cluster.redpanda.com/v1alpha2

Package v1alpha2 defines the v1alpha2 schema for the Redpanda API. It is part of an evolving API architecture, representing an initial stage that may be subject to change based on user feedback and further development.

ACLOperation (string)

ACLOperation specifies the type of operation for an ACL.

Appears in:

ACLResourceSpec

ACLResourceSpec indicates the resource for which given ACL rule applies.

Appears in:
Field Description

Type specifies the type of resource an ACL is applied to. Valid values:
- topic
- group
- cluster
- transactionalId

name string

Name of resource for which given ACL rule applies. If using type cluster this must not be specified.
Can be combined with patternType field to use prefix pattern.

patternType PatternType

Describes the pattern used in the resource field. The supported types are literal
and prefixed. With literal pattern type, the resource field will be used as a definition
of a full topic name. With prefix pattern type, the resource name will be used only as
a prefix. Prefixed patterns can only be specified when using types topic, group, or
transactionalId. Default value is literal. Valid values:
- literal
- prefixed

ACLRule

ACLRule defines an ACL rule applied to the given user.

Appears in:
Field Description

type ACLType

Type specifies the type of ACL rule to create. Valid values are:
- allow
- deny

resource ACLResourceSpec

Indicates the resource for which given ACL rule applies.

host string

The host from which the action described in the ACL rule is allowed or denied.
If not set, it defaults to *, allowing or denying the action from any host.

operations ACLOperation array

List of operations which will be allowed or denied. Valid values are resource type dependent, but include:
- Read
- Write
- Delete
- Alter
- Describe
- IdempotentWrite
- ClusterAction
- Create
- AlterConfigs
- DescribeConfigs

ACLType (string)

ACLType specifies the type, either allow or deny of an ACL rule.

Appears in:

Admin

Admin configures settings for the Admin API listeners.

Appears in:
Field Description

external object (keys:string, values:ExternalListener)

Defines settings for the external listener.

port integer

Specifies the container port number for the internal listener.

Configures TLS settings for the internal listener.

appProtocol string

AdminAPISpec

AdminAPISpec defines client configuration for connecting to Redpanda’s admin API.

Field Description

urls string array

Specifies a list of broker addresses in the format <host>:<port>

tls CommonTLS

Defines TLS configuration settings for Redpanda clusters that have TLS enabled.

sasl AdminSASL

Defines authentication configuration settings for Redpanda clusters that have authentication enabled.

AdminSASL

AdminSASL configures credentials to connect to Redpanda cluster that has authentication enabled.

Appears in:
Field Description

username string

Specifies the username.

passwordSecretRef SecretKeyRef

Specifies the password.

mechanism SASLMechanism

Specifies the SASL/SCRAM authentication mechanism.

token SecretKeyRef

Specifies token for token-based authentication (only used if no username/password are provided).

AuditLogging

AuditLogging configures how to perform audit logging for a redpanda cluster

Appears in:
Field Description

enabled boolean

Specifies whether to enable audit logging or not

listener string

Kafka external listener name, note that it must have authenticationMethod set to sasl

partitions integer

Integer value defining the number of partitions used by a newly created audit topic

enabledEventTypes string array

Event types that should be captured by audit logs

excludedTopics string array

List of topics to exclude from auditing

excludedPrincipals string array

List of principals to exclude from auditing

clientMaxBufferSize integer

Defines the number of bytes (in bytes) allocated by the internal audit client for audit messages.

queueDrainIntervalMs integer

In ms, frequency in which per shard audit logs are batched to client for write to audit log.

queueMaxBufferSizePerShard integer

Defines the maximum amount of memory used (in bytes) by the audit buffer in each shard

replicationFactor integer

Defines the replication factor for a newly created audit log topic. This configuration applies
only to the audit log topic and may be different from the cluster or other topic configurations.
This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided,
Redpanda will use the internal_topic_replication_factor cluster config value. Default is null

Auth

Appears in:
Field Description

sasl SASL

Configures SASL authentication in the Helm values.

AuthorizationType (string)

AuthorizationType specifies the type of authorization to use in creating a user.

Appears in:

BootstrapUser

BootstrapUser configures the user used to bootstrap Redpanda when SASL is enabled.

Appears in:
Field Description

name string

Name specifies the name of the bootstrap user created for the cluster, if unspecified
defaults to "kubernetes-controller".

secretKeyRef invalid type

Specifies the location where the generated password will be written or a pre-existing
password will be read from.

mechanism string

Specifies the authentication mechanism to use for the bootstrap user. Options are SCRAM-SHA-256 and SCRAM-SHA-512.

Budget

Budget configures the management of disruptions affecting the Pods in the StatefulSet.

Appears in:
Field Description

maxUnavailable integer

Defines the maximum number of Pods that can be unavailable during a voluntary disruption.

CPU

CPU configures CPU resources for containers. See https://docs.redpanda.com/current/manage/kubernetes/manage-resources/.

Appears in:
Field Description

cores invalid type

Specifies the number of CPU cores available to the application. Redpanda makes use of a thread per core model. For details, see https://docs.redpanda.com/current/get-started/architecture/#thread-per-core-model. For this reason, Redpanda should only be given full cores. Note: You can increase cores, but decreasing cores is not currently supported. See the GitHub issue:https://github.com/redpanda-data/redpanda/issues/350. This setting is equivalent to --smp, resources.requests.cpu, and resources.limits.cpu. For production, use 4 or greater.

overprovisioned boolean

Specifies whether Redpanda assumes it has all of the provisioned CPU. This should be true unless the container has CPU affinity. Equivalent to: --idle-poll-time-us 0, --thread-affinity 0, and --poll-aio 0. If the value of full cores in resources.cpu.cores is less than 1, this setting is set to true.

Certificate

Certificate configures TLS certificates.

Appears in:
Field Description

issuerRef IssuerRef

Specify the name of an existing Issuer or ClusterIssuer resource to use to generate certificates. Requires cert-manager. See https://cert-manager.io/v1.1-docs.

secretRef SecretRef

Specify the name of an existing Secret resource that contains your TLS certificate.

clientSecretRef SecretRef

Specify the name of an existing Secret resource that contains your client TLS certificate.

duration invalid type

Specifies the validity duration of certificates generated with issuerRef.

caEnabled boolean

Specifies whether to include the ca.crt file in the trust stores of all listeners. Set to true only for certificates that are not authenticated using public certificate authorities (CAs).

applyInternalDNSNames boolean

Specifies you wish to have Kubernetes internal dns names (IE the headless service of the redpanda StatefulSet) included in dnsNames of the certificate even, when supplying an issuer.

enabled boolean

ChartRef

Appears in:
Field Description

chartName string

Specifies the name of the chart to deploy.

chartVersion string

Defines the version of the Redpanda Helm chart to deploy.

helmRepositoryName string

Defines the chart repository to use. Defaults to redpanda if not defined.

timeout invalid type

Specifies the time to wait for any individual Kubernetes operation (like Jobs
for hooks) during Helm actions. Defaults to 15m0s.

upgrade HelmUpgrade

Defines how to handle upgrades, including failures.

useFlux boolean

Beta Feature

Setting the useFlux flag to false disables the Helm controller’s reconciliation of the Helm chart.
This ties the operator to a specific version of the Go-based Redpanda Helm chart, causing all other
ChartRef fields to be ignored.

Before disabling useFlux, ensure that your chartVersion is aligned with 5.9.15 or the corresponding
version of the Redpanda chart.

Note: When useFlux is set to false, RedpandaStatus may become inaccurate if the HelmRelease is
manually deleted.

To dynamically switch Flux controllers (HelmRelease and HelmRepository), setting useFlux to false
will suspend these resources instead of removing them.

ClusterRef

ClusterRef represents a reference to a cluster that is being targeted.

Appears in:
Field Description

name string

Name specifies the name of the cluster being referenced.

ClusterSource

ClusterSource defines how to connect to a particular Redpanda cluster.

Field Description

clusterRef ClusterRef

ClusterRef is a reference to the cluster where the object should be created.
It is used in constructing the client created to configure a cluster.
This takes precedence over StaticConfigurationSource.

staticConfiguration StaticConfigurationSource

StaticConfiguration holds connection parameters to Kafka and Admin APIs.

CommonTLS

CommonTLS specifies TLS configuration settings for Redpanda clusters that have authentication enabled.

Field Description

caCertSecretRef SecretKeyRef

CaCert is the reference for certificate authority used to establish TLS connection to Redpanda

certSecretRef SecretKeyRef

Cert is the reference for client public certificate to establish mTLS connection to Redpanda

keySecretRef SecretKeyRef

Key is the reference for client private certificate to establish mTLS connection to Redpanda

insecureSkipTlsVerify boolean

InsecureSkipTLSVerify can skip verifying Redpanda self-signed certificate when establish TLS connection to Redpanda

CompatibilityLevel (string)

Appears in:

Config

Config configures Redpanda config properties supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these values from the defaults comes with some risk. Use these properties to customize various Redpanda configurations that are not available in the RedpandaClusterSpec. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup.

Appears in:
Field Description

rpk invalid type

Specifies cluster configuration properties. See https://docs.redpanda.com/current/reference/cluster-properties/.

cluster invalid type

Specifies cluster configuration properties. See https://docs.redpanda.com/current/reference/cluster-properties/.

node invalid type

Specifies broker configuration properties. See https://docs.redpanda.com/current/reference/node-properties/.

tunable invalid type

Specifies tunable configuration properties. See https://docs.redpanda.com/current/reference/tunable-properties/.

schema_registry_client invalid type

Specifies tunable configuration properties. See https://docs.redpanda.com/current/reference/tunable-properties/.

pandaproxy_client invalid type

Specifies tunable configuration properties. See https://docs.redpanda.com/current/reference/tunable-properties/.

ConfigSynonyms

Appears in:
Field Description

name string

value string

source string

unknownTags object (keys:string, values:string)

UnknownTags are tags Kafka sent that we do not know the purpose of.

ConfigWatcher

ConfigWatcher configures a sidecar that watches for changes to the Secret in auth.sasl.secretRef and applies the changes to the Redpanda cluster.

Appears in:
Field Description

enabled boolean

Specifies whether the sidecar is enabled.

extraVolumeMounts string

Specifies additional volumes to mount to the sidecar.

resources invalid type

Specifies resource requests for the sidecar container.

securityContext invalid type

Specifies the container’s security context, including privileges and access levels of the container and its processes.

Configuration

Appears in:
Field Description

name string

Name is a key this entry corresponds to (e.g. segment.bytes).

value string

Value is the value for this config key. If the key is sensitive,
the value will be null.

readOnly boolean

ReadOnly signifies whether this is not a dynamic config option.

Note that this field is not always correct, and you may need to check
whether the Source is any dynamic enum. See franz-go#91 for more details.

isDefault boolean

IsDefault is whether this is a default config option. This has been
replaced in favor of Source.

source string

Source is where this config entry is from.

This field has a default of -1.

isSensitive boolean

IsSensitive signifies whether this is a sensitive config key, which
is either a password or an unknown type.

configSynonyms ConfigSynonyms array

ConfigSynonyms contains fallback key/value pairs for this config
entry, in order of preference. That is, if a config entry is both
dynamically configured and has a default, the top level return will be
the dynamic configuration, while its "synonym" will be the default.

configType string

ConfigType specifies the configuration data type.

documentation string

Documentation is optional documentation for the config entry.

unknownTags object (keys:string, values:string)

UnknownTags are tags Kafka sent that we do not know the purpose of.

Configurator

Appears in:
Field Description

extraVolumeMounts string

resources invalid type

ConnectorMonitoring

ConnectorMonitoring configures monitoring resources for Connectors. See https://docs.redpanda.com/current/manage/kubernetes/monitoring/monitor-redpanda/.

Appears in:
Field Description

enabled boolean

Specifies whether to create a ServiceMonitor that can be used by Prometheus Operator or VictoriaMetrics Operator to scrape the metrics.

labels object (keys:string, values:string)

Adds custom labels to the ServiceMonitor resource.

scrapeInterval string

Specifies how often to scrape metrics.

annotations object (keys:string, values:string)

Adds custom Annotations to the ServiceMonitor resource.

namespaceSelector invalid type

Adds custom namespaceSelector to monitoring resources

ConnectorsCreateObj

ConnectorsCreateObj configures Kubernetes resources for Redpanda Connectors.

Appears in:
Field Description

create boolean

Specifies whether to create the resource.

enabled boolean

Deprecated: this field exists for storage backwards compatibility and is
never used. Prefer Create.

ConsoleCreateObj

ConsoleCreateObj represents configuration options for creating Kubernetes objects such as ConfigMaps, Secrets, and Deployments.

Appears in:
Field Description

create boolean

Indicates whether the corresponding Kubernetes object (ConfigMap, Secret, or Deployment) should be created.

ContainerResources

ContainerResources defines resource limits for containers.

Appears in:
Field Description

max invalid type

Specifies the maximum resources that can be allocated to a container.

min invalid type

Specifies the minimum resources required for a container.

CredentialSecretRef

CredentialSecretRef can be used to set cloud_storage_secret_key from referenced Kubernetes Secret

Appears in:
Field Description

Enablable

Field Description

enabled boolean

Enterprise

Enterprise configures an Enterprise license key to enable Redpanda Enterprise features. Requires the post-install job to be enabled (default). See https://docs.redpanda.com/current/get-started/licenses/.

Appears in:
Field Description

license string

Specifies the Enterprise license key.

licenseSecretRef EnterpriseLicenseSecretRef

Defines a reference to a Secret resource that contains the Enterprise license key.

EnterpriseLicenseSecretRef

EnterpriseLicenseSecretRef configures a reference to a Secret resource that contains the Enterprise license key.

Appears in:
Field Description

key string

Specifies the key that is contains the Enterprise license in the Secret.

name string

Specifies the name of the Secret resource to use.

External

External defines external connectivity settings in the Helm values.

Appears in:
Field Description

addresses string array

Specifies addresses for the external listeners to advertise.Provide one entry for each broker in order of StatefulSet replicas. The number of brokers is defined in statefulset.replicas. The values can be IP addresses or DNS names. If external.domain is set, the domain is appended to these values.

annotations object (keys:string, values:string)

Adds custom annotations to the external Service.

domain string

Specifies the domain to advertise to external clients. If specified, then it will be appended to the external.addresses values as each broker’s advertised address.

enabled boolean

Specifies whether the external access is enabled.

service ExternalService

Configures the external Service resource.

sourceRanges string array

Source range for external access. Only applicable when external.type is LoadBalancer.

type string

Specifies the external Service type. Only NodePort and LoadBalancer are supported. If undefined, then advertised listeners will be configured in Redpanda, but the Helm chart will not create a Service. NodePort is recommended in cases where latency is a priority.

externalDns ExternalDNS

Defines externalDNS configurations.

prefixTemplate string

Specifies a naming prefix template for external Services.

ExternalDNS

ExternalDNS configures externalDNS.

Appears in:
Field Description

enabled boolean

Specifies whether externalDNS annotations are added to LoadBalancer Services. If you enable externalDns, each LoadBalancer Service defined in external.type will be annotated with an external-dns hostname that matches external.addresses[i].external.domain.

ExternalListener

ExternalListener configures settings for the external listeners.

Field Description

enabled boolean

authenticationMethod string

Specifies the authentication method for the external listener. For example, 'mtls_identity' or sasl.

port integer

Specifies the container port number for the external listener.

Configures TLS settings for the external listener.

advertisedPorts integer array

Specifies the network port that the external Service listens on.

prefixTemplate string

Specifies the template used for generating the advertised addresses of Services. This field accepts a string template that dynamically constructs Service addresses based on various parameters such as Service name and port number.

nodePort integer

ExternalService

ExternalService allows you to enable or disable the creation of an external Service type.

Appears in:
Field Description

enabled boolean

Specifies whether to create the external Service. If set to false, the external Service type is not created. You can still set your cluster with external access but not create the supporting Service. Set this to false to manage your own Service.

FsValidator

Appears in:
Field Description

enabled boolean

expectedFS string

extraVolumeMounts string

Adds extra volume mounts.

resources invalid type

Specifies the resource requirements.

HTTP

HTTP configures settings for the HTTP Proxy listeners.

Appears in:
Field Description

authenticationMethod string

Specifies the authentication method for the external listener. For example, 'mtls_identity' or sasl.

enabled boolean

Specifies whether the HTTP Proxy is enabled.

external object (keys:string, values:ExternalListener)

Defines settings for the external listener.

kafkaEndpoint string

Configures the listener to use for HTTP connections. For example default for the internal listener.

port integer

Specifies the container port number for the internal listener.

Configures TLS settings for the internal listener.

prefixTemplate string

Specifies the template used for generating the advertised addresses of Services. This field accepts a string template that dynamically constructs Service addresses based on various parameters such as Service name and port number.

HelmUpgrade

HelmUpgrade configures the behavior and strategy for Helm chart upgrades.

Appears in:
Field Description

remediation invalid type

Specifies the actions to take on upgrade failures. See https://pkg.go.dev/github.com/fluxcd/helm-controller/api/v2beta1#UpgradeRemediation.

force boolean

Enables forceful updates during an upgrade.

preserveValues boolean

Specifies whether to preserve user-configured values during an upgrade.

cleanupOnFail boolean

Specifies whether to perform cleanup in case of failed upgrades.

InitContainerImage

InitContainerImage configures the init container image used to perform initial setup tasks before the main containers start.

Appears in:
Field Description

repository string

tag string

InitContainers

InitContainers configures the init container used to perform initial setup tasks before the main containers start.

Appears in:
Field Description

configurator Configurator

extraInitContainers string

setDataDirOwnership SetDataDirOwnership

Defines the settings related to ownership of the Redpanda data directory in environments where root access is restricted.

setTieredStorageCacheDirOwnership SetTieredStorageCacheDirOwnership

Defines the settings related to ownership of the Tiered Storage cache in environments where root access is restricted.

fsValidator FsValidator

Defines the setting for init container that not allow to start Redpanda until filesystem matches

tuning Tuning

Defines settings for the autotuner tool in Redpanda. The autotuner identifies the hardware configuration in the container and optimizes the Linux kernel to give you the best performance.

IssuerRef

IssuerRef configures the Issuer or ClusterIssuer resource to use to generate certificates. Requires cert-manager. See https://cert-manager.io/v1.1-docs.

Appears in:
Field Description

name string

Specifies the name of the resource.

kind string

Specifies the kind of resource. One of Issuer or ClusterIssuer.

group string

Kafka

Kafka configures settings for the Kafka API listeners.

Appears in:
Field Description

authenticationMethod string

Specifies the authentication method for the external listener. For example, 'mtls_identity' or sasl.

external object (keys:string, values:ExternalListener)

Defines settings for the external listener.

port integer

Specifies the container port number for the internal listener.

Configures TLS settings for the internal listener.

prefixTemplate string

Specifies the template used for generating the advertised addresses of Services. This field accepts a string template that dynamically constructs Service addresses based on various parameters such as Service name and port number.

KafkaAPISpec

KafkaAPISpec configures client configuration settings for connecting to Redpanda brokers.

Field Description

brokers string array

Specifies a list of broker addresses in the format <host>:<port>

tls CommonTLS

Defines TLS configuration settings for Redpanda clusters that have TLS enabled.

sasl KafkaSASL

Defines authentication configuration settings for Redpanda clusters that have authentication enabled.

KafkaSASL

KafkaSASL configures credentials to connect to Redpanda cluster that has authentication enabled.

Appears in:
Field Description

username string

Specifies the username.

passwordSecretRef SecretKeyRef

Specifies the password.

mechanism SASLMechanism

Specifies the SASL/SCRAM authentication mechanism.

awsMskIam KafkaSASLAWSMskIam

KafkaSASLAWSMskIam

KafkaSASLAWSMskIam is the config for AWS IAM SASL mechanism, see: https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html

Appears in:
Field Description

accessKey string

secretKeySecretRef SecretKeyRef

sessionTokenSecretRef SecretKeyRef

SessionToken, if non-empty, is a session / security token to use for authentication.
See: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html

userAgent string

UserAgent is the user agent to for the client to use when connecting
to Kafka, overriding the default "franz-go/<runtime.Version()>/<hostname>".

Setting a UserAgent allows authorizing based on the aws:UserAgent
condition key; see the following link for more details:
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-useragent

KafkaSASLGSSAPI

KafkaSASLGSSAPI represents the Kafka Kerberos config.

Appears in:
Field Description

authType string

keyTabPath string

kerberosConfigPath string

serviceName string

username string

passwordSecretRef SecretKeyRef

realm string

enableFast boolean

EnableFAST enables FAST, which is a pre-authentication framework for Kerberos.
It includes a mechanism for tunneling pre-authentication exchanges using armored KDC messages.
FAST provides increased resistance to passive password guessing attacks.

KafkaSASLOAuthBearer

KafkaSASLOAuthBearer is the config struct for the SASL OAuthBearer mechanism

Appears in:
Field Description

tokenSecretRef SecretKeyRef

LicenseSecretRef

LicenseSecretRef is deprecated. Use EnterpriseLicenseSecretRef instead.

Appears in:
Field Description

secret_key string

Specifies the key that is contains the Enterprise license in the Secret.

secret_name string

Specifies the name of the Secret.

ListenerTLS

ListenerTLS configures TLS configuration for each listener in the Helm values.

Field Description

cert string

References a specific certificate for the listener.

enabled boolean

Specifies whether TLS is enabled for the listener.

secretRef string

References a Secret resource containing TLS credentials for the listener.

Deprecated: Setting SecretRef has no affect and will be removed in
future releases.

requireClientAuth boolean

Indicates whether client authentication (mTLS) is required.

trustStore TrustStore

TrustStore allows setting the truststore_path on this listener. If
specified, this field takes precedence over [Certificate.CAEnabled].

Listeners

Listeners configures settings for listeners, including HTTP Proxy, Schema Registry, the Admin API and the Kafka API. See https://docs.redpanda.com/current/manage/kubernetes/networking/configure-listeners/.

Appears in:
Field Description

admin Admin

Configures settings for the Admin API listeners.

http HTTP

Configures settings for the HTTP Proxy listeners.

kafka Kafka

Configures settings for the Kafka API listeners.

rpc RPC

Configures settings for the RPC API listener.

schemaRegistry SchemaRegistry

Configures settings for the Schema Registry listeners.

LivenessProbe

LivenessProbe configures liveness probes to monitor the health of the Pods and restart them if necessary.

Field Description

failureThreshold integer

Sets the number of consecutive failures required to consider a Pod as not live.

initialDelaySeconds integer

Specifies the time in seconds to wait before the first probe is initiated.

periodSeconds integer

Determines the frequency in seconds of performing the probe.

timeoutSeconds integer

successThreshold integer

Logging

Logging configures logging settings in the Helm values. See https://docs.redpanda.com/current/manage/kubernetes/troubleshooting/troubleshoot/.

Appears in:
Field Description

logLevel string

Sets the verbosity level of logs.

usageStats UsageStats

Specifies whether to send usage statistics to Redpanda Data.

Memory

Memory configures memory resources.

Appears in:
Field Description

container ContainerResources

Defines resource limits for containers.

enable_memory_locking boolean

Enables memory locking. For production, set to true.

redpanda RedpandaMemory

Allows you to optionally specify the memory size for both the Redpanda process and the underlying reserved memory used by Seastar.

MetadataTemplate

MetadataTemplate defines additional metadata to associate with a resource.

Appears in:
Field Description

labels object (keys:string, values:string)

Labels specifies the Kubernetes labels to apply to a managed resource.

annotations object (keys:string, values:string)

Annotations specifies the Kubernetes annotations to apply to a managed resource.

Migration

Migration can configure old Cluster and Console custom resource that will be disabled. With Migration the ChartRef and ClusterSpec still need to be correctly configured.

Appears in:
Field Description

enabled boolean

clusterRef NamespaceNameRef

ClusterRef by default will not be able to reach different namespaces, but it can be
overwritten by adding ClusterRole and ClusterRoleBinding to operator ServiceAccount.

consoleRef NamespaceNameRef

ConsoleRef by default will not be able to reach different namespaces, but it can be
overwritten by adding ClusterRole and ClusterRoleBinding to operator ServiceAccount.

Monitoring

Monitoring configures monitoring resources for Redpanda. See https://docs.redpanda.com/current/manage/kubernetes/monitoring/monitor-redpanda/.

Appears in:
Field Description

enabled boolean

Specifies whether to create a ServiceMonitor that can be used by Prometheus Operator or VictoriaMetrics Operator to scrape the metrics.

labels object (keys:string, values:string)

Adds custom labels to the ServiceMonitor resource.

scrapeInterval string

Specifies how often to scrape metrics.

tlsConfig invalid type

Specifies tls configuration properties.

enableHttp2 boolean

Password

Password specifies a password for the user.

Field Description

value string

Value is a hardcoded value to use for the given password. It should only be used for testing purposes.
In production, use ValueFrom.

valueFrom PasswordSource

ValueFrom specifies a source for a password to be fetched from when specifying or generating user credentials.

PasswordSource

PasswordSource contains the source for a password.

Appears in:
Field Description

secretKeyRef invalid type

SecretKeyRef specifies the secret used in reading a User password.
If the Secret exists and has a value in it, then that value is used.
If the Secret does not exist, or is empty, a password is generated and
stored based on this configuration.

PatternType (string)

PatternType specifies the type of pattern applied for ACL resource matching.

Appears in:

PersistentVolume

PersistentVolume configures configurations for a PersistentVolumeClaim to use to store the Redpanda data directory.

Appears in:
Field Description

annotations object (keys:string, values:string)

Adds annotations to the PersistentVolumeClaims to provide additional information or metadata that can be used by other tools or libraries.

enabled boolean

Specifies whether to enable the Helm chart to create PersistentVolumeClaims for Pods.

labels object (keys:string, values:string)

Applies labels to the PersistentVolumeClaims to facilitate identification and selection based on custom criteria.

size invalid type

Specifies the storage capacity required.

storageClass string

Specifies the StorageClass for the PersistentVolumeClaims to determine how PersistentVolumes are provisioned and managed.

nameOverwrite string

Option to change volume claim template name for tiered storage persistent volume if tiered.mountType is set to persistentVolume

PodAntiAffinity

PodAntiAffinity configures Pod anti-affinity rules to prevent Pods from being scheduled together on the same node.

Appears in:
Field Description

topologyKey string

TopologyKey specifies the topology key used to spread Pods across different nodes or other topologies.

type string

Type defines the type of anti-affinity, such as soft or hard.

weight integer

Weight sets the weight associated with the soft anti-affinity rule.

custom invalid type

Custom configures additional custom anti-affinity rules.

PodSpecApplyConfiguration

PodSpecApplyConfiguration is a wrapper around [applycorev1.PodSpecApplyConfiguration] that adds support for DeepCopying.

Appears in:

PodTemplate

PodTemplate will pass label and annotation to Statefulset Pod template.

Field Description

labels object (keys:string, values:string)

annotations object (keys:string, values:string)

PostInstallJob

PostInstallJob configures configurations for the post-install job that run after installation of the Helm chart.

Appears in:
Field Description

resources invalid type

Sets resource requirements (CPU, memory) for the job to ensure proper allocation and limit resource usage.

annotations object (keys:string, values:string)

Adds annotations to the job to provide additional information or metadata that can be used by other tools or libraries.

enabled boolean

Specifies whether the job is deployed.

labels object (keys:string, values:string)

Applies labels to the job to facilitate identification and selection based on custom criteria.

affinity invalid type

Affinity constraints for scheduling Pods. For details, see the
[Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).

securityContext invalid type

SecurityContext is deprecated. Prefer [PodTemplate.Spec.SecurityContext]
or [PodTemplate.Spec.Containers[*].SecurityContext].

podTemplate PodTemplate

PodTemplate is a subset of Kubernetes' PodTemplate that will be merged
into this Job’s PodTemplate.

PostUpgradeJob

PostUpgradeJob configures configurations for the post-upgrade job that run after each upgrade of the Helm chart.

Appears in:
Field Description

annotations object (keys:string, values:string)

Adds annotations to the job to provide additional information or metadata that can be used by other tools or libraries.

enabled boolean

Specifies whether the job is deployed.

labels object (keys:string, values:string)

Applies labels to the job to facilitate identification and selection based on custom criteria.

extraEnv invalid type array

Adds environment variables to the job container to configure its runtime behavior.

extraEnvFrom invalid type array

Specifies environment variables from external sources, such as ConfigMap resources, or Secret resources, to dynamically configure the job.

resources invalid type

Sets resource requirements (CPU, memory) for the job to ensure proper allocation and limit resource usage.

backoffLimit integer

affinity invalid type

Affinity constraints for scheduling Pods. For details, see the
[Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).

securityContext invalid type

SecurityContext is deprecated. Prefer [PodTemplate.Spec.SecurityContext]
or [PodTemplate.Spec.Containers[*].SecurityContext].

podTemplate PodTemplate

PodTemplate is a subset of Kubernetes' PodTemplate that will be merged
into this Job’s PodTemplate.

RBAC

RBAC configures role-based access control (RBAC).

Appears in:
Field Description

annotations object (keys:string, values:string)

Adds custom annotations to the RBAC resources.

enabled boolean

Whether RBAC is enabled. Enable for features that need extra privileges, such as rack awareness. If you use the Redpanda Operator, you must deploy it with the --set rbac.createRPKBundleCRs=true flag to give it the required ClusterRoles.

RPC

RPC configures settings for the RPC API listeners.

Appears in:
Field Description

port integer

Specifies the container port number for the internal listener.

Configures TLS settings for the internal listener.

RPControllers

RPControllers configures additional controllers that can be deployed as sidecars in rp helm

Appears in:
Field Description

enabled boolean

Specifies whether the Controllers are enabled.

resources invalid type

securityContext invalid type

healthProbeAddress string

metricsAddress string

run string array

createRBAC boolean

RackAwareness

RackAwareness configures rack awareness in the Helm values. See https://docs.redpanda.com/current/manage/kubernetes/kubernetes-rack-awareness/.

Appears in:
Field Description

enabled boolean

Specifies whether rack awareness is enabled. When enabled, Kubernetes failure zones are treated as racks. Redpanda maps each rack to a failure zone and places partition replicas across them. Requires rbac.enabled set to true.

nodeAnnotation string

Specifies the key in Node labels or annotations to use to denote failure zones.

ReadinessProbe

ReadinessProbe configures readiness probes to determine when a Pod is ready to handle traffic.

Field Description

failureThreshold integer

Defines the threshold for how many times the probe can fail before the Pod is marked Unready.

initialDelaySeconds integer

Sets the initial delay before the readiness probe is initiated, in seconds.

periodSeconds integer

Configures the period, in seconds, between each readiness check.

timeoutSeconds integer

successThreshold integer

Redpanda

Redpanda defines the CRD for Redpanda clusters.

Appears in:
Field Description

apiVersion string

cluster.redpanda.com/v1alpha2

kind string

Redpanda

metadata invalid type

Refer to the Kubernetes API documentation for fields of metadata.

Defines the desired state of the Redpanda cluster.

Represents the current status of the Redpanda cluster.

RedpandaClusterSpec

RedpandaClusterSpec defines the desired state of a Redpanda cluster. These settings are the same as those defined in the Redpanda Helm chart. The values in these settings are passed to the Redpanda Helm chart through Flux. For all default values and links to more documentation, see https://docs.redpanda.com/current/reference/redpanda-helm-spec/.

For descriptions and default values, see Redpanda Helm Chart Specification.

Appears in:
Field Description

nameOverride string

Customizes the labels app.kubernetes.io/component=<nameOverride>-statefulset and app.kubernetes.io/name=<nameOverride> on the StatefulSet Pods. The default is redpanda.

fullNameOverride string

Deprecated: use FullnameOverride (fullnameOverride).

fullnameOverride string

Customizes the name of the StatefulSet and Services. The default is redpanda.

clusterDomain string

Customizes the Kubernetes cluster domain. This domain is used to generate the internal domains of the StatefulSet Pods. For details, see https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id. The default is the cluster.local domain.

commonLabels object (keys:string, values:string)

Assigns custom labels to all resources generated by the Redpanda Helm chart. Specify labels as key/value pairs.

nodeSelector object (keys:string, values:string)

Specifies on which nodes a Pod should be scheduled. These key/value pairs ensure that Pods are scheduled onto nodes with the specified labels.

tolerations invalid type array

Specifies tolerations to allow Pods to be scheduled onto nodes where they otherwise wouldn’t.

Defines the container image settings to use for the Redpanda cluster.

imagePullSecrets invalid type array

Specifies credentials for a private image repository. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/.

license_key string

Deprecated: Use Enterprise instead.

license_secret_ref LicenseSecretRef

Deprecated: Use EnterpriseLicenseSecretRef instead.

enterprise Enterprise

Defines an Enterprise license.

rackAwareness RackAwareness

Defines rack awareness settings.

console RedpandaConsole

Defines Redpanda Console settings.

connectors RedpandaConnectors

Defines Redpanda Connector settings.

auth Auth

Defines authentication settings for listeners.

tls TLS

Defines TLS settings for listeners.

external External

Defines external access settings.

logging Logging

Defines the log level settings.

auditLogging AuditLogging

Defines the log level settings.

resources Resources

Defines container resource settings.

service Service

Defines settings for the headless ClusterIP Service.

storage Storage

Defines storage settings for the Redpanda data directory and the Tiered Storage cache.

post_install_job PostInstallJob

Defines settings for the post-install hook, which runs after each install or upgrade. For example, this job is responsible for setting the Enterprise license, if specified.

post_upgrade_job PostUpgradeJob

Defines settings for the post-upgrade hook, which runs after each update. For example, this job is responsible for setting cluster configuration properties and restarting services such as Schema Registry, if required.

statefulset Statefulset

Defines settings for the StatefulSet that manages Redpanda brokers.

tuning Tuning

Defines settings for the autotuner tool in Redpanda. The autotuner identifies the hardware configuration in the container and optimizes the Linux kernel to give you the best performance.

listeners Listeners

Defines settings for listeners, including HTTP Proxy, Schema Registry, the Admin API and the Kafka API.

config Config

Defines configuration properties supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these values from the defaults comes with some risk. Use these properties to customize various Redpanda configurations that are not available in the RedpandaClusterSpec. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup.

rbac RBAC

Defines Role Based Access Control (RBAC) settings.

serviceAccount ServiceAccount

Defines Service account settings.

monitoring Monitoring

Defines settings for monitoring Redpanda.

force boolean

Adds the --force flag in helm upgrade commands. Used for allowing a change of TLS configuration for the RPC listener.
Setting force to true will result in a short period of downtime.

affinity invalid type

Affinity constraints for scheduling Pods, can override this for
StatefulSets and Jobs. For details, see the [Kubernetes
documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).

tests Enablable

RedpandaConnectors

RedpandaConnectors configures Redpanda Connectors. Redpanda Connectors is a package that includes Kafka Connect and built-in connectors, sometimes known as plugins. See https://docs.redpanda.com/current/deploy/deployment-option/self-hosted/kubernetes/k-deploy-connectors/.

Appears in:
Field Description

enabled boolean

Specifies whether to create Helm tests.

monitoring ConnectorMonitoring

Specifies monitoring resources

connectors invalid type

Connectors specified manual configurations

deployment invalid type

Connectors specified manual configurations

nameOverride string

Specifies a custom name for the Redpanda Console resources, overriding the default naming convention.

fullnameOverride string

Specifies a full custom name, which overrides the entire naming convention including release name and chart name.

commonLabels object (keys:string, values:string)

Assigns custom labels to all resources generated by the Connector Helm chart. Specify labels as key/value pairs.

tolerations invalid type array

Applies tolerations to allow Pods to be scheduled on nodes with matching taints, enabling control over where Pods can run.

Defines the container image settings to use for the Redpanda cluster.

imagePullSecrets invalid type array

Specifies credentials for a private image repository. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/.

auth invalid type

Specifies superuser credentials

container invalid type

Specifies container information

storage invalid type

Specifies storage information

logging invalid type

Specifies logging details

service invalid type

Specifies service details

serviceAccount invalid type

Specifies service account details

RedpandaConsole

RedpandaConsole configures the Redpanda Console subchart of the Redpanda Helm chart. Use these settings to configure the subchart. For more details on each setting, see the Helm values for the Redpanda Console chart: https://artifacthub.io/packages/helm/redpanda-data/console?modal=values

Appears in:
Field Description

enabled boolean

Specifies whether the Redpanda Console subchart should be deployed.

replicaCount integer

Sets the number of replicas for the Redpanda Console Deployment resource.

nameOverride string

Specifies a custom name for the Redpanda Console resources, overriding the default naming convention.

fullnameOverride string

Specifies a full custom name, which overrides the entire naming convention including release name and chart name.

commonLabels object (keys:string, values:string)

priorityClassName string

Specifies the priority class name for the Pods that run Redpanda Console.

image invalid type

Defines the container image for the Redpanda Console, including the repository, name, and tag.

imagePullSecrets invalid type array

Defines Secrets used to pull the container images from a private registry.

serviceAccount invalid type

Configures the ServiceAccount used by the Pods that run Redpanda Console.

annotations invalid type

podAnnotations invalid type

Adds custom annotations to the Pods that run Redpanda Console.

podLabels invalid type

Adds custom labels to the Pods that run Redpanda Console.

podSecurityContext invalid type

securityContext invalid type

Sets the security context for the Pods that run Redpanda Console.

service invalid type

Configures the Kubernetes Service for Redpanda Console.

ingress invalid type

Configures the Kubernetes Ingress resource for Redpanda Console.

resources invalid type

Configures resource requests and limits for the Pods that run Redpanda Console.

autoscaling invalid type

Configures Horizontal Pod Autoscaling (HPA) for Redpanda Console.

nodeSelector invalid type

Specifies Node labels for Pod assignment.

tolerations invalid type array

Specifies tolerations for scheduling Pods onto Nodes with taints.

affinity invalid type

Defines affinity rules for Pod assignment.

topologySpreadConstraints invalid type

Specifies topology spread constraints for Pod placement.

extraEnv invalid type array

Adds extra environment variables to the Pods that run Redpanda Console.

extraEnvFrom invalid type array

Allows you to add extra environment variables from external resources to the Pods that run Redpanda Console.

extraVolumes invalid type array

Adds extra volumes to the Pods that run Redpanda Console.

extraVolumeMounts invalid type array

Mounts additional volumes inside the containers that run Redpanda Console.

extraContainers invalid type array

Adds extra containers to the Pods that run Redpanda Console.

initContainers invalid type

Specifies init containers for the Pods that run Redpanda Console.

secretMounts invalid type array

Mounts additional Secret resources inside the containers that run Redpanda Console.

configmap ConsoleCreateObj

Deprecated: this field exists for storage backwards compatibility and is
never used. Prefer ConfigMap (configmap).

configMap ConsoleCreateObj

Specifies whether a ConfigMap should be created for Redpanda Console.

secret invalid type

Specifies whether a Secret should be created for Redpanda Console.

deployment invalid type

Specifies whether a Deployment should be created for Redpanda Console.

console invalid type

Configures custom settings for Redpanda Console.

strategy invalid type

Configures console’s Deployment’s update strategy.

enterprise invalid type

Settings for license key, as an alternative to secret.enterprise when a
license secret is available

automountServiceAccountToken boolean

Automount API credentials for the Service Account into the pod.

readinessProbe ReadinessProbe

Settings for console’s Deployment’s readiness probe.

livenessProbe LivenessProbe

Settings for console’s Deployment’s liveness probe.

tests Enablable

Controls the creation of helm tests for console.

RedpandaImage

RedpandaImage configures the Redpanda container image settings in the Helm values.

Field Description

repository string

Specifies the image repository to pull from.

tag string

Specifies the image tag.

pullPolicy string

Specifies the strategy used for pulling images from the repository. For available values, see https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy.

RedpandaLicenseStatus

Appears in:
Field Description

violation boolean

inUseFeatures string array

expired boolean

type string

organization string

expiration invalid type

RedpandaList

RedpandaList contains a list of Redpanda objects.

Field Description

apiVersion string

cluster.redpanda.com/v1alpha2

kind string

RedpandaList

metadata invalid type

Refer to the Kubernetes API documentation for fields of metadata.

items Redpanda array

Specifies a list of Redpanda resources.

RedpandaMemory

RedpandaMemory allows you to optionally specify the memory size for the Redpanda process, including the Seastar subsystem. By default, this section is omitted, and memory sizes are calculated automatically based on the container’s total memory allocation. When you configure this section and manually set the memory and reserveMemory values, the automatic calculation is disabled.

If you are setting these values manually, follow these guidelines carefully. Incorrect settings can lead to performance degradation, instability, or even data loss. The total memory allocated to a container is determined as the sum of the following two areas:

  • Redpanda (including Seastar): Defined by the --memory parameter. Includes the memory used by the Redpanda process and the reserved memory allocated for Seastar. A minimum of 2Gi per core is required, and this value typically accounts for ~80% of the container’s total memory. For production, allocate at least 8Gi.

  • Operating system (OS): Defined by the --reserve-memory parameter. Represents the memory available for the operating system and other processes within the container.

Appears in:
Field Description

memory invalid type

Memory for the Redpanda process. This must be lower than the container’s memory (resources.memory.container.min if provided, otherwise resources.memory.container.max). Equivalent to --memory. For production, use 8Gi or greater.

reserveMemory invalid type

Memory reserved for the OS. Any value above 1Gi will provide diminishing performance benefits. Equivalent to --reserve-memory. For production, use 1Gi.

RedpandaSpec

RedpandaSpec defines the desired state of the Redpanda cluster.

Appears in:
Field Description

chartRef ChartRef

Defines chart details, including the version and repository.

clusterSpec RedpandaClusterSpec

Defines the Helm values to use to deploy the cluster.

migration Migration

Deprecated and Removed in v2.2.3-24.2.X. Downgrade to v2.2.2-24.2.4 perform the migration

RedpandaStatus

RedpandaStatus defines the observed state of Redpanda

Appears in:
Field Description

observedGeneration integer

Specifies the last observed generation.

conditions invalid type array

Conditions holds the conditions for the Redpanda.

lastAppliedRevision string

LastAppliedRevision is the revision of the last successfully applied source.

lastAttemptedRevision string

LastAttemptedRevision is the revision of the last reconciliation attempt.

helmRelease string

helmReleaseReady boolean

helmRepository string

helmRepositoryReady boolean

upgradeFailures integer

failures integer

Failures is the reconciliation failure count against the latest desired
state. It is reset after a successful reconciliation.

installFailures integer

decommissioningNode integer

ManagedDecommissioningNode indicates that a node is currently being
decommissioned from the cluster and provides its ordinal number.

LicenseStatus contains information about the current state of any
installed license in the Redpanda cluster.

ResourceTemplate

ResourceTemplate specifies additional configuration for a resource.

Appears in:
Field Description

metadata MetadataTemplate

Refer to the Kubernetes API documentation for fields of metadata.

ResourceType (string)

ResourceType specifies the type of resource an ACL is applied to.

Appears in:

Resources

Resources configures resource allocation. The default values are for a development environment. Production-level values and other considerations are documented, where those values are different from the default.

Appears in:
Field Description

cpu CPU

Specifies the number of CPU cores.

memory Memory

Specifies the amount of memory.

SASL

SASL configures SASL authentication in the Helm values.

Appears in:
Field Description

enabled boolean

Enables SASL authentication. If you enable SASL authentication, you must provide a Secret name in secretRef.

mechanism string

Specifies the default authentication mechanism to use for superusers. Options are SCRAM-SHA-256 and SCRAM-SHA-512.

secretRef string

If users is empty, secretRef specifies the name of the Secret that contains your superuser credentials in the format <username>:<password>:<optional-authentication-mechanism>. Otherwise, secretRef specifies the name of the Secret that the chart creates to store the credentials in users.

users UsersItems array

Specifies a list of superuser credentials.

bootstrapUser BootstrapUser

Specifies configuration about the bootstrap user.

SASLMechanism (string)

SASLMechanism specifies a SASL auth mechanism.

Schema

Schema defines the CRD for a Redpanda schema.

Appears in:
Field Description

apiVersion string

cluster.redpanda.com/v1alpha2

kind string

Schema

metadata invalid type

Refer to the Kubernetes API documentation for fields of metadata.

spec SchemaSpec

Defines the desired state of the Redpanda schema.

status SchemaStatus

Represents the current status of the Redpanda schema.

SchemaList

SchemaList contains a list of Redpanda schema objects.

Field Description

apiVersion string

cluster.redpanda.com/v1alpha2

kind string

SchemaList

metadata invalid type

Refer to the Kubernetes API documentation for fields of metadata.

items Schema array

Specifies a list of Redpanda schema resources.

SchemaReference

SchemaReference is a way for a one schema to reference another. The details for how referencing is done are type specific; for example, JSON objects that use the key "$ref" can refer to another schema via URL.

Appears in:
Field Description

name string

subject string

version integer

SchemaRegistry

SchemaRegistry configures settings for the Schema Registry listeners.

Appears in:
Field Description

authenticationMethod string

Specifies the authentication method for the external listener. For example, 'mtls_identity' or sasl.

enabled boolean

Specifies whether the Schema Registry is enabled.

external object (keys:string, values:ExternalListener)

Defines settings for the external listener.

kafkaEndpoint string

Configures the listener to use for HTTP connections. For example default for the internal listener.

port integer

Specifies the container port number for the internal listener.

Configures TLS settings for the internal listener.

SchemaRegistrySASL

SchemaRegistrySASL configures credentials to connect to Redpanda cluster that has authentication enabled.

Appears in:
Field Description

username string

Specifies the username.

passwordSecretRef SecretKeyRef

Specifies the password.

mechanism SASLMechanism

Specifies the SASL/SCRAM authentication mechanism.

token SecretKeyRef

SchemaRegistrySpec

SchemaRegistrySpec defines client configuration for connecting to Redpanda’s admin API.

Field Description

urls string array

Specifies a list of broker addresses in the format <host>:<port>

tls CommonTLS

Defines TLS configuration settings for Redpanda clusters that have TLS enabled.

Defines authentication configuration settings for Redpanda clusters that have authentication enabled.

SchemaSpec

SchemaSpec defines the configuration of a Redpanda schema.

Appears in:
Field Description

cluster ClusterSource

ClusterSource is a reference to the cluster hosting the schema registry.
It is used in constructing the client created to configure a cluster.

text string

Text is the actual unescaped text of a schema.

schemaType SchemaType

Type is the type of a schema. The default type is avro.

references SchemaReference array

References declares other schemas this schema references. See the
docs on SchemaReference for more details.

compatibilityLevel CompatibilityLevel

CompatibilityLevel sets the compatibility level for the given schema

SchemaStatus

SchemaStatus defines the observed state of a Redpanda schema.

Appears in:
Field Description

observedGeneration integer

Specifies the last observed generation.

conditions invalid type array

Conditions holds the conditions for the Redpanda schema.

versions integer array

Versions shows the versions of a given schema

schemaHash string

SchemaHash is the hashed value of the schema synced to the cluster

SchemaType (string)

SchemaType specifies the type of the given schema.

Appears in:

SecretKeyRef

SecretKeyRef contains enough information to inspect or modify the referred Secret data See https://pkg.go.dev/k8s.io/api/core/v1#ObjectReference.

Field Description

name string

key string

Key in Secret data to get value from

SecretRef

SecretRef configures the Secret resource that contains existing TLS certificates.

Appears in:
Field Description

name string

Specifies the name of the Secret resource.

SecretWithConfigField

Appears in:
Field Description

key string

name string

configurationKey string

Service

Appears in:
Field Description

name string

internal ServiceInternal

ServiceAccount

ServiceAccount configures Service Accounts.

Appears in:
Field Description

automountServiceAccountToken boolean

Specifies whether a service account should automount API-Credentials

annotations object (keys:string, values:string)

Adds custom annotations to the ServiceAccount resources.

create boolean

Specifies whether a ServiceAccount should be created.

name string

Specifies the name of the ServiceAccount.

ServiceInternal

Appears in:
Field Description

annotations object (keys:string, values:string)

SetDataDirOwnership

SetDataDirOwnership defines the settings related to ownership of the Redpanda data directory in environments where root access is restricted.

Appears in:
Field Description

enabled boolean

Specifies whether to enable root access. Enable only in environments where root access is not allowed, such as minikube.

extraVolumeMounts string

Adds extra volume mounts.

resources invalid type

Specifies the resource requirements.

SetTieredStorageCacheDirOwnership

SetTieredStorageCacheDirOwnership configures the settings related to ownership of the Tiered Storage cache in environments where root access is restricted.

Appears in:
Field Description

extraVolumeMounts string

resources invalid type

SideCarObj

SideCarObj represents a generic sidecar object. This is a placeholder for now.

Appears in:
Field Description

enabled boolean

resources invalid type

securityContext invalid type

SideCars

SideCars configures the additional sidecar containers that run alongside the main Redpanda container in the Pod.

Appears in:
Field Description

configWatcher ConfigWatcher

Configures the config-watcher sidecar. The config-watcher sidecar polls the Secret resource in auth.sasl.secretRef for changes and triggers a rolling upgrade to add the new superusers to the Redpanda cluster.

rpkStatus SideCarObj

controllers RPControllers

StartupProbe

StartupProbe configures the startup probe to determine when the Redpanda application within the Pod has started successfully.

Appears in:
Field Description

failureThreshold integer

Determines the failure threshold to mark the application in the Pod as not started.

initialDelaySeconds integer

Specifies the delay in seconds before the startup probe begins.

periodSeconds integer

Sets the period in seconds for conducting subsequent probes.

timeoutSeconds integer

successThreshold integer

Statefulset

Statefulset defines configurations for the StatefulSet in Helm values.

Appears in:
Field Description

additionalSelectorLabels object (keys:string, values:string)

additionalRedpandaCmdFlags string array

Includes additional command flags for Redpanda at startup to customize its runtime behavior.

annotations object (keys:string, values:string)

Adds annotations to the StatefulSet to provide additional information or metadata.
Please use PodTemplate to add additional annotation or labels for Pods managed by Statefulset.

podTemplate PodTemplate

PodTemplate is a subset of Kubernetes' PodTemplate that will be merged
into this StatefulSet’s PodTemplate.

budget Budget

Defines the management of disruptions affecting the Pods in the StatefulSet.

extraVolumeMounts string

Specifies extra volume mounts for the Pods.

extraVolumes string

Defines additional volumes for the Pods.

initContainerImage InitContainerImage

Defines the init container image used to perform initial setup tasks before the main containers start.

initContainers InitContainers

Configures the init container used to perform initial setup tasks before the main containers start.

livenessProbe LivenessProbe

Defines liveness probes to monitor the health of the Pods and restart them if necessary.

nodeSelector object (keys:string, values:string)

Applies node selectors to schedule Pods on specific nodes based on labels.

podAffinity invalid type

Defines Pod affinity rules to influence the scheduling and placement of Pods relative to other Pods.

podAntiAffinity PodAntiAffinity

Defines Pod anti-affinity rules to prevent Pods from being scheduled together on the same node.

priorityClassName string

Defines the priority class name to assign priority levels to the Pods, influencing their scheduling order.

readinessProbe ReadinessProbe

Defines readiness probes to determine when a Pod is ready to handle traffic.

replicas integer

Specifies the number of replicas to determine the desired number of Pods (Redpanda brokers) in the StatefulSet.

securityContext invalid type

Sets a security context for the Pods to define privilege and access control settings.

sideCars SideCars

Defines the additional sidecar containers that run alongside the main Redpanda container in the Pod.

skipChown boolean

Specifies whether to skip the changing of file ownership (chown) during Pod initialization.

startupProbe StartupProbe

Configures the startup probe to determine when the Redpanda application within the Pod has started successfully.

tolerations invalid type array

Applies tolerations to allow Pods to be scheduled on nodes with matching taints, enabling control over where Pods can run.

topologySpreadConstraints TopologySpreadConstraints array

Defines topology spread constraints to control how Pods are spread across different topology domains.

updateStrategy UpdateStrategy

Defines the update strategy for the StatefulSet to manage how updates are rolled out to the Pods.

terminationGracePeriodSeconds integer

Specifies the termination grace period in seconds to control the time delay before forcefully terminating a Pod.

StaticConfigurationSource

StaticConfigurationSource configures connections to a Redpanda cluster via hard-coded connection strings and manually configured TLS and authentication parameters.

Appears in:
Field Description

kafka KafkaAPISpec

Kafka is the configuration information for communicating with the Kafka
API of a Redpanda cluster where the object should be created.

admin AdminAPISpec

AdminAPISpec is the configuration information for communicating with the Admin
API of a Redpanda cluster where the object should be created.

schemaRegistry SchemaRegistrySpec

SchemaRegistry is the configuration information for communicating with the Schema Registry
API of a Redpanda cluster where the object should be created.

Storage

Storage configures storage-related settings in the Helm values. See https://docs.redpanda.com/current/manage/kubernetes/storage/.

Appears in:
Field Description

hostPath string

Specifies the absolute path on the worker node to store the Redpanda data directory. If unspecified, then an emptyDir volume is used. If specified but persistentVolume.enabled is true, storage.hostPath has no effect.

persistentVolume PersistentVolume

Configures a PersistentVolumeClaim (PVC) template to create for each Pod. This PVC is used to store the Redpanda data directory.

tiered Tiered

Configures storage for the Tiered Storage cache.

TLS

TLS configures TLS in the Helm values. See https://docs.redpanda.com/current/manage/kubernetes/security/tls/.

Appears in:
Field Description

certs object (keys:string, values:Certificate)

Lists all available certificates in the cluster. You can reference a specific certificate’s name in each listener’s listeners.<listener name>.tls.cert setting.

enabled boolean

Enables TLS globally for all listeners. Each listener must include a certificate name in its <listener>.tls object. To allow you to enable TLS for individual listeners, certificates are always loaded, even if TLS is disabled.

Tiered

Tiered configures storage for the Tiered Storage cache. See https://docs.redpanda.com/current/manage/kubernetes/tiered-storage-kubernetes/.

Appears in:
Field Description

mountType string

mountType can be one of:

  • none: Does not mount a volume. Tiered storage will use the same volume as the one defined for the Redpanda data directory.

  • hostPath: Uses the path specified in hostPath on the worker node that the Pod is running on.

  • emptyDir: Mounts an empty directory every time the Pod starts.

  • persistentVolume: Creates and mounts a PersistentVolumeClaim using the template defined in persistentVolume.

hostPath string

Specifies the absolute path on the worker node to store the Tiered Storage cache.

persistentVolume PersistentVolume

Configures a PersistentVolumeClaim (PVC) template to create for each Pod. This PVC is used to store the Tiered Storage cache.

config TieredConfig

Configures Tiered Storage, which requires an Enterprise license configured in enterprise.licenseKey or enterprised.licenseSecretRef.

credentialsSecretRef CredentialSecretRef

CredentialSecretRef can be used to set cloud_storage_secret_key and/or cloud_storage_access_key from referenced Kubernetes Secret

TieredConfig

TieredConfig configures Tiered Storage, which requires an Enterprise license configured in enterprise.licenseKey or enterprise.licenseSecretRef.TieredConfig is a top-level field of the Helm values.

Appears in:
Field Description

cloud_storage_enabled JSONBoolean

Enables Tiered Storage, if a license key is provided. See https://docs.redpanda.com/docs/reference/cluster-properties/#cloud_storage_enabled.

cloud_storage_api_endpoint string

cloud_storage_api_endpoint_port integer

cloud_storage_bucket string

cloud_storage_azure_container string

cloud_storage_azure_managed_identity_id string

cloud_storage_azure_storage_account string

cloud_storage_azure_shared_key string

cloud_storage_azure_adls_endpoint string

cloud_storage_azure_adls_port integer

cloud_storage_cache_check_interval integer

cloud_storage_cache_directory string

cloud_storage_cache_size string

cloud_storage_credentials_source string

cloud_storage_disable_tls boolean

cloud_storage_enable_remote_read boolean

cloud_storage_enable_remote_write boolean

cloud_storage_initial_backoff_ms integer

cloud_storage_manifest_upload_timeout_ms integer

cloud_storage_max_connection_idle_time_ms integer

cloud_storage_max_connections integer

cloud_storage_reconciliation_interval_ms integer

cloud_storage_region string

cloud_storage_segment_max_upload_interval_sec integer

cloud_storage_segment_upload_timeout_ms integer

cloud_storage_trust_file string

cloud_storage_upload_ctrl_d_coeff integer

cloud_storage_upload_ctrl_max_shares integer

cloud_storage_upload_ctrl_min_shares integer

cloud_storage_upload_ctrl_p_coeff integer

cloud_storage_upload_ctrl_update_interval_ms integer

Topic

Topic defines the CRD for Topic resources. See https://docs.redpanda.com/current/manage/kubernetes/manage-topics/.

Appears in:
Field Description

apiVersion string

cluster.redpanda.com/v1alpha2

kind string

Topic

metadata invalid type

Refer to the Kubernetes API documentation for fields of metadata.

spec TopicSpec

Defines the desired state of the Topic resource.

status TopicStatus

Represents the current status of the Topic resource.

TopicList

TopicList contains a list of Topic objects.

Field Description

apiVersion string

cluster.redpanda.com/v1alpha2

kind string

TopicList

metadata invalid type

Refer to the Kubernetes API documentation for fields of metadata.

items Topic array

Specifies a list of Topic resources.

TopicSpec

TopicSpec defines the desired state of the topic. See https://docs.redpanda.com/current/manage/kubernetes/manage-topics/.

Appears in:
Field Description

partitions integer

Specifies the number of topic shards that are distributed across the brokers in a cluster.
This number cannot be decreased after topic creation.
It can be increased after topic creation, but it is
important to understand the consequences that has, especially for
topics with semantic partitioning. When absent this will default to
the Redpanda cluster configuration default_topic_partitions.
See https://docs.redpanda.com/docs/reference/cluster-properties/#default_topic_partitions and
https://docs.redpanda.com/docs/get-started/architecture/#partitions

replicationFactor integer

Specifies the number of replicas the topic should have. Must be odd value.
When absent this will default to the Redpanda cluster configuration default_topic_replications.
See https://docs.redpanda.com/docs/reference/cluster-properties/#default_topic_replications.

overwriteTopicName string

Changes the topic name from the value of metadata.name.

additionalConfig object (keys:string, values:string)

Adds extra topic configurations. This is a free-form map of any configuration options that topics can have.
Examples:
cleanup.policy=compact
redpanda.remote.write=true
redpanda.remote.read=true
redpanda.remote.recovery=true
redpanda.remote.delete=true

cluster ClusterSource

ClusterSource is a reference to the cluster where the user should be created.
It is used in constructing the client created to configure a cluster.

kafkaApiSpec KafkaAPISpec

Defines client configuration for connecting to Redpanda brokers.
Deprecated: Use cluster.staticConfiguration.kafkaApiSpec if explicit connection
configuration is required. Otherwise, prefer cluster.clusterRef.

metricsNamespace string

Overwrites the fully-qualified
name of the metric. This should be easier to identify if
multiple operator instances runs inside the same Kubernetes cluster.
By default, it is set to redpanda-operator.

interval invalid type

Defines when the topic controller will schedule the next reconciliation.
Default is 3 seconds.

TopicStatus

TopicStatus defines the observed state of the Topic resource.

Appears in:
Field Description

observedGeneration integer

ObservedGeneration is the last observed generation of the Topic.

conditions invalid type array

Conditions holds the conditions for the Topic.

topicConfiguration Configuration array

TopicConfiguration is the last snapshot of the topic configuration during successful reconciliation.

TopologySpreadConstraints

TopologySpreadConstraints configures topology spread constraints to control how Pods are spread across different topology domains.

Appears in:
Field Description

maxSkew integer

Defines the maximum skew between the number of Pods in any two topology domains.

topologyKey string

Specifies the topology key to use for spreading Pods.

whenUnsatisfiable string

Sets the policy for how to handle unsatisfiable constraints, such as DoNotSchedule or ScheduleAnyway.

Tuning

Tuning configures settings for the autotuner tool in Redpanda. The autotuner identifies the hardware configuration in the container and optimizes the Linux kernel to give you the best performance.

Field Description

extraVolumeMounts string

Configures additional volume mounts for the Pod.

resources invalid type

Sets resource requirements such as CPU and memory limits.

ballast_file_path string

Specifies the file path for ballast file. A ballast file is an empty file that takes up disk space. If Redpanda runs out of disk space and becomes unavailable, you can delete the ballast file as a last resort. This clears up some space and gives you time to delete topics or records and change your retention properties.

ballast_file_size string

Defines the size of the ballast file.

tune_aio_events boolean

Specifies whether to increase the number of allowed asynchronous IO events.

tune_ballast_file boolean

Specifies whether to create the ballast file.

tune_clocksource boolean

Specifies whether to synchronize NTP.

well_known_io string

Specifies the vendor, VM type, and storage device type that Redpanda runs on, in the format <vendor>:<vm>:<storage>. This hints to Redpanda which configuration values it should use for the Redpanda IO scheduler.

UpdateStrategy

UpdateStrategy configures the update strategy for the StatefulSet to manage how updates are rolled out to the Pods.

Appears in:
Field Description

type string

Defines the strategy type for updating the StatefulSet, such as RollingUpdate or OnDelete.

UsageStats

UsageStats configures the reporting of usage statistics. Redpanda Data uses these metrics to learn how the software is used, which can guide future improvements.

Appears in:
Field Description

enabled boolean

Specifies whether usage reporting is enabled.

organization string

Specifies the name of the organization using the software. This can be useful for identifying and segmenting usage data by organization, if usage reporting is enabled.
Deprecated: This value is no longer respected in the redpanda helm chart
and will be removed in a future version.

clusterId string

Specifies the ID of your Redpanda cluster.

User

User defines the CRD for a Redpanda user.

Appears in:
Field Description

apiVersion string

cluster.redpanda.com/v1alpha2

kind string

User

metadata invalid type

Refer to the Kubernetes API documentation for fields of metadata.

spec UserSpec

Defines the desired state of the Redpanda user.

status UserStatus

Represents the current status of the Redpanda user.

UserAuthenticationSpec

UserAuthenticationSpec defines the authentication mechanism enabled for this Redpanda user.

Appears in:
Field Description

SASL mechanism to use for the user credentials. Valid values are:
- scram-sha-512
- scram-sha-256

password Password

Password specifies where a password is read from.

UserAuthorizationSpec

UserAuthorizationSpec defines authorization rules for this user.

Appears in:
Field Description

Type specifies the type of authorization to use for User ACLs. If unspecified, defaults to simple. Valid values are:
- simple

acls ACLRule array

List of ACL rules which should be applied to this user.

UserList

UserList contains a list of Redpanda user objects.

Field Description

apiVersion string

cluster.redpanda.com/v1alpha2

kind string

UserList

metadata invalid type

Refer to the Kubernetes API documentation for fields of metadata.

items User array

Specifies a list of Redpanda user resources.

UserSpec

UserSpec defines the configuration of a Redpanda user.

Appears in:
Field Description

cluster ClusterSource

ClusterSource is a reference to the cluster where the user should be created.
It is used in constructing the client created to configure a cluster.

authentication UserAuthenticationSpec

Authentication defines the authentication information for a user. If no
Authentication credentials are specified, then no user will be created.
This is useful when wanting to manage ACLs for an already-existing user.

authorization UserAuthorizationSpec

Authorization rules defined for this user.

template UserTemplateSpec

Template to specify how user secrets are generated.

UserStatus

UserStatus defines the observed state of a Redpanda user

Appears in:
Field Description

observedGeneration integer

Specifies the last observed generation.

conditions invalid type array

Conditions holds the conditions for the Redpanda user.

managedAcls boolean

ManagedACLs returns whether the user has managed ACLs that need
to be cleaned up.

managedUser boolean

ManagedUser returns whether the user has a managed SCRAM user that need
to be cleaned up.

UserTemplateSpec

UserTemplateSpec defines the template metadata (labels and annotations) for any subresources, such as Secrets, created by a User object.

Appears in:
Field Description

Specifies how the Secret with a user password is generated.

UsersItems

UsersItems configures a list of superusers in the Helm values.

Appears in:
Field Description

mechanism string

Specifies the authentication mechanism to use for superusers. Overrides the default in SASL. Options are SCRAM-SHA-256 and SCRAM-SHA-512.

name string

Specifies the name of the superuser.

password string

Specifies the superuser password.