

AWS or GCP access key (required for AWS and GCP authentication with access keys). See the property reference documentation.

Default: ""

storage.tiered.config.cloud_storage_api_endpoint

AWS or GCP API endpoint. * For AWS, this can be left blank as it is generated automatically using the bucket and region. For example, <bucket>.s3.<region>.amazonaws.com. * For GCP, use storage.googleapis.com See the property reference documentation.

Default: ""

storage.tiered.config.cloud_storage_azure_container

Name of the Azure container to use with Tiered Storage (required for ABS/ADLS). Note that the container must belong to the account specified by cloud_storage_azure_storage_account. See the property reference documentation.

Default: nil

storage.tiered.config.cloud_storage_azure_shared_key

Shared key to be used for Azure Shared Key authentication with the Azure storage account specified by cloud_storage_azure_storage_account. Note that the key should be base64 encoded. See the property reference documentation.

Default: nil

storage.tiered.config.cloud_storage_azure_storage_account

Name of the Azure storage account to use with Tiered Storage (required for ABS/ADLS). See the property reference documentation.

Default: nil

storage.tiered.config.cloud_storage_bucket

AWS or GCP bucket name used for Tiered Storage (required for AWS and GCP). See the property reference documentation.

Default: ""

storage.tiered.config.cloud_storage_cache_size

Maximum size of the disk cache used by Tiered Storage. Default is 20 GiB. See the property reference documentation.

Default: 5368709120

storage.tiered.config.cloud_storage_credentials_source

Source of credentials used to connect to cloud services (required for AWS and GCP authentication with IAM roles). * config_file * aws_instance_metadata * sts * gcp_instance_metadata * azure_aks_oidc_federation * azure_vm_instance_metadata See the property reference documentation.

Default: "config_file"

storage.tiered.config.cloud_storage_enable_remote_read

Cluster level default remote read configuration for new topics. See the property reference documentation.

Default: true

storage.tiered.config.cloud_storage_enable_remote_write

Cluster level default remote write configuration for new topics. See the property reference documentation.

Default: true

storage.tiered.config.cloud_storage_enabled

Global flag that enables Tiered Storage if a license key is provided. See the property reference documentation.

Default: false

storage.tiered.config.cloud_storage_region

AWS or GCP region for where the bucket used for Tiered Storage is located (required for AWS and GCP). See the property reference documentation.

Default: ""

storage.tiered.config.cloud_storage_secret_key

AWS or GCP secret key (required for AWS and GCP authentication with access keys). See the property reference documentation.

Default: ""

storage.tiered.hostPath

Absolute path on the host to store Redpanda’s Tiered Storage cache.

Default: ""

storage.tiered.persistentVolume.annotations

Additional annotations to apply to the created PersistentVolumeClaims.

Default: {}

storage.tiered.persistentVolume.labels

Additional labels to apply to the created PersistentVolumeClaims.

Default: {}

storage.tiered.persistentVolume.storageClass

To disable dynamic provisioning, set to ``-''. If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack).

Default: ""

tests.enabled

Default: true

tls

TLS settings. For details, see the TLS documentation.

Default:

{"certs":{"default":{"caEnabled":true},"external":{"caEnabled":true}},"enabled":true}

tls.certs

List all Certificates here, then you can reference a specific Certificate’s name in each listener’s listeners.<listener name>.tls.cert setting.

Default:

{"default":{"caEnabled":true},"external":{"caEnabled":true}}

tls.certs.default

This key is the Certificate name. To apply the Certificate to a specific listener, reference the Certificate’s name in listeners.<listener-name>.tls.cert.

Default: {"caEnabled":true}

tls.certs.default.caEnabled

Set the caEnabled flag to true only for Certificates that are not authenticated using public authorities.

Default: true

tls.certs.external

Example external tls configuration uncomment and set the right key to the listeners that require them also enable the tls setting for those listeners.

Default: {"caEnabled":true}

tls.certs.external.caEnabled

Set the caEnabled flag to true only for Certificates that are not authenticated using public authorities.

Default: true

tls.enabled

Enable TLS globally for all listeners. Each listener must include a Certificate name in its <listener>.tls object. To allow you to enable TLS for individual listeners, Certificates in auth.tls.certs are always loaded, even if tls.enabled is false. See listeners.<listener-name>.tls.enabled.

Default: true

tolerations

Taints to be tolerated by Pods, can override this for StatefulSets. For details, see the Kubernetes documentation.

Default: []

tuning

Redpanda tuning settings. Each is set to their default values in Redpanda.

Default: {"tune_aio_events":true}

tuning.tune_aio_events

Increase the maximum number of outstanding asynchronous IO operations if the current value is below a certain threshold. This allows Redpanda to make as many simultaneous IO requests as possible, increasing throughput. When this option is enabled, Helm creates a privileged container. If your security profile does not allow this, you can disable this container by setting tune_aio_events to false. For more details, see the tuning documentation.

Default: true