Configure Listeners in Kubernetes

You can customize the advertised ports for each listener on all Redpanda brokers, or disable listeners altogether.

Customize the advertised ports

To customize the advertised ports for each listener, replace <port> with the port that you want to use.

Redpanda doesn’t validate the configured port numbers. Make sure to verify the following:

  • Your configured port numbers are within the range that is assigned for node ports in your Kubernetes cluster.

  • Your Kubernetes cluster is accessible through your desired node port range. You may need to edit your inbound firewall rules.

  • Your configured port numbers are not in use by any other service.

Customize Admin API ports

  • Helm + Operator

  • Helm

redpanda-cluster.yaml
apiVersion: cluster.redpanda.com/v1alpha1
kind: Redpanda
metadata:
  name: redpanda
spec:
  chartRef: {}
  clusterSpec:
    listeners:
      admin:
        external:
          default:
            advertisedPorts:
            - <port>
kubectl apply -f redpanda-cluster.yaml --namespace <namespace>
  • --values

  • --set

custom-admin-port.yaml
listeners:
  admin:
    external:
      default:
        advertisedPorts:
        - <port>
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --values custom-admin-port.yaml --reuse-values
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --set "listeners.admin.external.default.advertisedPorts={<port>}"

Customize Kafka API ports

  • Helm + Operator

  • Helm

redpanda-cluster.yaml
apiVersion: cluster.redpanda.com/v1alpha1
kind: Redpanda
metadata:
  name: redpanda
spec:
  chartRef: {}
  clusterSpec:
    listeners:
      kafka:
        external:
          default:
            advertisedPorts:
            - <port>
kubectl apply -f redpanda-cluster.yaml --namespace <namespace>
  • --values

  • --set

custom-kafka-port.yaml
listeners:
  kafka:
    external:
      default:
        advertisedPorts:
        - <port>
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --values custom-kafka-port.yaml --reuse-values
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --set "listeners.kafka.external.default.advertisedPorts={<port>}"

Customize the HTTP Proxy ports

  • Helm + Operator

  • Helm

redpanda-cluster.yaml
apiVersion: cluster.redpanda.com/v1alpha1
kind: Redpanda
metadata:
  name: redpanda
spec:
  chartRef: {}
  clusterSpec:
    listeners:
      http:
        external:
          default:
            advertisedPorts:
            - <port>
kubectl apply -f redpanda-cluster.yaml --namespace <namespace>
  • --values

  • --set

custom-pandaproxy-port.yaml
listeners:
  http:
    external:
      default:
        advertisedPorts:
        - <port>
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --values custom-pandaproxy-port.yaml --reuse-values
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --set "listeners.http.external.default.advertisedPorts={<port>}"

Customize Schema Registry ports

  • Helm + Operator

  • Helm

redpanda-cluster.yaml
apiVersion: cluster.redpanda.com/v1alpha1
kind: Redpanda
metadata:
  name: redpanda
spec:
  chartRef: {}
  clusterSpec:
    listeners:
      schemaRegistry:
        external:
          default:
            advertisedPorts:
            - <port>
kubectl apply -f redpanda-cluster.yaml --namespace <namespace>
  • --values

  • --set

custom-schema-registry-port.yaml
listeners:
  schemaRegistry:
    external:
      default:
        advertisedPorts:
        - <port>
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --values custom-schema-registry-port.yaml --reuse-values
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --set "listeners.schemaRegistry.external.default.advertisedPorts={<port>}"

Disable external access

You can disable external access for all listeners or for individual listeners.

Disable all listeners

  • Helm + Operator

  • Helm

redpanda-cluster.yaml
apiVersion: cluster.redpanda.com/v1alpha1
kind: Redpanda
metadata:
  name: redpanda
spec:
  chartRef: {}
  clusterSpec:
    external:
      enabled: false
kubectl apply -f redpanda-cluster.yaml --namespace <namespace>
  • --values

  • --set

disable-external-access.yaml
external:
  enabled: false
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --values disable-external-access.yaml --reuse-values
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --set external.enabled=false

Disable the Admin API

  • Helm + Operator

  • Helm

redpanda-cluster.yaml
apiVersion: cluster.redpanda.com/v1alpha1
kind: Redpanda
metadata:
  name: redpanda
spec:
  chartRef: {}
  clusterSpec:
    listeners:
      admin:
        external:
          default:
            enabled: false
kubectl apply -f redpanda-cluster.yaml --namespace <namespace>
  • --values

  • --set

disable-external-admin-api.yaml
listeners:
  admin:
    external:
      default:
        enabled: false
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --values disable-external-admin-api.yaml --reuse-values
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --set listeners.admin.external.default.enabled=false

Disable the Kafka API

  • Helm + Operator

  • Helm

redpanda-cluster.yaml
apiVersion: cluster.redpanda.com/v1alpha1
kind: Redpanda
metadata:
  name: redpanda
spec:
  chartRef: {}
  clusterSpec:
    listeners:
      kafka:
        external:
          default:
            enabled: false
kubectl apply -f redpanda-cluster.yaml --namespace <namespace>
  • --values

  • --set

disable-external-kafka-api.yaml
listeners:
  kafka:
    external:
      default:
        enabled: false
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --values disable-external-kafka-api.yaml --reuse-values
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --set listeners.kafka.external.default.enabled=false

Disable the HTTP Proxy

  • Helm + Operator

  • Helm

redpanda-cluster.yaml
apiVersion: cluster.redpanda.com/v1alpha1
kind: Redpanda
metadata:
  name: redpanda
spec:
  chartRef: {}
  clusterSpec:
    listeners:
      http:
        external:
          default:
            enabled: false
kubectl apply -f redpanda-cluster.yaml --namespace <namespace>
  • --values

  • --set

disable-external-pandaproxy.yaml
listeners:
  http:
    external:
      default:
        enabled: false
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --values disable-external-pandaproxy.yaml --reuse-values
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --set listeners.http.external.default.enabled=false

Disable Schema Registry

  • Helm + Operator

  • Helm

redpanda-cluster.yaml
apiVersion: cluster.redpanda.com/v1alpha1
kind: Redpanda
metadata:
  name: redpanda
spec:
  chartRef: {}
  clusterSpec:
    listeners:
      schemaRegistry:
        external:
          default:
            enabled: false
kubectl apply -f redpanda-cluster.yaml --namespace <namespace>
  • --values

  • --set

disable-external-schema-registry.yaml
listeners:
  schemaRegistry:
    external:
      default:
        enabled: false
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --values disable-external-schema-registry.yaml --reuse-values
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
  --set listeners.schemaRegistry.external.default.enabled=false

Next steps

Configure security for your listeners.