Docs Self-Managed Reference Kubernetes Kubernetes Custom Resource Definitions cluster.redpanda.com/v1alpha2 cluster.redpanda.com/v1alpha2 Package v1alpha2 defines the v1alpha2 schema for the Redpanda API. It is part of an evolving API architecture, representing an initial stage that may be subject to change based on user feedback and further development. Resource Types Redpanda RedpandaList Topic TopicList User UserList ACLOperation (string) ACLOperation specifies the type of operation for an ACL. Appears in: ACLRule ACLResourceSpec ACLResourceSpec indicates the resource for which given ACL rule applies. Appears in: ACLRule Field Description type ResourceType name string Name of resource for which given ACL rule applies. Can be combined with patternType field to use prefix pattern. patternType PatternType Describes the pattern used in the resource field. The supported types are literal and prefixed. With literal pattern type, the resource field will be used as a definition of a full topic name. With prefix pattern type, the resource name will be used only as a prefix. Default value is literal. ACLRule ACLRule defines an ACL rule applied to the given user. Validations taken from https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=75978240 Appears in: UserAuthorizationSpec Field Description type ACLType resource ACLResourceSpec Indicates the resource for which given ACL rule applies. host string The host from which the action described in the ACL rule is allowed or denied. If not set, it defaults to *, allowing or denying the action from any host. operations ACLOperation array List of operations which will be allowed or denied. ACLType (string) ACLType specifies the type, either allow or deny of an ACL rule. Appears in: ACLRule Admin Admin configures settings for the Admin API listeners. Appears in: Listeners Field Description external object (keys:string, values:ExternalListener) Defines settings for the external listener. port integer Specifies the container port number for the internal listener. tls ListenerTLS Configures TLS settings for the internal listener. appProtocol string AdminAPISpec AdminAPISpec defines client configuration for connecting to Redpanda’s admin API. Appears in: StaticConfigurationSource Field Description urls string array Specifies a list of broker addresses in the format <host>:<port> tls CommonTLS Defines TLS configuration settings for Redpanda clusters that have TLS enabled. sasl AdminSASL Defines authentication configuration settings for Redpanda clusters that have authentication enabled. AdminSASL AdminSASL configures credentials to connect to Redpanda cluster that has authentication enabled. Appears in: AdminAPISpec Field Description username string Specifies the username. passwordSecretRef SecretKeyRef Specifies the password. mechanism SASLMechanism Specifies the SASL/SCRAM authentication mechanism. token SecretKeyRef AuditLogging AuditLogging configures how to perform audit logging for a redpanda cluster Appears in: RedpandaClusterSpec Field Description enabled boolean Specifies whether to enable audit logging or not listener string Kafka external listener name, note that it must have authenticationMethod set to sasl partitions integer Integer value defining the number of partitions used by a newly created audit topic enabledEventTypes string array Event types that should be captured by audit logs excludedTopics string array List of topics to exclude from auditing excludedPrincipals string array List of principals to exclude from auditing clientMaxBufferSize integer Defines the number of bytes (in bytes) allocated by the internal audit client for audit messages. queueDrainIntervalMs integer In ms, frequency in which per shard audit logs are batched to client for write to audit log. queueMaxBufferSizePerShard integer Defines the maximum amount of memory used (in bytes) by the audit buffer in each shard replicationFactor integer Defines the replication factor for a newly created audit log topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided, Redpanda will use the internal_topic_replication_factor cluster config value. Default is null Auth Auth configures authentication in the Helm values. See https://docs.redpanda.com/current/manage/kubernetes/security/authentication/sasl-kubernetes/. Appears in: RedpandaClusterSpec Field Description sasl SASL Configures SASL authentication in the Helm values. AuthorizationType (string) AuthorizationType specifies the type of authorization to use in creating a user. Appears in: UserAuthorizationSpec BootstrapUser BootstrapUser configures the user used to bootstrap Redpanda when SASL is enabled. Appears in: SASL Field Description secretKeyRef SecretKeySelector Specifies the location where the generated password will be written or a pre-existing password will be read from. mechanism string Specifies the authentication mechanism to use for the bootstrap user. Options are SCRAM-SHA-256 and SCRAM-SHA-512. Budget Budget configures the management of disruptions affecting the Pods in the StatefulSet. Appears in: Statefulset Field Description maxUnavailable integer Defines the maximum number of Pods that can be unavailable during a voluntary disruption. CPU CPU configures CPU resources for containers. See https://docs.redpanda.com/current/manage/kubernetes/manage-resources/. Appears in: Resources Field Description cores Quantity Specifies the number of CPU cores available to the application. Redpanda makes use of a thread per core model. For details, see https://docs.redpanda.com/current/get-started/architecture/#thread-per-core-model. For this reason, Redpanda should only be given full cores. Note: You can increase cores, but decreasing cores is not currently supported. See the GitHub issue:https://github.com/redpanda-data/redpanda/issues/350. This setting is equivalent to --smp, resources.requests.cpu, and resources.limits.cpu. For production, use 4 or greater. overprovisioned boolean Specifies whether Redpanda assumes it has all of the provisioned CPU. This should be true unless the container has CPU affinity. Equivalent to: --idle-poll-time-us 0, --thread-affinity 0, and --poll-aio 0. If the value of full cores in resources.cpu.cores is less than 1, this setting is set to true. Certificate Certificate configures TLS certificates. Appears in: TLS Field Description issuerRef IssuerRef Specify the name of an existing Issuer or ClusterIssuer resource to use to generate certificates. Requires cert-manager. See https://cert-manager.io/v1.1-docs. secretRef SecretRef Specify the name of an existing Secret resource that contains your TLS certificate. clientSecretRef SecretRef Specify the name of an existing Secret resource that contains your client TLS certificate. duration Duration Specifies the validity duration of certificates generated with issuerRef. caEnabled boolean Specifies whether to include the ca.crt file in the trust stores of all listeners. Set to true only for certificates that are not authenticated using public certificate authorities (CAs). applyInternalDNSNames boolean Specifies you wish to have Kubernetes internal dns names (IE the headless service of the redpanda StatefulSet) included in dnsNames of the certificate even, when supplying an issuer. enabled boolean ChartRef Appears in: RedpandaSpec Field Description chartName string Specifies the name of the chart to deploy. chartVersion string Defines the version of the Redpanda Helm chart to deploy. helmRepositoryName string Defines the chart repository to use. Defaults to redpanda if not defined. timeout Duration Specifies the time to wait for any individual Kubernetes operation (like Jobs for hooks) during Helm actions. Defaults to 15m0s. upgrade HelmUpgrade Defines how to handle upgrades, including failures. useFlux boolean NOTE! Alpha feature UseFlux flag set to false will prevent helm controller from reconciling helm chart. The operator would be tight with go based Redpanda helm chart version. The rest of the ChartRef fields would be ignored. Before setting UseFlux flag to false please alight your ChartVersion to at least 5.9.3 version of the Redpanda chart. RedpandaStatus might not be accurate if flag is set to false and HelmRelease is manually deleted. To achieve dynamic switch for Flux controllers (HelmRelease and HelmRepository) the resources would not be removed, but they will be put in suspended mode (if flag is provided and set to false). https://fluxcd.io/flux/components/helm/helmreleases/#suspend https://fluxcd.io/flux/components/source/helmrepositories/#suspend ClusterRef ClusterRef represents a reference to a cluster that is being targeted. Appears in: ClusterSource Field Description name string Name specifies the name of the cluster being referenced. ClusterSource ClusterSource defines how to connect to a particular Redpanda cluster. Appears in: TopicSpec UserSpec Field Description clusterRef ClusterRef ClusterRef is a reference to the cluster where the object should be created. It is used in constructing the client created to configure a cluster. This takes precedence over StaticConfigurationSource. staticConfiguration StaticConfigurationSource StaticConfiguration holds connection parameters to Kafka and Admin APIs. CommonTLS CommonTLS specifies TLS configuration settings for Redpanda clusters that have authentication enabled. Appears in: AdminAPISpec KafkaAPISpec Field Description caCertSecretRef SecretKeyRef CaCert is the reference for certificate authority used to establish TLS connection to Redpanda certSecretRef SecretKeyRef Cert is the reference for client public certificate to establish mTLS connection to Redpanda keySecretRef SecretKeyRef Key is the reference for client private certificate to establish mTLS connection to Redpanda insecureSkipTlsVerify boolean InsecureSkipTLSVerify can skip verifying Redpanda self-signed certificate when establish TLS connection to Redpanda Config Config configures Redpanda config properties supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these values from the defaults comes with some risk. Use these properties to customize various Redpanda configurations that are not available in the RedpandaClusterSpec. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup. Appears in: RedpandaClusterSpec Field Description rpk RawExtension Specifies cluster configuration properties. See https://docs.redpanda.com/current/reference/cluster-properties/. cluster RawExtension Specifies cluster configuration properties. See https://docs.redpanda.com/current/reference/cluster-properties/. node RawExtension Specifies broker configuration properties. See https://docs.redpanda.com/current/reference/node-properties/. tunable RawExtension Specifies tunable configuration properties. See https://docs.redpanda.com/current/reference/tunable-properties/. schema_registry_client RawExtension Specifies tunable configuration properties. See https://docs.redpanda.com/current/reference/tunable-properties/. pandaproxy_client RawExtension Specifies tunable configuration properties. See https://docs.redpanda.com/current/reference/tunable-properties/. ConfigSynonyms ConfigSynonyms was copied from https://github.com/twmb/franz-go/blob/01651affd204d4a3577a341e748c5d09b52587f8/pkg/kmsg/generated.go#L24569-L24578 Appears in: Configuration Field Description name string value string source string unknownTags object (keys:string, values:string) UnknownTags are tags Kafka sent that we do not know the purpose of. ConfigWatcher ConfigWatcher configures a sidecar that watches for changes to the Secret in auth.sasl.secretRef and applies the changes to the Redpanda cluster. Appears in: SideCars Field Description enabled boolean Specifies whether the sidecar is enabled. extraVolumeMounts string Specifies additional volumes to mount to the sidecar. resources ResourceRequirements Specifies resource requests for the sidecar container. securityContext SecurityContext Specifies the container’s security context, including privileges and access levels of the container and its processes. Configuration Configuration was copied from https://github.com/twmb/franz-go/blob/01651affd204d4a3577a341e748c5d09b52587f8/pkg/kmsg/generated.go#L24593-L24634 Appears in: TopicStatus Field Description name string Name is a key this entry corresponds to (e.g. segment.bytes). value string Value is the value for this config key. If the key is sensitive, the value will be null. readOnly boolean ReadOnly signifies whether this is not a dynamic config option. Note that this field is not always correct, and you may need to check whether the Source is any dynamic enum. See franz-go#91 for more details. isDefault boolean IsDefault is whether this is a default config option. This has been replaced in favor of Source. source string Source is where this config entry is from. This field has a default of -1. isSensitive boolean IsSensitive signifies whether this is a sensitive config key, which is either a password or an unknown type. configSynonyms ConfigSynonyms array ConfigSynonyms contains fallback key/value pairs for this config entry, in order of preference. That is, if a config entry is both dynamically configured and has a default, the top level return will be the dynamic configuration, while its "synonym" will be the default. configType string ConfigType specifies the configuration data type. documentation string Documentation is optional documentation for the config entry. unknownTags object (keys:string, values:string) UnknownTags are tags Kafka sent that we do not know the purpose of. Configurator Appears in: InitContainers Field Description extraVolumeMounts string resources ResourceRequirements ConnectorMonitoring ConnectorMonitoring configures monitoring resources for Connectors. See https://docs.redpanda.com/current/manage/kubernetes/monitoring/monitor-redpanda/. Appears in: RedpandaConnectors Field Description enabled boolean Specifies whether to create a ServiceMonitor that can be used by Prometheus Operator or VictoriaMetrics Operator to scrape the metrics. labels object (keys:string, values:string) Adds custom labels to the ServiceMonitor resource. scrapeInterval string Specifies how often to scrape metrics. annotations object (keys:string, values:string) Adds custom Annotations to the ServiceMonitor resource. namespaceSelector NamespaceSelector Adds custom namespaceSelector to monitoring resources ConnectorsCreateObj ConnectorsCreateObj configures Kubernetes resources for Redpanda Connectors. Appears in: RedpandaConnectors Field Description create boolean Specifies whether to create the resource. enabled boolean Deprecated: this field exists for storage backwards compatibility and is never used. Prefer Create. ConsoleCreateObj ConsoleCreateObj represents configuration options for creating Kubernetes objects such as ConfigMaps, Secrets, and Deployments. Appears in: RedpandaConsole Field Description create boolean Indicates whether the corresponding Kubernetes object (ConfigMap, Secret, or Deployment) should be created. Container Appears in: PodSpec Field Description name string securityContext SecurityContext env EnvVar array ContainerResources ContainerResources defines resource limits for containers. Appears in: Memory Field Description max Quantity Specifies the maximum resources that can be allocated to a container. min Quantity Specifies the minimum resources required for a container. CredentialSecretRef CredentialSecretRef can be used to set cloud_storage_secret_key from referenced Kubernetes Secret Appears in: Tiered Field Description accessKey SecretWithConfigField secretKey SecretWithConfigField Enablable Appears in: RedpandaClusterSpec RedpandaConsole Field Description enabled boolean Enterprise Enterprise configures an Enterprise license key to enable Redpanda Enterprise features. Requires the post-install job to be enabled (default). See https://docs.redpanda.com/current/get-started/licenses/. Appears in: RedpandaClusterSpec Field Description license string Specifies the Enterprise license key. licenseSecretRef EnterpriseLicenseSecretRef Defines a reference to a Secret resource that contains the Enterprise license key. EnterpriseLicenseSecretRef EnterpriseLicenseSecretRef configures a reference to a Secret resource that contains the Enterprise license key. Appears in: Enterprise Field Description key string Specifies the key that is contains the Enterprise license in the Secret. name string Specifies the name of the Secret resource to use. External External defines external connectivity settings in the Helm values. Appears in: RedpandaClusterSpec Field Description addresses string array Specifies addresses for the external listeners to advertise.Provide one entry for each broker in order of StatefulSet replicas. The number of brokers is defined in statefulset.replicas. The values can be IP addresses or DNS names. If external.domain is set, the domain is appended to these values. annotations object (keys:string, values:string) Adds custom annotations to the external Service. domain string Specifies the domain to advertise to external clients. If specified, then it will be appended to the external.addresses values as each broker’s advertised address. enabled boolean Specifies whether the external access is enabled. service ExternalService Configures the external Service resource. sourceRanges string array Source range for external access. Only applicable when external.type is LoadBalancer. type string Specifies the external Service type. Only NodePort and LoadBalancer are supported. If undefined, then advertised listeners will be configured in Redpanda, but the Helm chart will not create a Service. NodePort is recommended in cases where latency is a priority. externalDns ExternalDNS Defines externalDNS configurations. prefixTemplate string Specifies a naming prefix template for external Services. ExternalDNS ExternalDNS configures externalDNS. Appears in: External Field Description enabled boolean Specifies whether externalDNS annotations are added to LoadBalancer Services. If you enable externalDns, each LoadBalancer Service defined in external.type will be annotated with an external-dns hostname that matches external.addresses[i].external.domain. ExternalListener ExternalListener configures settings for the external listeners. Appears in: Admin HTTP Kafka SchemaRegistry Field Description enabled boolean authenticationMethod string Specifies the authentication method for the external listener. For example, 'mtls_identity' or sasl. port integer Specifies the container port number for the external listener. tls ListenerTLS Configures TLS settings for the external listener. advertisedPorts integer array Specifies the network port that the external Service listens on. prefixTemplate string Specifies the template used for generating the advertised addresses of Services. This field accepts a string template that dynamically constructs Service addresses based on various parameters such as Service name and port number. nodePort integer ExternalService ExternalService allows you to enable or disable the creation of an external Service type. Appears in: External Field Description enabled boolean Specifies whether to create the external Service. If set to false, the external Service type is not created. You can still set your cluster with external access but not create the supporting Service. Set this to false to manage your own Service. FsValidator Appears in: InitContainers Field Description enabled boolean expectedFS string extraVolumeMounts string Adds extra volume mounts. resources ResourceRequirements Specifies the resource requirements. HTTP HTTP configures settings for the HTTP Proxy listeners. Appears in: Listeners Field Description authenticationMethod string Specifies the authentication method for the external listener. For example, 'mtls_identity' or sasl. enabled boolean Specifies whether the HTTP Proxy is enabled. external object (keys:string, values:ExternalListener) Defines settings for the external listener. kafkaEndpoint string Configures the listener to use for HTTP connections. For example default for the internal listener. port integer Specifies the container port number for the internal listener. tls ListenerTLS Configures TLS settings for the internal listener. prefixTemplate string Specifies the template used for generating the advertised addresses of Services. This field accepts a string template that dynamically constructs Service addresses based on various parameters such as Service name and port number. HelmUpgrade HelmUpgrade configures the behavior and strategy for Helm chart upgrades. Appears in: ChartRef Field Description remediation UpgradeRemediation Specifies the actions to take on upgrade failures. See https://pkg.go.dev/github.com/fluxcd/helm-controller/api/v2beta1#UpgradeRemediation. force boolean Enables forceful updates during an upgrade. preserveValues boolean Specifies whether to preserve user-configured values during an upgrade. cleanupOnFail boolean Specifies whether to perform cleanup in case of failed upgrades. InitContainerImage InitContainerImage configures the init container image used to perform initial setup tasks before the main containers start. Appears in: Statefulset Field Description repository string tag string InitContainers InitContainers configures the init container used to perform initial setup tasks before the main containers start. Appears in: Statefulset Field Description configurator Configurator extraInitContainers string setDataDirOwnership SetDataDirOwnership Defines the settings related to ownership of the Redpanda data directory in environments where root access is restricted. setTieredStorageCacheDirOwnership SetTieredStorageCacheDirOwnership Defines the settings related to ownership of the Tiered Storage cache in environments where root access is restricted. fsValidator FsValidator Defines the setting for init container that not allow to start Redpanda until filesystem matches tuning Tuning Defines settings for the autotuner tool in Redpanda. The autotuner identifies the hardware configuration in the container and optimizes the Linux kernel to give you the best performance. IssuerRef IssuerRef configures the Issuer or ClusterIssuer resource to use to generate certificates. Requires cert-manager. See https://cert-manager.io/v1.1-docs. Appears in: Certificate Field Description name string Specifies the name of the resource. kind string Specifies the kind of resource. One of Issuer or ClusterIssuer. group string Kafka Kafka configures settings for the Kafka API listeners. Appears in: Listeners Field Description authenticationMethod string Specifies the authentication method for the external listener. For example, 'mtls_identity' or sasl. external object (keys:string, values:ExternalListener) Defines settings for the external listener. port integer Specifies the container port number for the internal listener. tls ListenerTLS Configures TLS settings for the internal listener. prefixTemplate string Specifies the template used for generating the advertised addresses of Services. This field accepts a string template that dynamically constructs Service addresses based on various parameters such as Service name and port number. KafkaAPISpec KafkaAPISpec configures client configuration settings for connecting to Redpanda brokers. Appears in: StaticConfigurationSource TopicSpec Field Description brokers string array Specifies a list of broker addresses in the format <host>:<port> tls CommonTLS Defines TLS configuration settings for Redpanda clusters that have TLS enabled. sasl KafkaSASL Defines authentication configuration settings for Redpanda clusters that have authentication enabled. KafkaSASL KafkaSASL configures credentials to connect to Redpanda cluster that has authentication enabled. Appears in: KafkaAPISpec Field Description username string Specifies the username. passwordSecretRef SecretKeyRef Specifies the password. mechanism SASLMechanism Specifies the SASL/SCRAM authentication mechanism. oauth KafkaSASLOAuthBearer gssapi KafkaSASLGSSAPI awsMskIam KafkaSASLAWSMskIam KafkaSASLAWSMskIam KafkaSASLAWSMskIam is the config for AWS IAM SASL mechanism, see: https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html Appears in: KafkaSASL Field Description accessKey string secretKeySecretRef SecretKeyRef sessionTokenSecretRef SecretKeyRef SessionToken, if non-empty, is a session / security token to use for authentication. See: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html userAgent string UserAgent is the user agent to for the client to use when connecting to Kafka, overriding the default "franz-go/<runtime.Version()>/<hostname>". Setting a UserAgent allows authorizing based on the aws:UserAgent condition key; see the following link for more details: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-useragent KafkaSASLGSSAPI KafkaSASLGSSAPI represents the Kafka Kerberos config. Appears in: KafkaSASL Field Description authType string keyTabPath string kerberosConfigPath string serviceName string username string passwordSecretRef SecretKeyRef realm string enableFast boolean EnableFAST enables FAST, which is a pre-authentication framework for Kerberos. It includes a mechanism for tunneling pre-authentication exchanges using armored KDC messages. FAST provides increased resistance to passive password guessing attacks. KafkaSASLOAuthBearer KafkaSASLOAuthBearer is the config struct for the SASL OAuthBearer mechanism Appears in: KafkaSASL Field Description tokenSecretRef SecretKeyRef LicenseSecretRef LicenseSecretRef is deprecated. Use EnterpriseLicenseSecretRef instead. Appears in: RedpandaClusterSpec Field Description secret_key string Specifies the key that is contains the Enterprise license in the Secret. secret_name string Specifies the name of the Secret. ListenerTLS ListenerTLS configures TLS configuration for each listener in the Helm values. Appears in: Admin ExternalListener HTTP Kafka RPC SchemaRegistry Field Description cert string References a specific certificate for the listener. enabled boolean Specifies whether TLS is enabled for the listener. secretRef string References a Secret resource containing TLS credentials for the listener. Deprecated: Setting SecretRef has no affect and will be removed in future releases. requireClientAuth boolean Indicates whether client authentication (mTLS) is required. trustStore TrustStore TrustStore allows setting the truststore_path on this listener. If specified, this field takes precedence over [Certificate.CAEnabled]. Listeners Listeners configures settings for listeners, including HTTP Proxy, Schema Registry, the Admin API and the Kafka API. See https://docs.redpanda.com/current/manage/kubernetes/networking/configure-listeners/. Appears in: RedpandaClusterSpec Field Description admin Admin Configures settings for the Admin API listeners. http HTTP Configures settings for the HTTP Proxy listeners. kafka Kafka Configures settings for the Kafka API listeners. rpc RPC Configures settings for the RPC API listener. schemaRegistry SchemaRegistry Configures settings for the Schema Registry listeners. LivenessProbe LivenessProbe configures liveness probes to monitor the health of the Pods and restart them if necessary. Appears in: RedpandaConsole Statefulset Field Description failureThreshold integer Sets the number of consecutive failures required to consider a Pod as not live. initialDelaySeconds integer Specifies the time in seconds to wait before the first probe is initiated. periodSeconds integer Determines the frequency in seconds of performing the probe. timeoutSeconds integer successThreshold integer Logging Logging configures logging settings in the Helm values. See https://docs.redpanda.com/current/manage/kubernetes/troubleshooting/troubleshoot/. Appears in: RedpandaClusterSpec Field Description logLevel string Sets the verbosity level of logs. usageStats UsageStats Specifies whether to send usage statistics to Redpanda Data. Memory Memory configures memory resources. Appears in: Resources Field Description container ContainerResources Defines resource limits for containers. enable_memory_locking boolean Enables memory locking. For production, set to true. redpanda RedpandaMemory Allows you to optionally specify the memory size for both the Redpanda process and the underlying reserved memory used by Seastar. MetadataTemplate MetadataTemplate defines additional metadata to associate with a resource. Appears in: ResourceTemplate Field Description labels object (keys:string, values:string) Labels specifies the Kubernetes labels to apply to a managed resource. annotations object (keys:string, values:string) Annotations specifies the Kubernetes annotations to apply to a managed resource. Migration Migration can configure old Cluster and Console custom resource that will be disabled. With Migration the ChartRef and ClusterSpec still need to be correctly configured. Appears in: RedpandaSpec Field Description enabled boolean clusterRef NamespaceNameRef ClusterRef by default will not be able to reach different namespaces, but it can be overwritten by adding ClusterRole and ClusterRoleBinding to operator ServiceAccount. consoleRef NamespaceNameRef ConsoleRef by default will not be able to reach different namespaces, but it can be overwritten by adding ClusterRole and ClusterRoleBinding to operator ServiceAccount. Monitoring Monitoring configures monitoring resources for Redpanda. See https://docs.redpanda.com/current/manage/kubernetes/monitoring/monitor-redpanda/. Appears in: RedpandaClusterSpec Field Description enabled boolean Specifies whether to create a ServiceMonitor that can be used by Prometheus Operator or VictoriaMetrics Operator to scrape the metrics. labels object (keys:string, values:string) Adds custom labels to the ServiceMonitor resource. scrapeInterval string Specifies how often to scrape metrics. tlsConfig RawExtension Specifies tls configuration properties. enableHttp2 boolean Password Password specifies a password for the user. Appears in: UserAuthenticationSpec Field Description value string valueFrom PasswordSource PasswordSource PasswordSource contains the source for a password. Appears in: Password Field Description secretKeyRef SecretKeySelector SecretKeyRef specifies the secret used in reading a User password. If the Secret exists and has a value in it, then that value is used. If the Secret does not exist, or is empty, a password is generated and stored based on this configuration. PatternType (string) PatternType specifies the type of pattern applied for ACL resource matching. Appears in: ACLResourceSpec PersistentVolume PersistentVolume configures configurations for a PersistentVolumeClaim to use to store the Redpanda data directory. Appears in: Storage Tiered Field Description annotations object (keys:string, values:string) Adds annotations to the PersistentVolumeClaims to provide additional information or metadata that can be used by other tools or libraries. enabled boolean Specifies whether to enable the Helm chart to create PersistentVolumeClaims for Pods. labels object (keys:string, values:string) Applies labels to the PersistentVolumeClaims to facilitate identification and selection based on custom criteria. size Quantity Specifies the storage capacity required. storageClass string Specifies the StorageClass for the PersistentVolumeClaims to determine how PersistentVolumes are provisioned and managed. nameOverwrite string Option to change volume claim template name for tiered storage persistent volume if tiered.mountType is set to persistentVolume PodAntiAffinity PodAntiAffinity configures Pod anti-affinity rules to prevent Pods from being scheduled together on the same node. Appears in: Statefulset Field Description topologyKey string TopologyKey specifies the topology key used to spread Pods across different nodes or other topologies. type string Type defines the type of anti-affinity, such as soft or hard. weight integer Weight sets the weight associated with the soft anti-affinity rule. custom RawExtension Custom configures additional custom anti-affinity rules. PodSpec PodSpec is a subset of [corev1.PodSpec] that will be merged into the objects constructed by this helm chart via means of a [strategic merge patch](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/update-api-object-kubectl-patch/#use-a-strategic-merge-patch-to-update-a-deployment). NOTE: At the time of writing, merging is manually implemented for each field. Ideally, a more generally applicable solution should be used. Appears in: PodTemplate Field Description containers Container array securityContext PodSecurityContext PodTemplate PodTemplate will pass label and annotation to Statefulset Pod template. Appears in: PostInstallJob PostUpgradeJob Statefulset Field Description labels object (keys:string, values:string) annotations object (keys:string, values:string) spec PodSpec PostInstallJob PostInstallJob configures configurations for the post-install job that run after installation of the Helm chart. Appears in: RedpandaClusterSpec Field Description resources ResourceRequirements Sets resource requirements (CPU, memory) for the job to ensure proper allocation and limit resource usage. annotations object (keys:string, values:string) Adds annotations to the job to provide additional information or metadata that can be used by other tools or libraries. enabled boolean Specifies whether the job is deployed. labels object (keys:string, values:string) Applies labels to the job to facilitate identification and selection based on custom criteria. affinity Affinity Affinity constraints for scheduling Pods. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). securityContext SecurityContext SecurityContext is deprecated. Prefer [PodTemplate.Spec.SecurityContext] or [PodTemplate.Spec.Containers[*].SecurityContext]. podTemplate PodTemplate PodTemplate is a subset of Kubernetes' PodTemplate that will be merged into this Job’s PodTemplate. PostUpgradeJob PostUpgradeJob configures configurations for the post-upgrade job that run after each upgrade of the Helm chart. Appears in: RedpandaClusterSpec Field Description annotations object (keys:string, values:string) Adds annotations to the job to provide additional information or metadata that can be used by other tools or libraries. enabled boolean Specifies whether the job is deployed. labels object (keys:string, values:string) Applies labels to the job to facilitate identification and selection based on custom criteria. extraEnv EnvVar array Adds environment variables to the job container to configure its runtime behavior. extraEnvFrom EnvFromSource array Specifies environment variables from external sources, such as ConfigMap resources, or Secret resources, to dynamically configure the job. resources ResourceRequirements Sets resource requirements (CPU, memory) for the job to ensure proper allocation and limit resource usage. backoffLimit integer affinity Affinity Affinity constraints for scheduling Pods. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). securityContext SecurityContext SecurityContext is deprecated. Prefer [PodTemplate.Spec.SecurityContext] or [PodTemplate.Spec.Containers[*].SecurityContext]. podTemplate PodTemplate PodTemplate is a subset of Kubernetes' PodTemplate that will be merged into this Job’s PodTemplate. RBAC RBAC configures role-based access control (RBAC). Appears in: RedpandaClusterSpec Field Description annotations object (keys:string, values:string) Adds custom annotations to the RBAC resources. enabled boolean Whether RBAC is enabled. Enable for features that need extra privileges, such as rack awareness. If you use the Redpanda Operator, you must deploy it with the --set rbac.createRPKBundleCRs=true flag to give it the required ClusterRoles. RPC RPC configures settings for the RPC API listeners. Appears in: Listeners Field Description port integer Specifies the container port number for the internal listener. tls ListenerTLS Configures TLS settings for the internal listener. RPControllers RPControllers configures additional controllers that can be deployed as sidecars in rp helm Appears in: SideCars Field Description enabled boolean Specifies whether the Controllers are enabled. resources ResourceRequirements securityContext SecurityContext image RedpandaImage healthProbeAddress string metricsAddress string run string array createRBAC boolean RackAwareness RackAwareness configures rack awareness in the Helm values. See https://docs.redpanda.com/current/manage/kubernetes/kubernetes-rack-awareness/. Appears in: RedpandaClusterSpec Field Description enabled boolean Specifies whether rack awareness is enabled. When enabled, Kubernetes failure zones are treated as racks. Redpanda maps each rack to a failure zone and places partition replicas across them. Requires rbac.enabled set to true. nodeAnnotation string Specifies the key in Node labels or annotations to use to denote failure zones. ReadinessProbe ReadinessProbe configures readiness probes to determine when a Pod is ready to handle traffic. Appears in: RedpandaConsole Statefulset Field Description failureThreshold integer Defines the threshold for how many times the probe can fail before the Pod is marked Unready. initialDelaySeconds integer Sets the initial delay before the readiness probe is initiated, in seconds. periodSeconds integer Configures the period, in seconds, between each readiness check. timeoutSeconds integer successThreshold integer Redpanda Redpanda defines the CRD for Redpanda clusters. Appears in: RedpandaList Field Description apiVersion string cluster.redpanda.com/v1alpha2 kind string Redpanda kind string Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds apiVersion string APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources metadata ObjectMeta Refer to the Kubernetes API documentation for fields of metadata. spec RedpandaSpec Defines the desired state of the Redpanda cluster. status RedpandaStatus Represents the current status of the Redpanda cluster. RedpandaClusterSpec RedpandaClusterSpec defines the desired state of a Redpanda cluster. These settings are the same as those defined in the Redpanda Helm chart. The values in these settings are passed to the Redpanda Helm chart through Flux. For all default values and links to more documentation, see https://docs.redpanda.com/current/reference/redpanda-helm-spec/. For descriptions and default values, see Redpanda Helm Chart Specification. Appears in: RedpandaSpec Field Description nameOverride string Customizes the labels app.kubernetes.io/component=<nameOverride>-statefulset and app.kubernetes.io/name=<nameOverride> on the StatefulSet Pods. The default is redpanda. fullNameOverride string Deprecated: use FullnameOverride (fullnameOverride). fullnameOverride string Customizes the name of the StatefulSet and Services. The default is redpanda. clusterDomain string Customizes the Kubernetes cluster domain. This domain is used to generate the internal domains of the StatefulSet Pods. For details, see https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id. The default is the cluster.local domain. commonLabels object (keys:string, values:string) Assigns custom labels to all resources generated by the Redpanda Helm chart. Specify labels as key/value pairs. nodeSelector object (keys:string, values:string) Specifies on which nodes a Pod should be scheduled. These key/value pairs ensure that Pods are scheduled onto nodes with the specified labels. tolerations Toleration array Specifies tolerations to allow Pods to be scheduled onto nodes where they otherwise wouldn’t. image RedpandaImage Defines the container image settings to use for the Redpanda cluster. imagePullSecrets LocalObjectReference array Specifies credentials for a private image repository. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/. license_key string Deprecated: Use Enterprise instead. license_secret_ref LicenseSecretRef Deprecated: Use EnterpriseLicenseSecretRef instead. enterprise Enterprise Defines an Enterprise license. rackAwareness RackAwareness Defines rack awareness settings. console RedpandaConsole Defines Redpanda Console settings. connectors RedpandaConnectors Defines Redpanda Connector settings. auth Auth Defines authentication settings for listeners. tls TLS Defines TLS settings for listeners. external External Defines external access settings. logging Logging Defines the log level settings. auditLogging AuditLogging Defines the log level settings. resources Resources Defines container resource settings. service Service Defines settings for the headless ClusterIP Service. storage Storage Defines storage settings for the Redpanda data directory and the Tiered Storage cache. post_install_job PostInstallJob Defines settings for the post-install hook, which runs after each install or upgrade. For example, this job is responsible for setting the Enterprise license, if specified. post_upgrade_job PostUpgradeJob Defines settings for the post-upgrade hook, which runs after each update. For example, this job is responsible for setting cluster configuration properties and restarting services such as Schema Registry, if required. statefulset Statefulset Defines settings for the StatefulSet that manages Redpanda brokers. tuning Tuning Defines settings for the autotuner tool in Redpanda. The autotuner identifies the hardware configuration in the container and optimizes the Linux kernel to give you the best performance. listeners Listeners Defines settings for listeners, including HTTP Proxy, Schema Registry, the Admin API and the Kafka API. config Config Defines configuration properties supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these values from the defaults comes with some risk. Use these properties to customize various Redpanda configurations that are not available in the RedpandaClusterSpec. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup. rbac RBAC Defines Role Based Access Control (RBAC) settings. serviceAccount ServiceAccount Defines Service account settings. monitoring Monitoring Defines settings for monitoring Redpanda. force boolean Adds the --force flag in helm upgrade commands. Used for allowing a change of TLS configuration for the RPC listener. Setting force to true will result in a short period of downtime. affinity Affinity Affinity constraints for scheduling Pods, can override this for StatefulSets and Jobs. For details, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). tests Enablable RedpandaConnectors RedpandaConnectors configures Redpanda Connectors. Redpanda Connectors is a package that includes Kafka Connect and built-in connectors, sometimes known as plugins. See https://docs.redpanda.com/current/deploy/deployment-option/self-hosted/kubernetes/k-deploy-connectors/. Appears in: RedpandaClusterSpec Field Description enabled boolean test ConnectorsCreateObj Specifies whether to create Helm tests. monitoring ConnectorMonitoring Specifies monitoring resources connectors RawExtension Connectors specified manual configurations deployment RawExtension Connectors specified manual configurations nameOverride string Specifies a custom name for the Redpanda Console resources, overriding the default naming convention. fullnameOverride string Specifies a full custom name, which overrides the entire naming convention including release name and chart name. commonLabels object (keys:string, values:string) Assigns custom labels to all resources generated by the Connector Helm chart. Specify labels as key/value pairs. tolerations Toleration array Applies tolerations to allow Pods to be scheduled on nodes with matching taints, enabling control over where Pods can run. image RedpandaImage Defines the container image settings to use for the Redpanda cluster. imagePullSecrets LocalObjectReference array Specifies credentials for a private image repository. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/. auth RawExtension Specifies superuser credentials container RawExtension Specifies container information storage RawExtension Specifies storage information logging RawExtension Specifies logging details service RawExtension Specifies service details serviceAccount RawExtension Specifies service account details RedpandaConsole RedpandaConsole configures the Redpanda Console subchart of the Redpanda Helm chart. Use these settings to configure the subchart. For more details on each setting, see the Helm values for the Redpanda Console chart: https://artifacthub.io/packages/helm/redpanda-data/console?modal=values Appears in: RedpandaClusterSpec Field Description enabled boolean Specifies whether the Redpanda Console subchart should be deployed. replicaCount integer Sets the number of replicas for the Redpanda Console Deployment resource. nameOverride string Specifies a custom name for the Redpanda Console resources, overriding the default naming convention. fullnameOverride string Specifies a full custom name, which overrides the entire naming convention including release name and chart name. commonLabels object (keys:string, values:string) priorityClassName string Specifies the priority class name for the Pods that run Redpanda Console. image RawExtension Defines the container image for the Redpanda Console, including the repository, name, and tag. imagePullSecrets RawExtension array Defines Secrets used to pull the container images from a private registry. serviceAccount RawExtension Configures the ServiceAccount used by the Pods that run Redpanda Console. annotations RawExtension podAnnotations RawExtension Adds custom annotations to the Pods that run Redpanda Console. podLabels RawExtension Adds custom labels to the Pods that run Redpanda Console. podSecurityContext RawExtension securityContext RawExtension Sets the security context for the Pods that run Redpanda Console. service RawExtension Configures the Kubernetes Service for Redpanda Console. ingress RawExtension Configures the Kubernetes Ingress resource for Redpanda Console. resources RawExtension Configures resource requests and limits for the Pods that run Redpanda Console. autoscaling RawExtension Configures Horizontal Pod Autoscaling (HPA) for Redpanda Console. nodeSelector RawExtension Specifies Node labels for Pod assignment. tolerations RawExtension array Specifies tolerations for scheduling Pods onto Nodes with taints. affinity RawExtension Defines affinity rules for Pod assignment. topologySpreadConstraints RawExtension Specifies topology spread constraints for Pod placement. extraEnv RawExtension array Adds extra environment variables to the Pods that run Redpanda Console. extraEnvFrom RawExtension array Allows you to add extra environment variables from external resources to the Pods that run Redpanda Console. extraVolumes RawExtension array Adds extra volumes to the Pods that run Redpanda Console. extraVolumeMounts RawExtension array Mounts additional volumes inside the containers that run Redpanda Console. extraContainers RawExtension array Adds extra containers to the Pods that run Redpanda Console. initContainers RawExtension Specifies init containers for the Pods that run Redpanda Console. secretMounts RawExtension array Mounts additional Secret resources inside the containers that run Redpanda Console. configmap ConsoleCreateObj Deprecated: this field exists for storage backwards compatibility and is never used. Prefer ConfigMap (configmap). configMap ConsoleCreateObj Specifies whether a ConfigMap should be created for Redpanda Console. secret RawExtension Specifies whether a Secret should be created for Redpanda Console. deployment RawExtension Specifies whether a Deployment should be created for Redpanda Console. console RawExtension Configures custom settings for Redpanda Console. strategy RawExtension Configures console’s Deployment’s update strategy. enterprise RawExtension Settings for license key, as an alternative to secret.enterprise when a license secret is available automountServiceAccountToken boolean Automount API credentials for the Service Account into the pod. readinessProbe ReadinessProbe Settings for console’s Deployment’s readiness probe. livenessProbe LivenessProbe Settings for console’s Deployment’s liveness probe. tests Enablable Controls the creation of helm tests for console. RedpandaImage RedpandaImage configures the Redpanda container image settings in the Helm values. Appears in: RPControllers RedpandaClusterSpec RedpandaConnectors Field Description repository string Specifies the image repository to pull from. tag string Specifies the image tag. pullPolicy string Specifies the strategy used for pulling images from the repository. For available values, see https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy. RedpandaList RedpandaList contains a list of Redpanda objects. Field Description apiVersion string cluster.redpanda.com/v1alpha2 kind string RedpandaList kind string Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds apiVersion string APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources metadata ListMeta Refer to the Kubernetes API documentation for fields of metadata. items Redpanda array Specifies a list of Redpanda resources. RedpandaMemory RedpandaMemory allows you to optionally specify the memory size for both the Redpanda process and the underlying reserved memory used by Seastar. This section is omitted by default, and memory sizes are calculated automatically based on container memory. Configuring this section and setting memory and reserveMemory values will disable automatic calculation. If you are setting the following values manually, keep in mind the following guidelines. Getting this wrong may lead to performance issues, instability, and loss of data: The amount of memory to allocate to a container is determined by the sum of three values: Redpanda (at least 2Gi per core, ~80% of the container’s total memory) Seastar subsystem (200Mi * 0.2% of the container’s total memory, 200Mi < x < 1Gi) Other container processes (whatever small amount remains) Appears in: Memory Field Description memory Quantity Memory for the Redpanda process. This must be lower than the container’s memory (resources.memory.container.min if provided, otherwise resources.memory.container.max). Equivalent to --memory. For production, use 8Gi or greater. reserveMemory Quantity Memory reserved for the Seastar subsystem. Any value above 1Gi will provide diminishing performance benefits. Equivalent to --reserve-memory. For production, use 1Gi. RedpandaSpec RedpandaSpec defines the desired state of the Redpanda cluster. Appears in: Redpanda Field Description chartRef ChartRef Defines chart details, including the version and repository. clusterSpec RedpandaClusterSpec Defines the Helm values to use to deploy the cluster. migration Migration Deprecated and Removed in v2.2.3-24.2.X. Downgrade to v2.2.2-24.2.4 perform the migration RedpandaStatus RedpandaStatus defines the observed state of Redpanda Appears in: Redpanda Field Description observedGeneration integer Specifies the last observed generation. lastHandledReconcileAt string LastHandledReconcileAt holds the value of the most recent reconcile request value, so a change of the annotation value can be detected. conditions Condition array Conditions holds the conditions for the Redpanda. lastAppliedRevision string LastAppliedRevision is the revision of the last successfully applied source. lastAttemptedRevision string LastAttemptedRevision is the revision of the last reconciliation attempt. helmRelease string helmReleaseReady boolean helmRepository string helmRepositoryReady boolean upgradeFailures integer failures integer Failures is the reconciliation failure count against the latest desired state. It is reset after a successful reconciliation. installFailures integer decommissioningNode integer ManagedDecommissioningNode indicates that a node is currently being decommissioned from the cluster and provides its ordinal number. ResourceTemplate ResourceTemplate specifies additional configuration for a resource. Appears in: UserTemplateSpec Field Description metadata MetadataTemplate Refer to the Kubernetes API documentation for fields of metadata. ResourceType (string) ResourceType specifies the type of resource an ACL is applied to. Appears in: ACLResourceSpec Resources Resources configures resource allocation. The default values are for a development environment. Production-level values and other considerations are documented, where those values are different from the default. Appears in: RedpandaClusterSpec Field Description cpu CPU Specifies the number of CPU cores. memory Memory Specifies the amount of memory. SASL SASL configures SASL authentication in the Helm values. Appears in: Auth Field Description enabled boolean Enables SASL authentication. If you enable SASL authentication, you must provide a Secret name in secretRef. mechanism string Specifies the default authentication mechanism to use for superusers. Options are SCRAM-SHA-256 and SCRAM-SHA-512. secretRef string If users is empty, secretRef specifies the name of the Secret that contains your superuser credentials in the format <username>:<password>:<optional-authentication-mechanism>. Otherwise, secretRef specifies the name of the Secret that the chart creates to store the credentials in users. users UsersItems array Specifies a list of superuser credentials. bootstrapUser BootstrapUser Specifies configuration about the bootstrap user. SASLMechanism (string) SASLMechanism specifies a SASL auth mechanism. Appears in: AdminSASL KafkaSASL UserAuthenticationSpec SchemaRegistry SchemaRegistry configures settings for the Schema Registry listeners. Appears in: Listeners Field Description authenticationMethod string Specifies the authentication method for the external listener. For example, 'mtls_identity' or sasl. enabled boolean Specifies whether the Schema Registry is enabled. external object (keys:string, values:ExternalListener) Defines settings for the external listener. kafkaEndpoint string Configures the listener to use for HTTP connections. For example default for the internal listener. port integer Specifies the container port number for the internal listener. tls ListenerTLS Configures TLS settings for the internal listener. SecretKeyRef SecretKeyRef contains enough information to inspect or modify the referred Secret data See https://pkg.go.dev/k8s.io/api/core/v1#ObjectReference. Appears in: AdminSASL CommonTLS KafkaSASL KafkaSASLAWSMskIam KafkaSASLGSSAPI KafkaSASLOAuthBearer Field Description name string Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names key string Key in Secret data to get value from SecretRef SecretRef configures the Secret resource that contains existing TLS certificates. Appears in: Certificate Field Description name string Specifies the name of the Secret resource. SecretWithConfigField Appears in: CredentialSecretRef Field Description key string name string configurationKey string Service Appears in: RedpandaClusterSpec Field Description name string internal ServiceInternal ServiceAccount ServiceAccount configures Service Accounts. Appears in: RedpandaClusterSpec Field Description annotations object (keys:string, values:string) Adds custom annotations to the ServiceAccount resources. create boolean Specifies whether a ServiceAccount should be created. name string Specifies the name of the ServiceAccount. ServiceInternal Appears in: Service Field Description annotations object (keys:string, values:string) SetDataDirOwnership SetDataDirOwnership defines the settings related to ownership of the Redpanda data directory in environments where root access is restricted. Appears in: InitContainers Field Description enabled boolean Specifies whether to enable root access. Enable only in environments where root access is not allowed, such as minikube. extraVolumeMounts string Adds extra volume mounts. resources ResourceRequirements Specifies the resource requirements. SetTieredStorageCacheDirOwnership SetTieredStorageCacheDirOwnership configures the settings related to ownership of the Tiered Storage cache in environments where root access is restricted. Appears in: InitContainers Field Description extraVolumeMounts string resources ResourceRequirements SideCarObj SideCarObj represents a generic sidecar object. This is a placeholder for now. Appears in: SideCars Field Description enabled boolean resources ResourceRequirements securityContext SecurityContext SideCars SideCars configures the additional sidecar containers that run alongside the main Redpanda container in the Pod. Appears in: Statefulset Field Description configWatcher ConfigWatcher Configures the config-watcher sidecar. The config-watcher sidecar polls the Secret resource in auth.sasl.secretRef for changes and triggers a rolling upgrade to add the new superusers to the Redpanda cluster. rpkStatus SideCarObj controllers RPControllers StartupProbe StartupProbe configures the startup probe to determine when the Redpanda application within the Pod has started successfully. Appears in: Statefulset Field Description failureThreshold integer Determines the failure threshold to mark the application in the Pod as not started. initialDelaySeconds integer Specifies the delay in seconds before the startup probe begins. periodSeconds integer Sets the period in seconds for conducting subsequent probes. timeoutSeconds integer successThreshold integer Statefulset Statefulset defines configurations for the StatefulSet in Helm values. Appears in: RedpandaClusterSpec Field Description additionalSelectorLabels object (keys:string, values:string) additionalRedpandaCmdFlags string array Includes additional command flags for Redpanda at startup to customize its runtime behavior. annotations object (keys:string, values:string) Adds annotations to the StatefulSet to provide additional information or metadata. Please use PodTemplate to add additional annotation or labels for Pods managed by Statefulset. podTemplate PodTemplate PodTemplate is a subset of Kubernetes' PodTemplate that will be merged into this StatefulSet’s PodTemplate. budget Budget Defines the management of disruptions affecting the Pods in the StatefulSet. extraVolumeMounts string Specifies extra volume mounts for the Pods. extraVolumes string Defines additional volumes for the Pods. initContainerImage InitContainerImage Defines the init container image used to perform initial setup tasks before the main containers start. initContainers InitContainers Configures the init container used to perform initial setup tasks before the main containers start. livenessProbe LivenessProbe Defines liveness probes to monitor the health of the Pods and restart them if necessary. nodeSelector object (keys:string, values:string) Applies node selectors to schedule Pods on specific nodes based on labels. podAffinity PodAffinity Defines Pod affinity rules to influence the scheduling and placement of Pods relative to other Pods. podAntiAffinity PodAntiAffinity Defines Pod anti-affinity rules to prevent Pods from being scheduled together on the same node. priorityClassName string Defines the priority class name to assign priority levels to the Pods, influencing their scheduling order. readinessProbe ReadinessProbe Defines readiness probes to determine when a Pod is ready to handle traffic. replicas integer Specifies the number of replicas to determine the desired number of Pods (Redpanda brokers) in the StatefulSet. securityContext SecurityContext Sets a security context for the Pods to define privilege and access control settings. sideCars SideCars Defines the additional sidecar containers that run alongside the main Redpanda container in the Pod. skipChown boolean Specifies whether to skip the changing of file ownership (chown) during Pod initialization. startupProbe StartupProbe Configures the startup probe to determine when the Redpanda application within the Pod has started successfully. tolerations Toleration array Applies tolerations to allow Pods to be scheduled on nodes with matching taints, enabling control over where Pods can run. topologySpreadConstraints TopologySpreadConstraints array Defines topology spread constraints to control how Pods are spread across different topology domains. updateStrategy UpdateStrategy Defines the update strategy for the StatefulSet to manage how updates are rolled out to the Pods. terminationGracePeriodSeconds integer Specifies the termination grace period in seconds to control the time delay before forcefully terminating a Pod. StaticConfigurationSource StaticConfigurationSource configures connections to a Redpanda cluster via hard-coded connection strings and manually configured TLS and authentication parameters. Appears in: ClusterSource Field Description kafka KafkaAPISpec Kafka is the configuration information for communicating with the Kafka API of a Redpanda cluster where the object should be created. admin AdminAPISpec AdminAPISpec is the configuration information for communicating with the Admin API of a Redpanda cluster where the object should be created. Storage Storage configures storage-related settings in the Helm values. See https://docs.redpanda.com/current/manage/kubernetes/storage/. Appears in: RedpandaClusterSpec Field Description hostPath string Specifies the absolute path on the worker node to store the Redpanda data directory. If unspecified, then an emptyDir volume is used. If specified but persistentVolume.enabled is true, storage.hostPath has no effect. persistentVolume PersistentVolume Configures a PersistentVolumeClaim (PVC) template to create for each Pod. This PVC is used to store the Redpanda data directory. tiered Tiered Configures storage for the Tiered Storage cache. TLS TLS configures TLS in the Helm values. See https://docs.redpanda.com/current/manage/kubernetes/security/tls/. Appears in: RedpandaClusterSpec Field Description certs object (keys:string, values:Certificate) Lists all available certificates in the cluster. You can reference a specific certificate’s name in each listener’s listeners.<listener name>.tls.cert setting. enabled boolean Enables TLS globally for all listeners. Each listener must include a certificate name in its <listener>.tls object. To allow you to enable TLS for individual listeners, certificates are always loaded, even if TLS is disabled. Tiered Tiered configures storage for the Tiered Storage cache. See https://docs.redpanda.com/current/manage/kubernetes/tiered-storage-kubernetes/. Appears in: Storage Field Description mountType string mountType can be one of: none: Does not mount a volume. Tiered storage will use the same volume as the one defined for the Redpanda data directory. hostPath: Uses the path specified in hostPath on the worker node that the Pod is running on. emptyDir: Mounts an empty directory every time the Pod starts. persistentVolume: Creates and mounts a PersistentVolumeClaim using the template defined in persistentVolume. hostPath string Specifies the absolute path on the worker node to store the Tiered Storage cache. persistentVolume PersistentVolume Configures a PersistentVolumeClaim (PVC) template to create for each Pod. This PVC is used to store the Tiered Storage cache. config TieredConfig Configures Tiered Storage, which requires an Enterprise license configured in enterprise.licenseKey or enterprised.licenseSecretRef. credentialsSecretRef CredentialSecretRef CredentialSecretRef can be used to set cloud_storage_secret_key and/or cloud_storage_access_key from referenced Kubernetes Secret TieredConfig TieredConfig configures Tiered Storage, which requires an Enterprise license configured in enterprise.licenseKey or enterprise.licenseSecretRef.TieredConfig is a top-level field of the Helm values. Appears in: Tiered Field Description cloud_storage_enabled JSONBoolean Enables Tiered Storage, if a license key is provided. See https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_enabled. cloud_storage_api_endpoint string See https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_api_endpoint. cloud_storage_api_endpoint_port integer See https://docs.redpanda.com/current/reference/cluster-properties/#cloud_storage_api_endpoint_port. cloud_storage_bucket string See https://docs.redpanda.com/current/reference/cluster-properties/#cloud_storage_bucket. cloud_storage_azure_container string See https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_azure_container. cloud_storage_azure_managed_identity_id string See https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_azure_managed_identity_id. cloud_storage_azure_storage_account string See https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_azure_storage_account. cloud_storage_azure_shared_key string See https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_azure_shared_key. cloud_storage_azure_adls_endpoint string See https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_azure_adls_endpoint. cloud_storage_azure_adls_port integer See https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_azure_adls_port. cloud_storage_cache_check_interval integer See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_cache_check_interval. cloud_storage_cache_directory string See https://docs.redpanda.com/current/reference/node-properties/#cloud_storage_cache_directory. cloud_storage_cache_size string See https://docs.redpanda.com/current/reference/cluster-properties/#cloud_storage_cache_size. cloud_storage_credentials_source string See https://docs.redpanda.com/current/reference/cluster-properties/#cloud_storage_credentials_source. cloud_storage_disable_tls boolean See https://docs.redpanda.com/current/reference/cluster-properties/#cloud_storage_disable_tls. cloud_storage_enable_remote_read boolean See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_enable_remote_read. cloud_storage_enable_remote_write boolean See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_enable_remote_write. cloud_storage_initial_backoff_ms integer See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_initial_backoff_ms. cloud_storage_manifest_upload_timeout_ms integer See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_manifest_upload_timeout_ms. cloud_storage_max_connection_idle_time_ms integer See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_max_connection_idle_time_ms. cloud_storage_max_connections integer See https://docs.redpanda.com/current/reference/cluster-properties/#cloud_storage_max_connections. cloud_storage_reconciliation_interval_ms integer Deprecated: See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_reconciliation_interval_ms. cloud_storage_region string See https://docs.redpanda.com/current/reference/cluster-properties/#cloud_storage_region. cloud_storage_segment_max_upload_interval_sec integer See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_segment_max_upload_interval_sec. cloud_storage_segment_upload_timeout_ms integer See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_segment_upload_timeout_ms. cloud_storage_trust_file string See https://docs.redpanda.com/current/reference/cluster-properties/#cloud_storage_trust_file. cloud_storage_upload_ctrl_d_coeff integer See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_upload_ctrl_d_coeff. cloud_storage_upload_ctrl_max_shares integer See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_upload_ctrl_max_shares. cloud_storage_upload_ctrl_min_shares integer See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_upload_ctrl_min_shares. cloud_storage_upload_ctrl_p_coeff integer See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_upload_ctrl_p_coeff. cloud_storage_upload_ctrl_update_interval_ms integer See https://docs.redpanda.com/current/reference/tunable-properties/#cloud_storage_upload_ctrl_update_interval_ms. Topic Topic defines the CRD for Topic resources. See https://docs.redpanda.com/current/manage/kubernetes/manage-topics/. Appears in: TopicList Field Description apiVersion string cluster.redpanda.com/v1alpha2 kind string Topic kind string Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds apiVersion string APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources metadata ObjectMeta Refer to the Kubernetes API documentation for fields of metadata. spec TopicSpec Defines the desired state of the Topic resource. status TopicStatus Represents the current status of the Topic resource. TopicList TopicList contains a list of Topic objects. Field Description apiVersion string cluster.redpanda.com/v1alpha2 kind string TopicList kind string Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds apiVersion string APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources metadata ListMeta Refer to the Kubernetes API documentation for fields of metadata. items Topic array Specifies a list of Topic resources. TopicSpec TopicSpec defines the desired state of the topic. See https://docs.redpanda.com/current/manage/kubernetes/manage-topics/. Appears in: Topic Field Description partitions integer Specifies the number of topic shards that are distributed across the brokers in a cluster. This number cannot be decreased after topic creation. It can be increased after topic creation, but it is important to understand the consequences that has, especially for topics with semantic partitioning. When absent this will default to the Redpanda cluster configuration default_topic_partitions. See https://docs.redpanda.com/docs/reference/cluster-properties/#default_topic_partitions and https://docs.redpanda.com/docs/get-started/architecture/#partitions replicationFactor integer Specifies the number of replicas the topic should have. Must be odd value. When absent this will default to the Redpanda cluster configuration default_topic_replications. See https://docs.redpanda.com/docs/reference/cluster-properties/#default_topic_replications. overwriteTopicName string Changes the topic name from the value of metadata.name. additionalConfig object (keys:string, values:string) Adds extra topic configurations. This is a free-form map of any configuration options that topics can have. Examples: cleanup.policy=compact redpanda.remote.write=true redpanda.remote.read=true redpanda.remote.recovery=true redpanda.remote.delete=true cluster ClusterSource ClusterSource is a reference to the cluster where the user should be created. It is used in constructing the client created to configure a cluster. kafkaApiSpec KafkaAPISpec Defines client configuration for connecting to Redpanda brokers. Deprecated: Use cluster.staticConfiguration.kafkaApiSpec if explicit connection configuration is required. Otherwise, prefer cluster.clusterRef. metricsNamespace string Overwrites the fully-qualified name of the metric. This should be easier to identify if multiple operator instances runs inside the same Kubernetes cluster. By default, it is set to redpanda-operator. interval Duration Defines when the topic controller will schedule the next reconciliation. Default is 3 seconds. TopicStatus TopicStatus defines the observed state of the Topic resource. Appears in: Topic Field Description observedGeneration integer ObservedGeneration is the last observed generation of the Topic. conditions Condition array Conditions holds the conditions for the Topic. topicConfiguration Configuration array TopicConfiguration is the last snapshot of the topic configuration during successful reconciliation. TopologySpreadConstraints TopologySpreadConstraints configures topology spread constraints to control how Pods are spread across different topology domains. Appears in: Statefulset Field Description maxSkew integer Defines the maximum skew between the number of Pods in any two topology domains. topologyKey string Specifies the topology key to use for spreading Pods. whenUnsatisfiable string Sets the policy for how to handle unsatisfiable constraints, such as DoNotSchedule or ScheduleAnyway. Tuning Tuning configures settings for the autotuner tool in Redpanda. The autotuner identifies the hardware configuration in the container and optimizes the Linux kernel to give you the best performance. Appears in: InitContainers RedpandaClusterSpec Field Description extraVolumeMounts string Configures additional volume mounts for the Pod. resources ResourceRequirements Sets resource requirements such as CPU and memory limits. ballast_file_path string Specifies the file path for ballast file. A ballast file is an empty file that takes up disk space. If Redpanda runs out of disk space and becomes unavailable, you can delete the ballast file as a last resort. This clears up some space and gives you time to delete topics or records and change your retention properties. ballast_file_size string Defines the size of the ballast file. tune_aio_events boolean Specifies whether to increase the number of allowed asynchronous IO events. tune_ballast_file boolean Specifies whether to create the ballast file. tune_clocksource boolean Specifies whether to synchronize NTP. well_known_io string Specifies the vendor, VM type, and storage device type that Redpanda runs on, in the format <vendor>:<vm>:<storage>. This hints to Redpanda which configuration values it should use for the Redpanda IO scheduler. UpdateStrategy UpdateStrategy configures the update strategy for the StatefulSet to manage how updates are rolled out to the Pods. Appears in: Statefulset Field Description type string Defines the strategy type for updating the StatefulSet, such as RollingUpdate or OnDelete. UsageStats UsageStats configures the reporting of usage statistics. Redpanda Data uses these metrics to learn how the software is used, which can guide future improvements. Appears in: Logging Field Description enabled boolean Specifies whether usage reporting is enabled. organization string Specifies the name of the organization using the software. This can be useful for identifying and segmenting usage data by organization, if usage reporting is enabled. Deprecated: This value is no longer respected in the redpanda helm chart and will be removed in a future version. clusterId string Specifies the ID of your Redpanda cluster. User User defines the CRD for a Redpanda user. Appears in: UserList Field Description apiVersion string cluster.redpanda.com/v1alpha2 kind string User kind string Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds apiVersion string APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources metadata ObjectMeta Refer to the Kubernetes API documentation for fields of metadata. spec UserSpec Defines the desired state of the Redpanda user. status UserStatus Represents the current status of the Redpanda user. UserAuthenticationSpec UserAuthenticationSpec defines the authentication mechanism enabled for this Redpanda user. Appears in: UserSpec Field Description type SASLMechanism password Password Password specifies where a password is read from. UserAuthorizationSpec UserAuthorizationSpec defines authorization rules for this user. Appears in: UserSpec Field Description type AuthorizationType acls ACLRule array List of ACL rules which should be applied to this user. UserList UserList contains a list of Redpanda user objects. Field Description apiVersion string cluster.redpanda.com/v1alpha2 kind string UserList kind string Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds apiVersion string APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources metadata ListMeta Refer to the Kubernetes API documentation for fields of metadata. items User array Specifies a list of Redpanda user resources. UserSpec UserSpec defines the configuration of a Redpanda user. Appears in: User Field Description cluster ClusterSource ClusterSource is a reference to the cluster where the user should be created. It is used in constructing the client created to configure a cluster. authentication UserAuthenticationSpec Authentication defines the authentication information for a user. If no Authentication credentials are specified, then no user will be created. This is useful when wanting to manage ACLs for an already-existing user. authorization UserAuthorizationSpec Authorization rules defined for this user. template UserTemplateSpec Template to specify how user secrets are generated. UserStatus UserStatus defines the observed state of a Redpanda user Appears in: User Field Description observedGeneration integer Specifies the last observed generation. conditions Condition array Conditions holds the conditions for the Redpanda user. managedAcls boolean ManagedACLs returns whether the user has managed ACLs that need to be cleaned up. managedUser boolean ManagedUser returns whether the user has a managed SCRAM user that need to be cleaned up. UserTemplateSpec UserTemplateSpec defines the template metadata (labels and annotations) for any subresources, such as Secrets, created by a User object. Appears in: UserSpec Field Description secret ResourceTemplate Specifies how the Secret with a user password is generated. UsersItems UsersItems configures a list of superusers in the Helm values. Appears in: SASL Field Description mechanism string Specifies the authentication mechanism to use for superusers. Overrides the default in SASL. Options are SCRAM-SHA-256 and SCRAM-SHA-512. name string Specifies the name of the superuser. password string Specifies the superuser password. Back to top × Simple online edits For simple changes, such as fixing a typo, you can edit the content directly on GitHub. Edit on GitHub Or, open an issue to let us know about something that you want us to change. Open an issue Contribution guide For extensive content updates, or if you prefer to work locally, read our contribution guide . Was this helpful? thumb_up thumb_down group Ask in the community mail Share your feedback group_add Make a contribution Kubernetes Custom Resource Definitions Monitoring Metrics