Docs Self-Managed Reference Kubernetes Kubernetes Helm Chart Specifications Redpanda Redpanda Helm Chart Specification This page describes the official Redpanda Helm Chart. In particular, this page describes the contents of the chart’s values.yaml file. Each of the settings is listed and described on this page, along with any default values. For instructions on how to install and use the chart, including how to override and customize the chart’s values, refer to the deployment documentation. Autogenerated from chart metadata using helm-docs v1.11.0 Source Code https://github.com/redpanda-data/helm-charts Requirements Kubernetes: >= 1.25.0-0 Repository Name Version https://charts.redpanda.com connectors >=0.1.2 <1.0 https://charts.redpanda.com console >=0.5 <1.0 Settings affinity Affinity constraints for scheduling Pods, can override this for StatefulSets and Jobs. For details, see the Kubernetes documentation. Default: {} auditLogging Audit logging for a redpanda cluster, must have enabled sasl and have one kafka listener supporting sasl authentication for audit logging to work. Note this feature is only available for redpanda versions >= v23.3.0. Default: {"clientMaxBufferSize":16777216,"enabled":false,"enabledEventTypes":null,"excludedPrincipals":null,"excludedTopics":null,"listener":"internal","partitions":12,"queueDrainIntervalMs":500,"queueMaxBufferSizePerShard":1048576,"replicationFactor":null} auditLogging.clientMaxBufferSize Defines the number of bytes (in bytes) allocated by the internal audit client for audit messages. Default: 16777216 auditLogging.enabled Enable or disable audit logging, for production clusters we suggest you enable, however, this will only work if you also enable sasl and a listener with sasl enabled. Default: false auditLogging.enabledEventTypes Event types that should be captured by audit logs, default is [admin, authenticate, management]. Default: nil auditLogging.excludedPrincipals List of principals to exclude from auditing, default is null. Default: nil auditLogging.excludedTopics List of topics to exclude from auditing, default is null. Default: nil auditLogging.listener Kafka listener name, note that it must have authenticationMethod set to sasl. For external listeners, use the external listener name, such as default. Default: "internal" auditLogging.partitions Integer value defining the number of partitions used by a newly created audit topic. Default: 12 auditLogging.queueDrainIntervalMs In ms, frequency in which per shard audit logs are batched to client for write to audit log. Default: 500 auditLogging.queueMaxBufferSizePerShard Defines the maximum amount of memory used (in bytes) by the audit buffer in each shard. Default: 1048576 auditLogging.replicationFactor Defines the replication factor for a newly created audit log topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided, Redpanda will use the internal_topic_replication_factor cluster config value. Default is null Default: nil auth Authentication settings. For details, see the SASL documentation. Default: {"sasl":{"bootstrapUser":{"mechanism":"SCRAM-SHA-256"},"enabled":false,"mechanism":"SCRAM-SHA-512","secretRef":"redpanda-users","users":[]}} auth.sasl.bootstrapUser Details about how to create the bootstrap user for the cluster. The secretKeyRef is optionally specified. If it is specified, the chart will use a password written to that secret when creating the kubernetes-controller'' bootstrap user. If it is unspecified, then the secret will be generated and stored in the secret releasename''-bootstrap-user, with the key ``password''. Default: {"mechanism":"SCRAM-SHA-256"} auth.sasl.bootstrapUser.mechanism The authentication mechanism to use for the bootstrap user. Options are SCRAM-SHA-256 and SCRAM-SHA-512. Default: "SCRAM-SHA-256" auth.sasl.enabled Enable SASL authentication. If you enable SASL authentication, you must provide a Secret in auth.sasl.secretRef. Default: false auth.sasl.mechanism The authentication mechanism to use for the superuser. Options are SCRAM-SHA-256 and SCRAM-SHA-512. Default: "SCRAM-SHA-512" auth.sasl.secretRef A Secret that contains your superuser credentials. For details, see the SASL documentation. Default: "redpanda-users" auth.sasl.users Optional list of superusers. These superusers will be created in the Secret whose name is defined in auth.sasl.secretRef. If this list is empty, the Secret in auth.sasl.secretRef must already exist in the cluster before you deploy the chart. Uncomment the sample list if you wish to try adding sample sasl users or override to use your own. Default: [] clusterDomain Default Kubernetes cluster domain. Default: "cluster.local" commonLabels Additional labels to add to all Kubernetes objects. For example, my.k8s.service: redpanda. Default: {} config This section contains various settings supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these settings comes with some risk. Use these settings to customize various Redpanda configurations that are not covered in other sections. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup. For descriptions of these properties, see the configuration documentation. Default: {"cluster":{},"node":{"crash_loop_limit":5},"pandaproxy_client":{},"rpk":{},"schema_registry_client":{},"tunable":{"compacted_log_segment_size":67108864,"kafka_connection_rate_limit":1000,"log_segment_size_max":268435456,"log_segment_size_min":16777216,"max_compacted_log_segment_size":536870912}} config.cluster Cluster Configuration Properties Default: {} config.node Broker (node) Configuration Properties. Default: {"crash_loop_limit":5} config.node.crash_loop_limit Crash loop limit A limit on the number of consecutive times a broker can crash within one hour before its crash-tracking logic is reset. This limit prevents a broker from getting stuck in an infinite cycle of crashes. User can disable this crash loop limit check by the following action: * One hour elapses since the last crash * The node configuration file, redpanda.yaml, is updated via config.cluster or config.node or config.tunable objects * The startup_log file in the node’s data_directory is manually deleted Default to 5 REF: https://docs.redpanda.com/current/reference/broker-properties/#crash_loop_limit Default: 5 config.tunable Tunable cluster properties. Deprecated: all settings here may be specified via config.cluster. Default: {"compacted_log_segment_size":67108864,"kafka_connection_rate_limit":1000,"log_segment_size_max":268435456,"log_segment_size_min":16777216,"max_compacted_log_segment_size":536870912} config.tunable.compacted_log_segment_size See the property reference documentation. Default: 67108864 config.tunable.kafka_connection_rate_limit See the property reference documentation. Default: 1000 config.tunable.log_segment_size_max See the property reference documentation. Default: 268435456 config.tunable.log_segment_size_min See the property reference documentation. Default: 16777216 config.tunable.max_compacted_log_segment_size See the property reference documentation. Default: 536870912 connectors Redpanda Managed Connectors settings For a reference of configuration settings, see the Redpanda Connectors documentation. Default: {"deployment":{"create":false},"enabled":false,"test":{"create":false}} console Redpanda Console settings. For a reference of configuration settings, see the Redpanda Console documentation. Default: {"config":{},"configmap":{"create":false},"deployment":{"create":false},"enabled":true,"secret":{"create":false}} enterprise Enterprise (optional) For details, see the License documentation. Default: {"license":"","licenseSecretRef":{}} enterprise.license license (optional). Default: "" enterprise.licenseSecretRef Secret name and key where the license key is stored. Default: {} external External access settings. For details, see the Networking and Connectivity documentation. Default: {"enabled":true,"service":{"enabled":true},"type":"NodePort"} external.enabled Enable external access for each Service. You can toggle external access for each listener in listeners.<service name>.external.<listener-name>.enabled. Default: true external.service Service allows you to manage the creation of an external kubernetes service object Default: {"enabled":true} external.service.enabled Enabled if set to false will not create the external service type You can still set your cluster with external access but not create the supporting service (NodePort/LoadBalander). Set this to false if you rather manage your own service. Default: true external.type External access type. Only NodePort and LoadBalancer are supported. If undefined, then advertised listeners will be configured in Redpanda, but the helm chart will not create a Service. You must create a Service manually. Warning: If you use LoadBalancers, you will likely experience higher latency and increased packet loss. NodePort is recommended in cases where latency is a priority. Default: "NodePort" fullnameOverride Override redpanda.fullname template. Default: "" image Redpanda Docker image settings. Default: {"pullPolicy":"IfNotPresent","repository":"docker.redpanda.com/redpandadata/redpanda","tag":""} image.pullPolicy The imagePullPolicy. If image.tag is latest', the default is `Always. Default: "IfNotPresent" image.repository Docker repository from which to pull the Redpanda Docker image. Default: "docker.redpanda.com/redpandadata/redpanda" image.tag The Redpanda version. See DockerHub for: All stable versions and all unstable versions. Default: Chart.appVersion. imagePullSecrets Pull secrets may be used to provide credentials to image repositories See the Kubernetes documentation. Default: [] license_key DEPRECATED Enterprise license key (optional). For details, see the License documentation. Default: "" license_secret_ref DEPRECATED Secret name and secret key where the license key is stored. Default: {} listeners Listener settings. Override global settings configured above for individual listeners. For details, see the listeners documentation. Default: {"admin":{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}},"http":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}},"kafka":{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}},"rpc":{"port":33145,"tls":{"cert":"default","requireClientAuth":false}},"schemaRegistry":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}}} listeners.admin Admin API listener (only one). Default: {"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}} listeners.admin.external Optional external access settings. Default: {"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}} listeners.admin.external.default Name of the external listener. Default: {"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}} listeners.admin.external.default.tls The port advertised to this listener’s external clients. List one port if you want to use the same port for each broker (would be the case when using NodePort service). Otherwise, list the port you want to use for each broker in order of StatefulSet replicas. If undefined, listeners.admin.port is used. Default: {"cert":"external"} listeners.admin.port The port for both internal and external connections to the Admin API. Default: 9644 listeners.admin.tls Optional TLS section (required if global TLS is enabled) Default: {"cert":"default","requireClientAuth":false} listeners.admin.tls.cert Name of the Certificate used for TLS (must match a Certificate name that is registered in tls.certs). Default: "default" listeners.admin.tls.requireClientAuth If true, the truststore file for this listener is included in the ConfigMap. Default: false listeners.http HTTP API listeners (aka PandaProxy). Default: {"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}} listeners.kafka Kafka API listeners. Default: {"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}} listeners.kafka.external.default.advertisedPorts If undefined, listeners.kafka.external.default.port is used. Default: [31092] listeners.kafka.external.default.port The port used for external client connections. Default: 9094 listeners.kafka.port The port for internal client connections. Default: 9093 listeners.rpc RPC listener (this is never externally accessible). Default: {"port":33145,"tls":{"cert":"default","requireClientAuth":false}} listeners.schemaRegistry Schema registry listeners. Default: {"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}} logging Log-level settings. Default: {"logLevel":"info","usageStats":{"enabled":true}} logging.logLevel Log level Valid values (from least to most verbose) are: warn, info, debug, and trace. Default: "info" logging.usageStats Send usage statistics back to Redpanda Data. For details, see the stats reporting documentation. Default: {"enabled":true} monitoring Monitoring. This will create a ServiceMonitor that can be used by Prometheus-Operator or VictoriaMetrics-Operator to scrape the metrics. Default: {"enabled":false,"labels":{},"scrapeInterval":"30s"} nameOverride Override redpanda.name template. Default: "" nodeSelector Node selection constraints for scheduling Pods, can override this for StatefulSets. For details, see the Kubernetes documentation. Default: {} post_install_job.affinity Default: {} post_install_job.enabled Default: true post_install_job.podTemplate.annotations Annotations to apply (or overwrite the default) to the Pods of this Job. Default: {} post_install_job.podTemplate.labels Labels to apply (or overwrite the default) to the Pods of this Job. Default: {} post_install_job.podTemplate.spec A subset of Kubernetes’ PodSpec type that will be merged into the final PodSpec. See Merge Semantics for details. Default: {"containers":[{"env":[],"name":"post-install","securityContext":{}}],"securityContext":{}} rackAwareness Rack Awareness settings. For details, see the Rack Awareness documentation. Default: {"enabled":false,"nodeAnnotation":"topology.kubernetes.io/zone"} rackAwareness.enabled When running in multiple racks or availability zones, use a Kubernetes Node annotation value as the Redpanda rack value. Enabling this requires running with a service account with `get'' Node permissions. To have the Helm chart configure these permissions, set `serviceAccount.create=true and rbac.enabled=true. Default: false rackAwareness.nodeAnnotation The common well-known annotation to use as the rack ID. Override this only if you use a custom Node annotation. Default: "topology.kubernetes.io/zone" rbac Role Based Access Control. Default: {"annotations":{},"enabled":false} rbac.annotations Annotations to add to the rbac resources. Default: {} rbac.enabled Enable for features that need extra privileges. If you use the Redpanda Operator, you must deploy it with the --set rbac.createRPKBundleCRs=true flag to give it the required ClusterRoles. Default: false resources Pod resource management. This section simplifies resource allocation by providing a single location where resources are defined. Helm sets these resource values within the statefulset.yaml and configmap.yaml templates. The default values are for a development environment. Production-level values and other considerations are documented, where those values are different from the default. For details, see the Pod resources documentation. Default: {"cpu":{"cores":1},"memory":{"container":{"max":"2.5Gi"}}} resources.cpu CPU resources. For details, see the Pod resources documentation. Default: {"cores":1} resources.cpu.cores Redpanda makes use of a thread per core model. For details, see this blog. For this reason, Redpanda should only be given full cores. Note: You can increase cores, but decreasing cores is supported only from 24.3 Redpanda version. This setting is equivalent to --smp, resources.requests.cpu, and resources.limits.cpu. For production, use 4 or greater. To maximize efficiency, use the static CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. See https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy. Default: 1 resources.memory Memory resources For details, see the Pod resources documentation. Default: {"container":{"max":"2.5Gi"}} resources.memory.container Enables memory locking. For production, set to true. enable_memory_locking: false It is recommended to have at least 2Gi of memory per core for the Redpanda binary. This memory is taken from the total memory given to each container. The Helm chart allocates 80% of the container’s memory to Redpanda, leaving the rest for other container processes. So at least 2.5Gi per core is recommended in order to ensure Redpanda has a full 2Gi. These values affect --memory and --reserve-memory flags passed to Redpanda and the memory requests/limits in the StatefulSet. Valid suffixes: k, M, G, T, P, Ki, Mi, Gi, Ti, Pi To create Guaranteed Pod QoS for Redpanda brokers, provide both container max and min values for the container. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a memory limit and a memory request. * For every container in the Pod, the memory limit must equal the memory request. Default: {"max":"2.5Gi"} resources.memory.container.max Maximum memory count for each Redpanda broker. Equivalent to resources.limits.memory. For production, use 10Gi or greater. Default: "2.5Gi" serviceAccount Service account management. Default: {"annotations":{},"automountServiceAccountToken":false,"create":false,"name":""} serviceAccount.annotations Annotations to add to the service account. Default: {} serviceAccount.automountServiceAccountToken Specifies whether a service account should automount API-Credentials. The token is used in sidecars.controllers Default: false serviceAccount.create Specifies whether a service account should be created. Default: false serviceAccount.name The name of the service account to use. If not set and serviceAccount.create is true, a name is generated using the redpanda.fullname template. Default: "" statefulset.additionalRedpandaCmdFlags Additional flags to pass to redpanda, Default: [] statefulset.additionalSelectorLabels Additional labels to be added to statefulset label selector. For example, my.k8s.service: redpanda. Default: {} statefulset.annotations DEPRECATED Please use statefulset.podTemplate.annotations. Annotations are used only for Statefulset.spec.template.metadata.annotations. The StatefulSet does not have any dedicated annotation. Default: {} statefulset.budget.maxUnavailable Default: 1 statefulset.extraVolumeMounts Default: "" statefulset.extraVolumes Default: "" statefulset.initContainerImage.repository Default: "busybox" statefulset.initContainerImage.tag Default: "latest" statefulset.initContainers.configurator.extraVolumeMounts Default: "" statefulset.initContainers.configurator.resources To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. Default: {} statefulset.initContainers.extraInitContainers Default: "" statefulset.initContainers.fsValidator.enabled Default: false statefulset.initContainers.fsValidator.expectedFS Default: "xfs" statefulset.initContainers.fsValidator.extraVolumeMounts Default: "" statefulset.initContainers.fsValidator.resources To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. Default: {} statefulset.initContainers.setDataDirOwnership.enabled In environments where root is not allowed, you cannot change the ownership of files and directories. Enable setDataDirOwnership when using default minikube cluster configuration. Default: false statefulset.initContainers.setDataDirOwnership.extraVolumeMounts Default: "" statefulset.initContainers.setDataDirOwnership.resources To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. Default: {} statefulset.initContainers.setTieredStorageCacheDirOwnership.extraVolumeMounts Default: "" statefulset.initContainers.setTieredStorageCacheDirOwnership.resources To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. Default: {} statefulset.initContainers.tuning.extraVolumeMounts Default: "" statefulset.initContainers.tuning.resources To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. Default: {} statefulset.livenessProbe.failureThreshold Default: 3 statefulset.livenessProbe.initialDelaySeconds Default: 10 statefulset.livenessProbe.periodSeconds Default: 10 statefulset.nodeSelector Node selection constraints for scheduling Pods of this StatefulSet. These constraints override the global nodeSelector value. For details, see the Kubernetes documentation. Default: {} statefulset.podAffinity Inter-Pod Affinity rules for scheduling Pods of this StatefulSet. For details, see the Kubernetes documentation. Default: {} statefulset.podAntiAffinity Anti-affinity rules for scheduling Pods of this StatefulSet. For details, see the Kubernetes documentation. You may either edit the default settings for anti-affinity rules, or specify new anti-affinity rules to use instead of the defaults. Default: {"custom":{},"topologyKey":"kubernetes.io/hostname","type":"hard","weight":100} statefulset.podAntiAffinity.custom Change podAntiAffinity.type to custom and provide your own podAntiAffinity rules here. Default: {} statefulset.podAntiAffinity.topologyKey The topologyKey to be used. Can be used to spread across different nodes, AZs, regions etc. Default: "kubernetes.io/hostname" statefulset.podAntiAffinity.type Valid anti-affinity types are soft, hard, or custom. Use custom if you want to supply your own anti-affinity rules in the podAntiAffinity.custom object. Default: "hard" statefulset.podAntiAffinity.weight Weight for soft anti-affinity rules. Does not apply to other anti-affinity types. Default: 100 statefulset.podTemplate.annotations Additional annotations to apply to the Pods of the StatefulSet. Default: {} statefulset.podTemplate.labels Additional labels to apply to the Pods of the StatefulSet. Default: {} statefulset.podTemplate.spec A subset of Kubernetes’ PodSpec type that will be merged into the final PodSpec. See Merge Semantics for details. Default: {"containers":[{"env":[],"name":"redpanda","securityContext":{}}],"securityContext":{}} statefulset.priorityClassName PriorityClassName given to Pods of this StatefulSet. For details, see the Kubernetes documentation. Default: "" statefulset.readinessProbe.failureThreshold Default: 3 statefulset.readinessProbe.initialDelaySeconds Default: 1 statefulset.readinessProbe.periodSeconds Default: 10 statefulset.readinessProbe.successThreshold Default: 1 statefulset.replicas Number of Redpanda brokers (Redpanda Data recommends setting this to the number of worker nodes in the cluster) Default: 3 statefulset.securityContext DEPRECATED: Prefer to use podTemplate.spec.securityContext or podTemplate.spec.containers[0\].securityContext. Default: {"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":101} statefulset.sideCars.configWatcher.enabled Default: true statefulset.sideCars.configWatcher.extraVolumeMounts Default: "" statefulset.sideCars.configWatcher.resources To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a memory limit and a memory request. * For every container in the Pod, the memory limit must equal the memory request. * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. To maximize efficiency, use the static CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. For details, see https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy Default: {} statefulset.sideCars.configWatcher.securityContext Default: {} statefulset.sideCars.controllers.createRBAC Default: true statefulset.sideCars.controllers.enabled Default: false statefulset.sideCars.controllers.healthProbeAddress Default: ":8085" statefulset.sideCars.controllers.image.repository Default: "docker.redpanda.com/redpandadata/redpanda-operator" statefulset.sideCars.controllers.image.tag Default: "v2.3.2-24.3.1" statefulset.sideCars.controllers.metricsAddress Default: ":9082" statefulset.sideCars.controllers.resources To create Guaranteed Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. To maximize efficiency, use the static CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. For details, see https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy Default: {} statefulset.sideCars.controllers.run[0] Default: "all" statefulset.sideCars.controllers.securityContext Default: {} statefulset.startupProbe Adjust the period for your probes to meet your needs. For details, see the Kubernetes documentation. Default: {"failureThreshold":120,"initialDelaySeconds":1,"periodSeconds":10} statefulset.terminationGracePeriodSeconds Termination grace period in seconds is time required to execute preStop hook which puts particular Redpanda Pod (process/container) into maintenance mode. Before settle down on particular value please put Redpanda under load and perform rolling upgrade or rolling restart. That value needs to accommodate two processes: * preStop hook needs to put Redpanda into maintenance mode * after preStop hook Redpanda needs to handle gracefully SIGTERM signal Both processes are executed sequentially where preStop hook has hard deadline in the middle of terminationGracePeriodSeconds. REF: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination Default: 90 statefulset.tolerations Taints to be tolerated by Pods of this StatefulSet. These tolerations override the global tolerations value. For details, see the Kubernetes documentation. Default: [] statefulset.topologySpreadConstraints[0].maxSkew Default: 1 statefulset.topologySpreadConstraints[0].topologyKey Default: "topology.kubernetes.io/zone" statefulset.topologySpreadConstraints[0].whenUnsatisfiable Default: "ScheduleAnyway" statefulset.updateStrategy.type Default: "RollingUpdate" storage Persistence settings. For details, see the storage documentation. Default: {"hostPath":"","persistentVolume":{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""},"tiered":{"config":{"cloud_storage_cache_size":5368709120,"cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false},"credentialsSecretRef":{"accessKey":{"configurationKey":"cloud_storage_access_key"},"secretKey":{"configurationKey":"cloud_storage_secret_key"}},"hostPath":"","mountType":"emptyDir","persistentVolume":{"annotations":{},"labels":{},"storageClass":""}}} storage.hostPath Absolute path on the host to store Redpanda’s data. If unspecified, then an emptyDir volume is used. If specified but persistentVolume.enabled is true, storage.hostPath has no effect. Default: "" storage.persistentVolume If persistentVolume.enabled is true, a PersistentVolumeClaim is created and used to store Redpanda’s data. Otherwise, storage.hostPath is used. Default: {"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""} storage.persistentVolume.annotations Additional annotations to apply to the created PersistentVolumeClaims. Default: {} storage.persistentVolume.labels Additional labels to apply to the created PersistentVolumeClaims. Default: {} storage.persistentVolume.nameOverwrite Option to change volume claim template name for tiered storage persistent volume if tiered.mountType is set to persistentVolume Default: "" storage.persistentVolume.storageClass To disable dynamic provisioning, set to -. If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack). Default: "" storage.tiered.config Tiered Storage settings Requires enterprise.licenseKey or enterprised.licenseSecretRef For details, see the Tiered Storage documentation. For a list of properties, see Object Storage Properties. Default: {"cloud_storage_cache_size":5368709120,"cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false} storage.tiered.config.cloud_storage_cache_size Maximum size of the disk cache used by Tiered Storage. Default is 20 GiB. See the property reference documentation. Default: 5368709120 storage.tiered.config.cloud_storage_enable_remote_read Cluster level default remote read configuration for new topics. See the property reference documentation. Default: true storage.tiered.config.cloud_storage_enable_remote_write Cluster level default remote write configuration for new topics. See the property reference documentation. Default: true storage.tiered.config.cloud_storage_enabled Global flag that enables Tiered Storage if a license key is provided. See the property reference documentation. Default: false storage.tiered.hostPath Absolute path on the host to store Redpanda’s Tiered Storage cache. Default: "" storage.tiered.persistentVolume.annotations Additional annotations to apply to the created PersistentVolumeClaims. Default: {} storage.tiered.persistentVolume.labels Additional labels to apply to the created PersistentVolumeClaims. Default: {} storage.tiered.persistentVolume.storageClass To disable dynamic provisioning, set to ``-''. If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack). Default: "" tests.enabled Default: true tls TLS settings. For details, see the TLS documentation. Default: {"certs":{"default":{"caEnabled":true},"external":{"caEnabled":true}},"enabled":true} tls.certs List all Certificates here, then you can reference a specific Certificate’s name in each listener’s listeners.<listener name>.tls.cert setting. Default: {"default":{"caEnabled":true},"external":{"caEnabled":true}} tls.certs.default This key is the Certificate name. To apply the Certificate to a specific listener, reference the Certificate’s name in listeners.<listener-name>.tls.cert. Default: {"caEnabled":true} tls.certs.default.caEnabled Indicates whether or not the Secret holding this certificate includes a ca.crt key. When true, chart managed clients, such as rpk, will use ca.crt for certificate verification and listeners with require_client_auth and no explicit truststore will use ca.crt as their truststore_file for verification of client certificates. When false, chart managed clients will use tls.crt for certificate verification and listeners with require_client_auth and no explicit truststore will use the container’s CA certificates. Default: true tls.certs.external Example external tls configuration uncomment and set the right key to the listeners that require them also enable the tls setting for those listeners. Default: {"caEnabled":true} tls.certs.external.caEnabled Indicates whether or not the Secret holding this certificate includes a ca.crt key. When true, chart managed clients, such as rpk, will use ca.crt for certificate verification and listeners with require_client_auth and no explicit truststore will use ca.crt as their truststore_file for verification of client certificates. When false, chart managed clients will use tls.crt for certificate verification and listeners with require_client_auth and no explicit truststore will use the container’s CA certificates. Default: true tls.enabled Enable TLS globally for all listeners. Each listener must include a Certificate name in its <listener>.tls object. To allow you to enable TLS for individual listeners, Certificates in auth.tls.certs are always loaded, even if tls.enabled is false. See listeners.<listener-name>.tls.enabled. Default: true tolerations Taints to be tolerated by Pods, can override this for StatefulSets. For details, see the Kubernetes documentation. Default: [] tuning Redpanda tuning settings. Each is set to their default values in Redpanda. Default: {"tune_aio_events":true} tuning.tune_aio_events Increase the maximum number of outstanding asynchronous IO operations if the current value is below a certain threshold. This allows Redpanda to make as many simultaneous IO requests as possible, increasing throughput. When this option is enabled, Helm creates a privileged container. If your security profile does not allow this, you can disable this container by setting tune_aio_events to false. For more details, see the tuning documentation. Default: true Merging Semantics The redpanda chart implements a form of object merging that’s roughly a middleground of JSON Merge Patch and Kubernetes’ Strategic Merge Patch. This is done to aid end users in setting or overriding fields that are not directly exposed via the chart. Directives are not supported. List fields that are merged by a unique key in Kubernetes’ SMP (e.g. containers, env) will be merged in a similar awy. Only fields explicitly allowed by the chart’s JSON schema will be merged. Additional containers that are not present in the original value will NOT be added. Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution Kubernetes Helm Chart Specifications Redpanda Operator