Skip to main content
Version: 22.1

rpk commands

rpk (Redpanda Keeper) is Redpanda's command line interface (CLI) utility. rpk commands allow you to configure and manage Redpanda clusters, tune them for better performance, manage topics and groups, manage access control lists (ACLs).

This section lists each rpk command in alphabetical order, along with a table of flags for that command. All descriptions are from the output of the rpk <command> –help command.

rpk

rpk is the Redpanda CLI & toolbox.

Usage:
rpk [command]

Flags

Value Type Description
-h, --help- help for rpk
-v, --verbose- Enable verbose logging (default: false).

rpk acl

Manage ACLs and SASL users.

This command space creates, lists, and deletes ACLs, as well as creates SASL users. The help text below is specific to ACLs. To learn about SASL users, check the help text under the "user" command.

When using SASL, ACLs allow or deny you access to certain requests. The "create", "delete", and "list" commands help you manage your ACLs.

An ACL is made up of five components:

  • a principal (the user)
  • a host the principal is allowed or denied requests from
  • what resource to access (topic name, group ID, ...)
  • the operation (read, write, ...)
  • the permission: whether to allow or deny the above

ACL commands work on a multiplicative basis. If creating, specifying two principals and two permissions creates four ACLs: both permissions for the first principal, as well as both permissions for the second principal. Adding two resources further doubles the ACLs created.

It is recommended to be as specific as possible when granting ACLs. Granting more ACLs than necessary per principal may inadvertently allow clients to do things they should not, such as deleting topics or joining the wrong consumer group.

PRINCIPALS

All ACLs require a principal. A principal is composed of two parts: the type and the name. Within Redpanda, only one type is supported, "User". The reason for the prefix is that a potential future authorizer may add support for authorizing by Group or anything else.

When you create a user, you need to add ACLs for it before it can be used. You can create / delete / list ACLs for that user with either "User:bar" or "bar" in the --allow-principal and --deny-principal flags. This command will add the "User:" prefix for you if it is missing. The wildcard '' matches any user. Creating an ACL with user '' grants or denies the permission for all users.

HOSTS

Hosts can be seen as an extension of the principal, and effectively gate where the principal can connect from. When creating ACLs, unless otherwise specified, the default host is the wildcard '*' which allows or denies the principal from all hosts (where allow & deny are based on whether --allow-principal or --deny-principal is used). If specifying hosts, you must pair the --allow-host flag with the --allow-principal flag, and the --deny-host flag with the --deny-principal flag.

RESOURCES

A resource is what an ACL allows or denies access to. There are four resources within Redpanda: topics, groups, the cluster itself, and transactional IDs. Names for each of these resources can be specified with their respective flags.

Resources combine with the operation that is allowed or denied on that resource. The next section describes which operations are required for which requests, and further fleshes out the concept of a resource.

By default, resources are specified on an exact name match (a "literal" match). The --resource-pattern-type flag can be used to specify that a resource name is "prefixed", meaning to allow anything with the given prefix. A literal name of "foo" will match only the topic "foo", while the prefixed name of "foo-" will match both "foo-bar" and "foo-baz". The special wildcard resource name '' matches any name of the given resource type (--topic '' matches all topics).

OPERATIONS

Pairing with resources, operations are the actions that are allowed or denied. Redpanda has the following operations:

ALL                 Allows all operations below.
READ Allows reading a given resource.
WRITE Allows writing to a given resource.
CREATE Allows creating a given resource.
DELETE Allows deleting a given resource.
ALTER Allows altering non-configurations.
DESCRIBE Allows querying non-configurations.
DESCRIBE_CONFIGS Allows describing configurations.
ALTER_CONFIGS Allows altering configurations.

Check --help-operations to see which operations are required for which requests. In flag form to set up a general producing/consuming client, you can invoke 'rpk acl create' three times with the following (including your --allow-principal):

--operation write,read,describe --topic [topics]
--operation describe,read --group [group.id]
--operation describe,write --transactional-id [transactional.id]

PERMISSIONS

A client can be allowed access or denied access. By default, all permissions are denied. You only need to specifically deny a permission if you allow a wide set of permissions and then want to deny a specific permission in that set. You could allow all operations, and then specifically deny writing to topics.

MANAGEMENT

Creating ACLs works on a specific ACL basis, but listing and deleting ACLs works on filters. Filters allow matching many ACLs to be printed listed and deleted at once. Because this can be risky for deleting, the delete command prompts for confirmation by default. More details and examples for creating, listing, and deleting can be seen in each of the commands.

Using SASL requires setting "enable_sasl: true" in the redpanda section of your redpanda.yaml. User management is a separate, simpler concept that is described in the user command.

Usage:
rpk acl [flags]
rpk acl [command]

Flags

Value Type Description
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
-h, --help- help for acl
--help-operations- Print more help about ACL operations.
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk acl create

Create ACLs.

See the 'rpk acl' help text for a full write up on ACLs. Following the multiplying effect of combining flags, the create command works on a straightforward basis: every ACL combination is a created ACL.

As mentioned in the 'rpk acl' help text, if no host is specified, an allowed principal is allowed access from all hosts. The wildcard principal '*' allows all principals. At least one principal, one host, one resource, and one operation is required to create a single ACL.

Allow all permissions to user bar on topic "foo" and group "g": --allow-principal bar --operation all --topic foo --group g Allow read permissions to all users on topics biz and baz: --allow-principal '*' --operation read --topic biz,baz Allow write permissions to user buzz to transactional id "txn": --allow-principal User:buzz --operation write --transactional-id txn

Usage:
rpk acl create [flags]

Flags

Value Type Description
--allow-hoststrings hosts from which access will be granted (repeatable)
--allow-principalstrings principals for which these permissions will be granted (repeatable)
--cluster- whether to grant ACLs to the cluster
--deny-hoststrings hosts from from access will be denied (repeatable)
--deny-principalstrings principal for which these permissions will be denied (repeatable)
--groupstrings group to grant ACLs for (repeatable)
-h, --help- help for create
--operationstrings operation to grant (repeatable)
--topicstrings topic to grant ACLs for (repeatable)
--transactional-idstrings transactional IDs to grant ACLs for (repeatable)
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk acl delete

Delete ACLs.

See the 'rpk acl' help text for a full write up on ACLs. Delete flags work in a similar multiplying effect as creating ACLs, but delete is more advanced: deletion works on a filter basis. Any unspecified flag defaults to matching everything (all operations, or all allowed principals, etc). To ensure that you do not accidentally delete more than you intend, this command prints everything that matches your input filters and prompts for a confirmation before the delete request is issued. Anything matching more than 10 ACLs doubly confirms.

As mentioned, not specifying flags matches everything. If no resources are specified, all resources are matched. If no operations are specified, all operations are matched. You can also opt in to matching everything with "any": --operation any matches any operation.

The --resource-pattern-type, defaulting to "any", configures how to filter resource names:

  • "any" returns exact name matches of either prefixed or literal pattern type
  • "match" returns wildcard matches, prefix patterns that match your input, and literal matches
  • "prefix" returns prefix patterns that match your input (prefix "fo" matches "foo")
  • "literal" returns exact name matches
Usage:
rpk acl delete [flags]

Flags

Value Type Description
--allow-hoststrings allowed host ACLs to remove (repeatable)
--allow-principalstrings allowed principal ACLs to remove (repeatable)
--cluster- whether to remove ACLs to the cluster
--deny-hoststrings denied host ACLs to remove (repeatable)
--deny-principalstrings denied principal ACLs to remove (repeatable)
-d, --dry- dry run: validate what would be deleted
--groupstrings group to remove ACLs for (repeatable)
-h, --help- help for delete
--no-confirm- disable confirmation prompt
--operationstrings operation to remove (repeatable)
-f, --print-filters- print the filters that were requested (failed filters are always printed)
--topicstrings topic to remove ACLs for (repeatable)
--transactional-idstrings transactional IDs to remove ACLs for (repeatable)
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk acl list

List ACLs.

See the 'rpk acl' help text for a full write up on ACLs. List flags work in a similar multiplying effect as creating ACLs, but list is more advanced: listing works on a filter basis. Any unspecified flag defaults to matching everything (all operations, or all allowed principals, etc).

As mentioned, not specifying flags matches everything. If no resources are specified, all resources are matched. If no operations are specified, all operations are matched. You can also opt in to matching everything with "any": --operation any matches any operation.

The --resource-pattern-type, defaulting to "any", configures how to filter resource names:

  • "any" returns exact name matches of either prefixed or literal pattern type
  • "match" returns wildcard matches, prefix patterns that match your input, and literal matches
  • "prefix" returns prefix patterns that match your input (prefix "fo" matches "foo")
  • "literal" returns exact name matches
Usage:
rpk acl list [flags]

Aliases:
list, ls, describe

Flags

Value Type Description
--allow-hoststrings allowed host ACLs to match (repeatable)
--allow-principalstrings allowed principal ACLs to match (repeatable)
--cluster- whether to match ACLs to the cluster
--deny-hoststrings denied host ACLs to match (repeatable)
--deny-principalstrings denied principal ACLs to match (repeatable)
--groupstrings group to match ACLs for (repeatable)
-h, --help- help for list
--operationstrings operation to match (repeatable)
-f, --print-filters- print the filters that were requested (failed filters are always printed)
--topicstrings topic to match ACLs for (repeatable)
--transactional-idstrings transactional IDs to match ACLs for (repeatable)
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk acl user

Manage SASL users.

If SASL is enabled, a SASL user is what you use to talk to Redpanda, and ACLs control what your user has access to. See 'rpk acl --help' for more information about ACLs, and 'rpk acl user create --help' for more information about creating SASL users. Using SASL requires setting "enable_sasl: true" in the redpanda section of your redpanda.yaml.

Usage:
rpk acl user [command]

Flags

Value Type Description
--api-urlsstrings The comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
-h, --help- help for user
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk acl user create

Create a SASL user.

This command creates a single SASL user with the given password, optionally with a custom "mechanism". SASL consists of three parts: a username, a password, and a mechanism. The mechanism determines which authentication flow the client will use for this user/pass.

Redpanda currently supports two mechanisms: SCRAM-SHA-256, the default, and SCRAM-SHA-512, which is the same flow but uses sha512 rather than sha256.

Using SASL requires setting "enable_sasl: true" in the redpanda section of your redpanda.yaml. Before a created SASL account can be used, you must also create ACLs to grant the account access to certain resources in your cluster. See the acl help text for more info.

Usage:
rpk acl user create [USER} -p [PASS] [flags]

Flags

Value Type Description
-h, --help- help for create
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--api-urlsstrings The comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk acl user delete

Delete a SASL user.

This command deletes the specified SASL account from Redpanda. This does not delete any ACLs that may exist for this user.

Usage:
rpk acl user delete [USER] [flags]

Flags

Value Type Description
-h, --help- help for delete
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--api-urlsstrings The comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk acl user list

List SASL users.

Usage:
rpk acl user list [flags]

Aliases:
list, ls

Flags

Value Type Description
-h, --help- help for list
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--api-urlsstrings The comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster

Interact with a Redpanda cluster.

Usage:
rpk cluster [command]

Flags

Value Type Description
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
-h, --help- help for cluster
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster config

Interact with cluster configuration properties.

Cluster properties are redpanda settings which apply to all nodes in the cluster. These are separate to node properties, which are set with 'rpk redpanda config'.

Use the 'edit' subcommand to interactively modify the cluster configuration, or 'export' and 'import' to write configuration to a file that can be edited and read back later.

These commands take an optional '--all' flag to include all properties including low level tunables such as internal buffer sizes, that do not usually need to be changed during normal operations. These properties generally require some expertize to set safely, so if in doubt, avoid using '--all'.

Modified properties are propagated immediately to all nodes. The 'status' subcommand can be used to verify that all nodes are up to date, and identify any settings which were rejected by a node, for example if a node is running a different redpanda version that does not recognize certain properties.

Usage:
rpk cluster config [command]

Flags

Value Type Description
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--all- Include all properties, including tunables.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
-h, --help- help for config
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster config edit

Edit cluster-wide configuration properties.

This command opens a text editor to modify the cluster's configuration.

Cluster properties are redpanda settings which apply to all nodes in the cluster. These are separate to node properties, which are set with 'rpk redpanda config'.

Modified values are written back when the file is saved and the editor is closed. Properties which are deleted are reset to their default values.

By default, low level tunables are excluded: use the '--all' flag to edit all properties including these tunables.

Usage:
rpk cluster config edit [flags]

Flags

Value Type Description
-h, --help- help for edit
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--all- Include all properties, including tunables.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster config export

Export cluster configuration.

Writes out a YAML representation of the cluster configuration to a file, suitable for editing and later applying with the corresponding 'import' command.

By default, low level tunables are excluded: use the '--all' flag to include all properties including these low level tunables.

Usage:
rpk cluster config export [flags]

Flags

Value Type Description
-f, --filenamestring full path to file to export to, e.g. '/tmp/config.yml'
-h, --help- help for export
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--all- Include all properties, including tunables.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster config force-reset

Forcibly clear a cluster configuration property on this node.

This command is not for general changes to cluster configuration: use this only when redpanda will not start due to a configuration issue.

If your cluster is working properly and you would like to reset a property to its default, you may use the 'set' command with an empty string, or use the 'edit' command and delete the property's line.

This command erases a named property from an internal cache of the cluster configuration on the local node, so that on next startup redpanda will treat the setting as if it was set to the default.

Usage:
rpk cluster config force-reset [PROPERTY...] [flags]

Flags

Value Type Description
--cache-filestring location of configuration cache file (defaults to redpanda data directory)
-h, --help- help for force-reset
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--all- Include all properties, including tunables.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster config get

Get a cluster configuration property.

This command is provided for use in scripts. For interactive editing, or bulk output, use the 'edit' and 'export' commands respectively.

Usage:
rpk cluster config get <key> [flags]

Flags

Value Type Description
-h, --help- help for get
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--all- Include all properties, including tunables.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster config import

Import cluster configuration from a file.

Import configuration from a YAML file, usually generated with corresponding 'export' command. This downloads the current cluster configuration, calculates the difference with the YAML file, and updates any properties that were changed. If a property is removed from the YAML file, it is reset to its default value.

Usage:
rpk cluster config import [flags]

Flags

Value Type Description
--filenamestring full path to file to import, e.g. '/tmp/config.yml'
-h, --help- help for import
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--all- Include all properties, including tunables.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster config lint

Remove any deprecated content from redpanda.yaml.

Deprecated content includes properties which were set via redpanda.yaml in earlier versions of redpanda, but are now managed via Redpanda's central configuration store (and via 'rpk cluster config edit').

Usage:
rpk cluster config lint [flags]

Flags

Value Type Description
-h, --help- help for lint
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--all- Include all properties, including tunables.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster config set

Set a single cluster configuration property.

This command is provided for use in scripts. For interactive editing, or bulk changes, use the 'edit' and 'import' commands respectively.

If an empty string is given as the value, the property is reset to its default.

Usage:
rpk cluster config set <key> <value> [flags]

Flags

Value Type Description
-h, --help- help for set
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--all- Include all properties, including tunables.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster config status

Get configuration status of redpanda nodes.

For each node, indicate whether a restart is required for settings to take effect, and any settings that the node has identified as invalid or unknown properties.

Additionally show the version of cluster configuration that each node has applied: under normal circumstances these should all be equal, a lower number shows that a node is out of sync, perhaps because it is offline.

Usage:
rpk cluster config status [flags]

Flags

Value Type Description
-h, --help- help for status
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--all- Include all properties, including tunables.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster health

Queries health overview.

Health overview is created based on the health reports collected periodically from all nodes in the cluster. A cluster is considered healthy when the following conditions are met:

  • all cluster nodes are responding
  • all partitions have leaders
  • the cluster controller is present
Usage:
rpk cluster health [flags]

Flags

Value Type Description
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
-e, --exit-when-healthy- when used with wait, exits after cluster is back in healthy state
-h, --help- help for health
-w, --watch- blocks and writes out all cluster health changes
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster maintenance

Interact with cluster maintenance mode.

Maintenance mode is a state that a node may be placed into in which the node may be shutdown or restarted with minimal disruption to client workloads. The primary use of maintenance mode is to perform a rolling upgrade in which each node is placed into maintenance mode prior to upgrading the node.

Use the 'enable' and 'disable' subcommands to place a node into maintenance mode or remove it, respectively. Only one node at a time may be in maintenance mode.

When a node is placed into maintenance mode the following occurs:

Leadership draining. All raft leadership is transferred to another eligible node, and the node in maintenance mode rejects new leadership requests. By transferring leadership off of the node in maintenance mode all client traffic and requests are directed to other nodes minimizing disruption to client workloads when the node is shutdown.

Currently leadership is not transferred for partitions with one replica.

Usage:
rpk cluster maintenance [command]

Flags

Value Type Description
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
-h, --help- help for maintenance
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster maintenance disable

Disable maintenance mode for a node.

Usage:
rpk cluster maintenance disable <broker-id> [flags]

Flags

Value Type Description
-h, --help- help for disable
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster maintenance enable

Enable maintenance mode for a node.

This command enables maintenance mode for the node with the specified ID. If a node exists that is already in maintenance mode then an error will be returned.

Usage:
rpk cluster maintenance enable <node-id> [flags]

Flags

Value Type Description
-h, --help- help for enable
-w, --wait- Wait until node is drained
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster maintenance status

Report maintenance status.

This command reports maintenance status for each node in the cluster. The output is presented as a table with each row representing a node in the cluster. The output can be used to monitor the progress of node draining.

NODE-ID DRAINING FINISHED ERRORS PARTITIONS ELIGIBLE TRANSFERRING FAILED 1 false false false 0 0 0 0

Field descriptions:

    NODE-ID: the node ID
DRAINING: true if the node is actively draining leadership
FINISHED: leadership draining has completed
ERRORS: errors have been encountered while draining
PARTITIONS: number of partitions whose leadership has moved
ELIGIBLE: number of partitions with leadership eligible to move

TRANSFERRING: current active number of leadership transfers FAILED: number of failed leadership transfers

Notes:

  • When errors are present further information will be available in the logs for the corresponding node.

  • Only partitions with more than one replica are eligible for leadership transfer.

Usage:
rpk cluster maintenance status [flags]

Flags

Value Type Description
-h, --help- help for status
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--api-urlsstring Comma-separated list of admin API addresses (|IP|:|port|
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk cluster metadata

Request broker metadata.

The Kafka protocol's metadata contains information about brokers, topics, and the cluster as a whole.

This command only runs if specific sections of metadata are requested. There are currently three sections: the cluster, the list of brokers, and the topics. If no section is specified, this defaults to printing all sections.

If the topic section is requested, all topics are requested by default unless some are manually specified as arguments. Expanded per-partition information can be printed with the -d flag, and internal topics can be printed with the -i flag.

In the broker section, the controller node is suffixed with *.

Usage:
rpk cluster metadata [flags]

Aliases:
metadata, status, info

Flags

Value Type Description
-h, --help- help for metadata
-b, --print-brokers- print brokers section
-c, --print-cluster- print cluster section
-d, --print-detailed-topics- print per-partition information for topics (implies -t)
-i, --print-internal-topics- print internal topics (if all topics requested, implies -t)
-t, --print-topics- print topics section (implied if any topics are specified)
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk container

Manage a local container cluster.

Usage:
rpk container [command]

Flags

Value Type Description
-h, --help- help for container
-v, --verbose- Enable verbose logging (default: false).

rpk container purge

Stop and remove an existing local container cluster's data.

Usage:
rpk container purge [flags]

Flags

Value Type Description
-h, --help- help for purge
-v, --verbose- Enable verbose logging (default: false).

rpk container start

Start a local container cluster.

Usage:
rpk container start [flags]

Flags

Value Type Description
-h, --help- help for start
-n, --nodes- uint The number of nodes to start (default 1)
--retries- uint The amount of times to check for the cluster before considering it unstable and exiting. (default 10)
-v, --verbose- Enable verbose logging (default: false).

rpk container stop

Stop an existing local container cluster.

Usage:
rpk container stop [flags]

Flags

Value Type Description
-h, --help- help for stop
-v, --verbose- Enable verbose logging (default: false).

rpk debug

Debug the local Redpanda process.

Usage:
rpk debug [command]

Flags

Value Type Description
-h, --help- help for debug
-v, --verbose- Enable verbose logging (default: false).

rpk debug bundle

'rpk debug bundle' collects environment data that can help debug and diagnose issues with a redpanda cluster, a broker, or the machine it's running on. It then bundles the collected data into a zip file.

The following are the data sources that are bundled in the compressed file:

  • Kafka metadata: Broker configs, topic configs, start/committed/end offsets, groups, group commits.

  • Data directory structure: A file describing the data directory's contents.

  • redpanda configuration: The redpanda configuration file (redpanda.yaml; SASL credentials are stripped).

  • /proc/cpuinfo: CPU information like make, core count, cache, frequency.

  • /proc/interrupts: IRQ distribution across CPU cores.

  • Resource usage data: CPU usage percentage, free memory available for the redpanda process.

  • Clock drift: The ntp clock delta (using pool.ntp.org as a reference) & round trip time.

  • Kernel logs: The kernel logs ring buffer (syslog).

  • Broker metrics: The local broker's Prometheus metrics, fetched through its admin API.

  • DNS: The DNS info as reported by 'dig', using the hosts in /etc/resolv.conf.

  • Disk usage: The disk usage for the data directory, as output by 'du'.

  • redpanda logs: The redpanda logs written to journald. If --logs-since or --logs-until are passed, then only the logs within the resulting time frame will be included.

  • Socket info: The active sockets data output by 'ss'.

  • Running process info: As reported by 'top'.

  • Virtual memory stats: As reported by 'vmstat'.

  • Network config: As reported by 'ip addr'.

  • lspci: List the PCI buses and the devices connected to them.

  • dmidecode: The DMI table contents. Only included if this command is run as root.

Usage:
rpk debug bundle [flags]

Flags

Value Type Description
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--admin-urlstring The address to the broker's admin API. Defaults to the one in the config file.
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
-h, --help- help for bundle
--logs-sincestring Include log entries on or newer than the specified date. (journalctl date format, e.g. YYYY-MM-DD)
--logs-untilstring Include log entries on or older than the specified date. (journalctl date format, e.g. YYYY-MM-DD)
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--timeoutduration How long to wait for child commands to execute (e.g. '30s', '1.5m') (default 10s)
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk generate

Generate a configuration template for related services.

Usage:
rpk generate [command]

Flags

Value Type Description
-h, --help- help for generate
-v, --verbose- Enable verbose logging (default: false).

rpk generate grafana-dashboard

Generate a Grafana dashboard for redpanda metrics.

Usage:
rpk generate grafana-dashboard [flags]

Flags

Value Type Description
--datasourcestring The name of the Prometheus datasource as configured in your grafana instance.
-h, --help- help for grafana-dashboard
-v, --verbose- Enable verbose logging (default: false).

rpk generate prometheus-config

Generate the Prometheus configuration to scrape redpanda nodes. This command's output should be added to the 'scrape_configs' array in your Prometheus instance's YAML config file.

If --seed-addr is passed, it will be used to discover the rest of the cluster hosts via redpanda's Kafka API. If --node-addrs is passed, they will be used directly. Otherwise, 'rpk generate prometheus-conf' will read the redpanda config file and use the node IP configured there. --config may be passed to specify an arbitrary config file.

Usage:
rpk generate prometheus-config [flags]

Flags

Value Type Description
--configstring The path to the redpanda config file
-h, --help- help for prometheus-config
--node-addrsstrings A comma-delimited list of the addresses (|host|:|port|) of all the redpanda nodes in a cluster. The port must be the one configured for the nodes' admin API (9644 by default)
--seed-addrstring The URL of a redpanda node with which to discover the rest
-v, --verbose- Enable verbose logging (default: false).

rpk generate shell-completion

Shell completion can help autocomplete rpk commands when you press tab.

Bash

Bash autocompletion relies on the bash-completion package. You can test if you have this by running "type _init_completion", if you do not, you can install the package through your package manager.

If you have bash-completion installed, and the command still fails, you likely need to add the following line to your ~/.bashrc:

source /usr/share/bash-completion/bash_completion

To ensure autocompletion of rpk exists in all shell sessions, add the following to your ~/.bashrc:

command -v rpk >/dev/null && . <(rpk generate shell-completion bash)

Alternatively, to globally enable rpk completion, you can run the following:

rpk generate shell-completion bash > /etc/bash_completion.d/rpk

Zsh

To enable autocompletion in any zsh session for any user, run this once:

rpk generate shell-completion zsh > "${fpath[1]}/_rpk"

You can also place that command in your ~/.zshrc to ensure that when you update rpk, you update autocompletion. If you initially require sudo to edit that file, you can chmod it to be world writeable, after which you will always be able to update it from ~/.zshrc.

If shell completion is not already enabled in your zsh environment, also add the following to your ~/.zshrc:

autoload -U compinit; compinit

Fish

To enable autocompletion in any fish session, run:

rpk generate shell-completion fish > ~/.config/fish/completions/rpk.fish
Usage:
rpk generate shell-completion [flags]

Flags

Value Type Description
-h, --help- help for shell-completion
-v, --verbose- Enable verbose logging (default: false).

rpk group

Describe, list, and delete consumer groups and manage their offsets.

Consumer groups allow you to horizontally scale consuming from topics. A non-group consumer consumes all records from all partitions you assign it. In contrast, consumer groups allow many consumers to coordinate and divide work. If you have two members in a group consuming topics A and B, each with three partitions, then both members consume three partitions. If you add another member to the group, then each of the three members will consume two partitions. This allows you to horizontally scale consuming of topics.

The unit of scaling is a single partition. If you add more consumers to a group than there are are total partitions to consume, then some consumers will be idle. More commonly, you have many more partitions than consumer group members and each member consumes a chunk of available partitions. One scenario where you may want more members than partitions is if you want active standby's to take over load immediately if any consuming member dies.

How group members divide work is entirely client driven (the "partition assignment strategy" or "balancer" depending on the client). Brokers know nothing about how consumers are assigning partitions. A broker's role in group consuming is to choose which member is the leader of a group, forward that member's assignment to every other member, and ensure all members are alive through heartbeats.

Consumers periodically commit their progress when consuming partitions. Through these commits, you can monitor just how far behind a consumer is from the latest messages in a partition. This is called "lag". Large lag implies that the client is having problems, which could be from the server being too slow, or the client being oversubscribed in the number of partitions it is consuming, or the server being in a bad state that requires restarting or removing from the server pool, and so on.

You can manually manage offsets for a group, which allows you to rewind or forward commits. If you notice that a recent deploy of your consumers had a bug, you may want to stop all members, rewind the commits to before the latest deploy, and restart the members with a patch.

This command allows you to list all groups, describe a group (to view the members and their lag), and manage offsets.

Usage:
rpk group [command]

Aliases:
group, g

Flags

Value Type Description
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
-h, --help- help for group
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk group delete

Delete groups from brokers.

Older versions of the Kafka protocol included a retention_millis field in offset commit requests. Group commits persisted for this retention and then eventually expired. Once all commits for a group expired, the group would be considered deleted.

The retention field was removed because it proved problematic for infrequently committing consumers: the offsets could be expired for a group that was still active. If clients use new enough versions of OffsetCommit (versions that have removed the retention field), brokers expire offsets only when the group is empty for offset.retention.minutes. Redpanda does not currently support that configuration (see #2904), meaning offsets for empty groups expire only when they are explicitly deleted.

You may want to delete groups to clean up offsets sooner than when they automatically are cleaned up, such as when you create temporary groups for quick investigation or testing. This command helps you do that.

Usage:
rpk group delete [GROUPS...] [flags]

Flags

Value Type Description
-h, --help- help for delete
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk group describe

Describe group offset status & lag.

This command describes group members, calculates their lag, and prints detailed information about the members.

Usage:
rpk group describe [GROUPS...] [flags]

Flags

Value Type Description
-h, --help- help for describe
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk group list

List all groups.

This command lists all groups currently known to Redpanda, including empty groups that have not yet expired. The BROKER column is which broker node is the coordinator for the group. This command can be used to track down unknown groups, or to list groups that need to be cleaned up.

Usage:
rpk group list [flags]

Aliases:
list, ls

Flags

Value Type Description
-h, --help- help for list
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk group seek

Modify a group's current offsets.

This command allows you to modify a group's offsets. Sometimes, you may need to rewind a group if you had a mistaken deploy, or fast-forward a group if it is falling behind on messages that can be skipped.

The --to option allows you to seek to the start of partitions, end of partitions, or after a specific timestamp. The default is to seek any topic previously committed. Using --topics allows to you set commits for only the specified topics; all other commits will remain untouched. Topics with no commits will not be committed unless allowed with --allow-new-topics.

The --to-group option allows you to seek to commits that are in another group. This is a merging operation: if g1 is consuming topics A and B, and g2 is consuming only topic B, "rpk group seek g1 --to-group g2" will update g1's commits for topic B only. The --topics flag can be used to further narrow which topics are updated. Unlike --to, all non-filtered topics are committed, even topics not yet being consumed, meaning --allow-new-topics is not needed.

The --to-file option allows to seek to offsets specified in a text file with the following format: [TOPIC][PARTITION] [OFFSET][TOPIC] [PARTITION][OFFSET] ... Each line contains the topic, the partition, and the offset to seek to. As with the prior options, --topics allows filtering which topics are updated. Similar to --to-group, all non-filtered topics are committed, even topics not yet being consumed, meaning --allow-new-topics is not needed.

The --to, --to-group, and --to-file options are mutually exclusive. If you are not authorized to describe or read some topics used in a group, you will not be able to modify offsets for those topics.

EXAMPLES

Seek group G to June 1st, 2021: rpk group seek g --to 1622505600 or, rpk group seek g --to 1622505600000 or, rpk group seek g --to 1622505600000000000 Seek group X to the commits of group Y topic foo: rpk group seek X --to-group Y --topics foo Seek group G's topics foo, bar, and biz to the end: rpk group seek G --to end --topics foo,bar,biz Seek group G to the beginning of a topic it was not previously consuming: rpk group seek G --to start --topics foo --allow-new-topics

Usage:
rpk group seek [GROUP] --to (start|end|timestamp) --to-group ... --topics ... [flags]

Flags

Value Type Description
--allow-new-topics- Allow seeking to new topics not currently consumed (implied with --to-group or --to-file)
-h, --help- help for seek
--tostring Where to seek (start, end, unix second | millisecond | nanosecond)
--to-filestring Seek to offsets as specified in the file
--to-groupstring Seek to the commits of another group
--topicsstringArray Only seek these topics, if any are specified
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk help

Help provides help for any command in the application. Simply type rpk help [path to command] for full details.

Usage:
rpk help [command] [flags]

Flags

Value Type Description
-h, --help- help for help
-v, --verbose- Enable verbose logging (default: false).

rpk iotune

Measure filesystem performance and create IO configuration file.

Usage:
rpk iotune [flags]

Flags

Value Type Description
--configstring Redpanda config file, if not set the file will be searched for in the default locations.
--directoriesstrings List of directories to evaluate
--durationduration Duration of tests.The value passed is a sequence of decimal numbers, each with optional fraction and a unit suffix, such as '300ms', '1.5s' or '2h45m'. Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h' (default 10m0s)
-h, --help- help for iotune
--timeoutduration The maximum time after -- to wait for iotune to complete. The value passed is a sequence of decimal numbers, each with optional fraction and a unit suffix, such as '300ms', '1.5s' or '2h45m'. Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h' (default 1h0m0s)
-v, --verbose- Enable verbose logging (default: false).

rpk plugin

List, download, update, and remove rpk plugins.

Plugins augment rpk with new commands.

For a plugin to be used, it must be somewhere discoverable by rpk in your $PATH. All plugins follow a defined naming scheme:

rpk-|name|
rpk.ac-|name|

All plugins are prefixed with either rpk- or rpk.ac-. When rpk starts up, it searches all directories in your $PATH for any executable binary that begins with either of those prefixes. For any binary it finds, rpk adds a command for that name to the rpk command space itself.

No plugin name can shadow an existing rpk command, and only one plugin can exist under a given name at once. Plugins are added to the rpk command space on a first-seen basis. If you have two plugins rpk-foo, and the second is discovered later on in the $PATH directories, then only the first will be used. The second will be ignored.

Plugins that have an rpk.ac- prefix indicate that they support the --help-autocomplete flag. If rpk sees this, rpk will exec the plugin with that flag when rpk starts up, and the plugin will return all commands it supports as well as short and long help test for each command. Rpk uses this return to build a shadow command space within rpk itself so that it looks as if the plugin exists within rpk. This is particularly useful if you enable autocompletion.

The expected return for plugins from --help-autocomplete is an array of the following:

type pluginHelp struct { Path string json:"path,omitempty" Short string json:"short,omitempty" Long string json:"long,omitempty" Example string json:"example,omitempty" Args []string json:"args,omitempty" }

where "path" is an underscore delimited argument path to a command. For example, "foo_bar_baz" corresponds to the command "rpk foo bar baz".

Usage:
rpk plugin [command]

Flags

Value Type Description
-h, --help- help for plugin
-v, --verbose- Enable verbose logging (default: false).

rpk plugin install

Install an rpk plugin.

An rpk plugin must be saved in a directory that is in your $PATH. By default, this command installs plugins to the first directory in your $PATH. This can be overridden by specifying the --bin-dir flag.

Usage:
rpk plugin install [PLUGIN] [flags]

Aliases:
install, download

Flags

Value Type Description
-h, --help- help for install
-u, --update- update a locally installed plugin if it differs from the current remote version
-v, --verbose- Enable verbose logging (default: false).

rpk plugin list

List all available plugins.

By default, this command fetches the remote manifest and prints plugins available for download. Any plugin that is already downloaded is prefixed with an asterisk. If a locally installed plugin has a different sha256sum as the one specified in the manifest, or if the sha256sum could not be calculated for the local plugin, an additional message is printed.

You can specify --local to print all locally installed plugins, as well as whether you have "shadowed" plugins (the same plugin specified multiple times).

Usage:
rpk plugin list [flags]

Flags

Value Type Description
-h, --help- help for list
-l, --local- list locally installed plugins and shadowed plugins
-v, --verbose- Enable verbose logging (default: false).

rpk plugin uninstall

Uninstall / remove an existing local plugin.

This command lists locally installed plugins and removes the first plugin that matches the requested removal. If --include-shadowed is specified, this command also removes all shadowed plugins of the same name.

Usage:
rpk plugin uninstall [NAME] [flags]

Aliases:
uninstall, rm

Flags

Value Type Description
-h, --help- help for uninstall
--include-shadowed- also remove shadowed plugins that have the same name
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda

Interact with a local Redpanda process

Usage:
rpk redpanda [command]

Flags

Value Type Description
-h, --help- help for redpanda
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda admin

Talk to the Redpanda admin listener.

Usage:
rpk redpanda admin [command]

Flags

Value Type Description
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--configstring rpk config file, if not set the file will be searched for in the default locations
-h, --help- help for admin
--hostsstrings A comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda admin brokers

View and configure Redpanda brokers through the admin listener.

Usage:
rpk redpanda admin brokers [command]

Flags

Value Type Description
-h, --help- help for brokers
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--configstring rpk config file, if not set the file will be searched for in the default locations
--hostsstrings A comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda admin brokers decommission

Decommission the given broker.

Decommissioning a broker removes it from the cluster.

A decommission request is sent to every broker in the cluster, only the cluster leader handles the request.

Usage:
rpk redpanda admin brokers decommission [BROKER ID] [flags]

Flags

Value Type Description
-h, --help- help for decommission
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--configstring rpk config file, if not set the file will be searched for in the default locations
--hostsstrings A comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda admin brokers list

List the brokers in your cluster.

Usage:
rpk redpanda admin brokers list [flags]

Aliases:
list, ls

Flags

Value Type Description
-h, --help- help for list
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--configstring rpk config file, if not set the file will be searched for in the default locations
--hostsstrings A comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda admin brokers recommission

Recommission the given broker if is is still decommissioning.

Recommissioning can stop an active decommission.

Once a broker is decommissioned, it cannot be recommissioned through this command.

A recommission request is sent to every broker in the cluster, only the cluster leader handles the request.

Usage:
rpk redpanda admin brokers recommission [BROKER ID] [flags]

Flags

Value Type Description
-h, --help- help for recommission
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--configstring rpk config file, if not set the file will be searched for in the default locations
--hostsstrings A comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda admin config

View or modify Redpanda configuration through the admin listener.

Usage:
rpk redpanda admin config [command]

Flags

Value Type Description
-h, --help- help for config
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--configstring rpk config file, if not set the file will be searched for in the default locations
--hostsstrings A comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda admin config log-level

Manage a broker's log level.

Usage:
rpk redpanda admin config log-level [command]

Flags

Value Type Description
-h, --help- help for log-level
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--configstring rpk config file, if not set the file will be searched for in the default locations
--hostsstrings A comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda admin config log-level set

Set broker logger's log level.

This command temporarily changes a broker logger's log level. Each Redpanda broker has many loggers, and each can be individually changed. Any change to a logger persists for a limited amount of time, so as to ensure you do not accidentally enable debug logging permanently.

It is optional to specify a logger; if you do not, this command will prompt from the set of available loggers.

The special logger "all" enables all loggers. Alternatively, you can specify many loggers at once. To see all possible loggers, run the following command:

redpanda --help-loggers

This command accepts loggers that it does not know of to ensure you can independently update your redpanda installations from rpk. The success or failure of enabling each logger is individually printed.

Usage:
rpk redpanda admin config log-level set [LOGGERS...] [flags]

Flags

Value Type Description
-e, --expiry-secondsint seconds to persist this log level override before redpanda reverts to its previous settings (if 0, persist until shutdown) (default 300)
-h, --help- help for set
--hoststring either an index into admin_api hosts to issue the request to, or a hostname
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--configstring rpk config file, if not set the file will be searched for in the default locations
--hostsstrings A comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda admin config print

Display the current Redpanda configuration.

Usage:
rpk redpanda admin config print [flags]

Aliases:
print, dump, list, ls, display

Flags

Value Type Description
-h, --help- help for print
--hoststring either an index into admin_api hosts to issue the request to, or a hostname
--admin-api-tls-certstring The certificate to be used for TLS authentication with the Admin API.
--admin-api-tls-enabled- Enable TLS for the Admin API (not necessary if specifying custom certs).
--admin-api-tls-keystring The certificate key to be used for TLS authentication with the Admin API.
--admin-api-tls-truststorestring The truststore to be used for TLS communication with the Admin API.
--configstring rpk config file, if not set the file will be searched for in the default locations
--hostsstrings A comma-separated list of Admin API addresses (|IP|:|port|). You must specify one for each node.
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda check

Check if system meets redpanda requirements.

Usage:
rpk redpanda check [flags]

Flags

Value Type Description
--configstring Redpanda config file, if not set the file will be searched for in the default locations.
-h, --help- help for check
--timeoutduration The maximum amount of time to wait for the checks and tune processes to complete. The value passed is a sequence of decimal numbers, each with optional fraction and a unit suffix, such as '300ms', '1.5s' or '2h45m'. Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h' (default 2s)
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda config

Edit configuration.

Usage:
rpk redpanda config [command]

Flags

Value Type Description
-h, --help- help for config
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda config bootstrap

Initialize the configuration to bootstrap a cluster. --id is mandatory. bootstrap will expect the machine it's running on to have only one private non-loopback IP address associated to it, and use it in the configuration as the node's address. If it has multiple IPs, --self must be specified. In that case, the given IP will be used without checking whether it's among the machine's addresses or not. The elements in --ips must be separated by a comma, no spaces. If omitted, the node will be configured as a root node, that other ones can join later.

Usage:
rpk redpanda config bootstrap --id <id> [--self <ip>] [--ips <ip1,ip2,...>] [flags]

Flags

Value Type Description
--configstring Redpanda config file, if not set the file will be searched for in the default location.
-h, --help- help for bootstrap
--idint This node's ID (required). (default -1)
--ipsstrings The list of known node addresses or hostnames
--selfstring Hint at this node's IP address from within the list passed in --ips
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda config init

Init the node after install, by setting the node's UUID.

Usage:
rpk redpanda config init [flags]

Flags

Value Type Description
--configstring Redpanda config file, if not set the file will be searched for in the default location.
-h, --help- help for init
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda config set

Set configuration values, such as the node IDs or the list of seed servers.

Usage:
rpk redpanda config set <key> <value> [flags]

Flags

Value Type Description
--configstring Redpanda config file, if not set the file will be searched for in the default location.
-h, --help- help for set
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda mode

Enable a default configuration mode.

Usage:
rpk redpanda mode <mode> [flags]

Flags

Value Type Description
--configstring Redpanda config file, if not set the file will be searched for in the default locations.
-h, --help- help for mode
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda start

Start redpanda.

Usage:
rpk redpanda start [flags]

Flags

Value Type Description
--advertise-kafka-addrstrings A comma-separated list of Kafka addresses to advertise (|name|://|host|:|port|)
--advertise-pandaproxy-addrstrings A comma-separated list of Pandaproxy addresses to advertise (|name|://|host|:|port|)
--advertise-rpc-addrstring The advertised RPC address (|host|:|port|)
--check- When set to false will disable system checking before starting redpanda (default true)
--configstring Redpanda config file, if not set the file will be searched for in the default locations.
-h, --help- help for start
--install-dirstring Directory where redpanda has been installed
--kafka-addrstrings A comma-separated list of Kafka listener addresses to bind to (|name|://|host|:|port|)
--node-idint The node ID. Must be an integer and must be unique within a cluster
--pandaproxy-addrstrings A comma-separated list of Pandaproxy listener addresses to bind to (|name|://|host|:|port|)
--rpc-addrstring The RPC address to bind to (|host|:|port|)
--schema-registry-addrstrings A comma-separated list of Schema Registry listener addresses to bind to (|name|://|host|:|port|)
-s, --seedsstrings A comma-separated list of seed node addresses (|host|[:|port|]) to connect to
--timeoutduration The maximum time to wait for the checks and tune processes to complete. The value passed is a sequence of decimal numbers, each with optional fraction and a unit suffix, such as '300ms', '1.5s' or '2h45m'. Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h' (default 10s)
--tune- When present will enable tuning before starting redpanda
--well-known-iostring The cloud vendor and VM type, in the format |vendor|:|vm type|:|storage type|
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda stop

Stop a local redpanda process. 'rpk stop' first sends SIGINT, and waits for the specified timeout. Then, if redpanda hasn't stopped, it sends SIGTERM. Lastly, it sends SIGKILL if it's still running.

Usage:
rpk redpanda stop [flags]

Flags

Value Type Description
--configstring Redpanda config file, if not set the file will be searched for in the default locations.
-h, --help- help for stop
--timeoutduration The maximum amount of time to wait for redpanda to stop,after each signal is sent. The value passed is asequence of decimal numbers, each with optional fraction and a unit suffix, such as '300ms', '1.5s' or '2h45m'. Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h' (default 5s)
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda tune

Sets the OS parameters to tune system performance. Available tuners: all, disk_irq, net, ballast_file, clocksource, swappiness, disk_scheduler, disk_nomerges, disk_write_cache, fstrim, cpu, aio_events, transparent_hugepages, coredump. In order to get more information about the tuners, run rpk redpanda tune help <tuner name>

Usage:
rpk redpanda tune <list of elements to tune> [flags]
rpk redpanda tune [command]

Flags

Value Type Description
--configstring Redpanda config file, if not set the file will be searched for in the default locations.
-r, --dirsstrings List of *data* directories or places to store data, i.e.: '/var/vectorized/redpanda/', usually your XFS filesystem on an NVMe SSD device.
-d, --disksstrings Lists of devices to tune f.e. 'sda1'
-h, --help- help for tune
--interactive- Ask for confirmation on every step (e.g. tuner execution, configuration generation)
-m, --modestring Operation Mode: one of: [sq, sq_split, mq]
-n, --nicstrings Network Interface Controllers to tune
--output-scriptstring If set tuners will generate tuning file that can later be used to tune the system
--reboot-allowed- If set will allow tuners to tune boot parameters and request system reboot.
--timeoutduration The maximum time to wait for the tune processes to complete. The value passed is a sequence of decimal numbers, each with optional fraction and a unit suffix, such as '300ms', '1.5s' or '2h45m'. Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h' (default 10s)
-v, --verbose- Enable verbose logging (default: false).

rpk redpanda tune help

Display detailed information about the tuner.

Usage:
rpk redpanda tune help <tuner> [flags]

Flags

Value Type Description
-h, --help- help for help
-v, --verbose- Enable verbose logging (default: false).

rpk topic

Create, delete, produce to and consume from Redpanda topics.

Usage:
rpk topic [command]

Flags

Value Type Description
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
-h, --help- help for topic
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk topic add-partitions

Add partitions to existing topics.

Usage:
rpk topic add-partitions [TOPICS...] --num [#] [flags]

Flags

Value Type Description
-h, --help- help for add-partitions
-n, --numint numer of partitions to add to each topic
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk topic alter-config

Set, delete, add, and remove key/value configs for a topic.

This command allows you to incrementally alter the configuration for multiple topics at a time.

Incremental altering supports four operations:

1) Setting a key=value pair 2) Deleting a key's value 3) Appending a new value to a list-of-values key 4) Subtracting (removing) an existing value from a list-of-values key

The --dry option will validate whether the requested configuration change is valid, but does not apply it.

Usage:
rpk topic alter-config [TOPICS...] --set key=value --del key2,key3 [flags]

Flags

Value Type Description
--appendstringArray key=value; Value to append to a list-of-values key (repeatable)
-d, --deletestringArray Key to delete (repeatable)
--dry- dry run: validate the alter request, but do not apply
-h, --help- help for alter-config
-s, --setstringArray key=value; Pair to set (repeatable)
--subtractstringArray key=value; Value to remove from list-of-values key (repeatable)
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk topic consume

Consume records from topics.

Consuming records reads from any amount of input topics, formats each record according to --format, and prints them to STDOUT. The output formatter understands a wide variety of formats.

The default output format "--format json" is a special format that outputs each record as JSON. There may be more single-word-no-escapes formats added later. Outside of these special formats, formatting follows the rules described below.

Formatting output is based on percent escapes and modifiers. Slashes can be used for common escapes:

\t \n \r \\ \xNN

prints tabs, newlines, carriage returns, slashes, or hex encoded characters.p

Percent encoding prints record fields, fetch partition fields, or extra values:

%t    topic
%T topic length
%k key
%K key length
%v topic
%V value length
%h begin the header specification
%H number of headers
%p partition
%o offset
%e leader epoch
%d timestamp (formatting described below)
%x producer id
%y producer epoch

%[ partition log start offset
%| partition last stable offset
%] partition high watermark

%% percent sign
%{ left brace
%} right brace

%i the number of records formatted

MODIFIERS

Text and numbers can be formatted in many different ways, and the default format can be changed within brace modifiers. %v prints a value, while %v{hex} prints the value hex encoded. %T prints the length of a topic in ascii, while %T{big8} prints the length of the topic as an eight byte big endian.

All modifiers go within braces following a percent-escape.

NUMBERS

Formatting number values can have the following modifiers:

 ascii       print the number as ascii (default)

hex64 sixteen hex characters
hex32 eight hex characters
hex16 four hex characters
hex8 two hex characters
hex4 one hex character

big64 eight byte big endian number
big32 four byte big endian number
big16 two byte big endian number
big8 alias for byte

little64 eight byte little endian number
little32 four byte little endian number
little16 two byte little endian number
little8 alias for byte

byte one byte number

All numbers are truncated as necessary per the modifier. Printing %V{byte} for a length 256 value will print a single null, whereas printing %V{big8} would print the bytes 1 and 0.

When writing number sizes, the size corresponds to the size of the raw values, not the size of encoded values. "%T% t{hex}" for the topic "foo" will print "3 666f6f", not "6 666f6f".

TIMESTAMPS

By default, the timestamp field is printed as a millisecond number value. In addition to the number modifiers above, timestamps can be printed with either Go formatting or strftime formatting:

%d{go[2006-01-02T15:04:05Z07:00]}
%d{strftime[%F]}

An arbitrary amount of brackets (or braces, or # symbols) can wrap your date formatting:

%d{strftime### [%F] ###}

The above will print " [YYYY-MM-DD] ", while the surrounding three # on each side are used to wrap the formatting. Further details on Go time formatting can be found at https://pkg.go.dev/time, while further details on strftime formatting can be read by checking "man strftime".

TEXT

Text fields without modifiers default to writing the raw bytes. Alternatively, there are the following modifiers:

%t{hex}
%k{base64}
%v{unpack[<bBhH>iIqQc.$]}

The hex modifier hex encodes the text, and the base64 modifier base64 encodes the text with standard encoding. The unpack modifier has a further internal specification, similar to timestamps above:

x    pad character (does not parse input)
< switch what follows to little endian
> switch what follows to big endian

b signed byte
B unsigned byte
h int16 ("half word")
H uint16 ("half word")
i int32
I uint32
q int64 ("quad word")
Q uint64 ("quad word")

c any character
. alias for c
s consume the rest of the input as a string
$ match the end of the line (append error string if anything remains)

Unpacking text can allow translating binary input into readable output. If a value is a big-endian uint32, %v will print the raw four bytes, while %v{unpack[>I]} will print the number in as ascii. If unpacking exhausts the input before something is unpacked fully, an error message is appended to the output.

HEADERS

Headers are formatted with percent encoding inside of the modifier:

%h{ %k=%v{hex} }

will print all headers with a space before the key and after the value, an equals sign between the key and value, and with the value hex encoded. Header formatting actually just parses the internal format as a record format, so all of the above rules about %K, %V, text, and numbers apply.

EXAMPLES

A key and value, separated by a space and ending in newline: -f '%k %v\n' A key length as four big endian bytes, and the key as hex: -f '%K{big32}%k{hex}' A little endian uint32 and a string unpacked from a value: -f '%v{unpack[is$]}'

OFFSETS

The --offset flag allows for specifying where to begin consuming, and optionally, where to stop consuming. The literal words "start" and "end" specify consuming from the start and the end.

start     consume from the beginning
end consume from the end
:end consume until the current end
+oo consume oo after the current start offset
-oo consume oo before the current end offset
oo consume after an exact offset
oo: alias for oo
:oo consume until an exact offset
o1:o2 consume from exact offset o1 until exact offset o2
@t consume starting from a given timestamp
@t: alias for @t
@:t consume until a given timestamp
@t1:t2 consume from timestamp t1 until timestamp t2

There are a few options for timestamps, with each option being evaluated until one succeeds:

13 digits             parsed as a unix millisecond
9 digits parsed as a unix second
YYYY-MM-DD parsed as a day, UTC
YYYY-MM-DDTHH:MM:SSZ parsed as RFC3339, UTC; fractional seconds optional (.MMM)
-dur duration ago; from now (as t1) or from t1 (as t2)
dur for t2 in @t1:t2, relative duration from t1
end for t2 in @t1:t2, the current end of the partition

Durations are parsed simply:

3ms    three milliseconds
10s ten seconds
9m nine minutes
1h one hour
1m3ms one minute and three milliseconds

For example,

-o @2022-02-14:1h   consume 1h of time on Valentine's Day 2022
-o @-48h:-24h consume from 2 days ago to 1 day ago
-o @-1m:end consume from 1m ago until now
-o @:-1hr consume from the start until an hour ago
Usage:
rpk topic consume TOPICS... [flags]

Flags

Value Type Description
--fetch-max-bytesint32 Maximum amount of bytes per fetch request per broker (default 1048576)
--fetch-max-waitduration Maximum amount of time to wait when fetching from a broker before the broker replies (default 5s)
-g, --groupstring group to use for consuming (incompatible with -p)
-h, --help- help for consume
--meta-only- Print all record info except the record value (for -f json)
-n, --numint Quit after consuming this number of records (0 is unbounded)
-p, --partitionsint32 int32Slice Comma delimited list of specific partitions to consume (default [])
--pretty-print- Pretty print each record over multiple lines (for -f json) (default true)
--read-committed- Opt in to reading only committed offsets
-r, --regex- Parse topics as regex; consume any topic that matches any expression
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk topic create

Create topics.

All topics created with this command will have the same number of partitions, replication factor, and key/value configs.

For example,

create -c cleanup.policy=compact -r 3 -p 20 foo bar

will create two topics, foo and bar, each with 20 partitions, 3 replicas, and the cleanup.policy=compact config option set.

Usage:
rpk topic create [TOPICS...] [flags]

Flags

Value Type Description
-d, --dry- dry run: validate the topic creation request; do not create topics
-h, --help- help for create
-p, --partitionsint32 Number of partitions to create per topic (default 1)
-r, --replicasint16 Replication factor; if -1, this will be the broker's default.replication.factor (default -1)
-c, --topic-configstringArray key=value; Config parameters (repeatable; e.g. -c cleanup.policy=compact)
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk topic delete

Delete topics.

This command deletes all requested topics, printing the success or fail status per topic.

The --regex flag (-r) opts into parsing the input topics as regular expressions and deleting any non-internal topic that matches any of expressions. The input expressions are wrapped with ^ and $ so that the expression must match the whole topic name (which also prevents accidental delete-everything mistakes).

The topic list command accepts the same input regex format as this delete command. If you want to check what your regular expressions will delete before actually deleting them, you can check the output of 'rpk topic list -r'.

For example,

delete foo bar            # deletes topics foo and bar
delete -r '^f.*' '.*r$' # deletes any topic starting with f and any topics ending in r
delete -r '.*' # deletes all topics
delete -r . # deletes any one-character topics
Usage:
rpk topic delete [TOPICS...] [flags]

Flags

Value Type Description
-h, --help- help for delete
-r, --regex- parse topics as regex; delete any topic that matches any input topic expression
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk topic describe

Describe a topic.

This command prints detailed information about a topic. There are three potential sections: a summary of the topic, the topic configs, and a detailed partitions section. By default, the summary and configs sections are printed.

Usage:
rpk topic describe [TOPIC] [flags]

Aliases:
describe, info

Flags

Value Type Description
-h, --help- help for describe
-a, --print-all- print all sections
-c, --print-configs- print the config section
-p, --print-partitions- print the detailed partitions section
-s, --print-summary- print the summary section
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk topic list

List topics, optionally listing specific topics.

This command lists all topics that you have access to by default. If specifying topics or regular expressions, this command can be used to know exactly what topics you would delete if using the same input to the delete command.

Alternatively, you can request specific topics to list, which can be used to check authentication errors (do you not have access to a topic you were expecting to see?), or to list all topics that match regular expressions.

The --regex flag (-r) opts into parsing the input topics as regular expressions and listing any non-internal topic that matches any of expressions. The input expressions are wrapped with ^ and $ so that the expression must match the whole topic name. Regular expressions cannot be used to match internal topics, as such, specifying both -i and -r will exit with failure.

Lastly, --detailed flag (-d) opts in to printing extra per-partition information.

Usage:
rpk topic list [flags]

Aliases:
list, ls

Flags

Value Type Description
-d, --detailed- print per-partition information for topics
-h, --help- help for list
-i, --internal- print internal topics
-r, --regex- parse topics as regex; list any topic that matches any input topic expression
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk topic produce

Produce records to a topic.

Producing records reads from STDIN, parses input according to --format, and produce records to Redpanda. The input formatter understands a wide variety of formats.

Parsing input operates on either sizes or on delimiters, both of which can be specified in the same formatting options. If using sizes to specify something, the size must come before what it is specifying. Delimiters match on an exact text basis. This command will quit with an error if any input fails to match your specified format.

Slashes can be used for common escapes:

\t \n \r \\ \xNN

matches tabs, newlines, carriage returns, slashes, and hex encoded characters.

Percent encoding reads into specific values of a record:

%t    topic
%T topic length
%k key
%K key length
%v value
%V value length
%h begin the header specification
%H number of headers
%p partition (if using the --partition flag)

Three escapes exist to parse characters that are used to modify the previous escapes:

%%    percent sign
%{ left brace
%} right brace

MODIFIERS

Text and numbers can be read in multiple formats, and the default format can be changed within brace modifiers. %v reads a value, while %v{hex} reads a value and then hex decodes it before producing. %T reads the length of a topic from the input, while %T{3} reads exactly three bytes for a topic from the input.

All modifiers go within braces following a percent-escape.

NUMBERS

Reading number values can have the following modifiers:

 ascii       parse numeric digits until a non-numeric (default)

hex64 sixteen hex characters
hex32 eight hex characters
hex16 four hex characters
hex8 two hex characters
hex4 one hex character

big64 eight byte big endian number
big32 four byte big endian number
big16 two byte big endian number
big8 alias for byte

little64 eight byte little endian number
little32 four byte little endian number
little16 two byte little endian number
little8 alias for byte

byte one byte number

<digits> directly specify the length as this many digits

When reading number sizes, the size corresponds to the size of the encoded values, not the decoded values. "%T{6}%t{hex}" will read six hex bytes and decode into three.

TEXT

Reading text values can have the following modifiers:

hex       read text then hex decode it
base64 read text then std-encoding base64 decode it
re read text matching a regular expression

HEADERS

Headers are parsed with an internal key / value specifier format. For example, the following will read three headers that begin and end with a space and are separated by an equal:

%H{3}%h{ %k=%v }

EXAMPLES

In the below examples, we can parse many records at once. The produce command reads input and tokenizes based on your specified format. Every time the format is completely matched, a record is produced and parsing begins anew.

A key and value, separated by a space and ending in newline: -f '%k %v\n' A four byte topic, four byte key, and four byte value: -f '%T{4}%K{4}%V{4}%t%k%v' A value to a specific partition, if using a non-negative --partition flag: -f '%p %v\n' A big-endian uint16 key size, the text " foo ", and then that key: -f '%K{big16} foo %k' A value that can be two or three characters followed by a newline: -f '%v{re#...?#}\n'

MISC

Producing requires a topic to produce to. The topic can be specified either directly on as an argument, or in the input text through %t. A parsed topic takes precedence over the default passed in topic. If no topic is specified directly and no topic is parsed, this command will quit with an error.

The input format can parse partitions to produce directly to with %p. Doing so requires specifying a non-negative --partition flag. Any parsed partition takes precedence over the --partition flag; specifying the flag is the main requirement for being able to directly control which partition to produce to.

You can also specify an output format to write when a record is produced successfully. The output format follows the same formatting rules as the topic consume command. See that command's help text for a detailed description.

Usage:
rpk topic produce [TOPIC] [flags]

Flags

Value Type Description
--acksint Number of acks required for producing (-1=all, 0=none, 1=leader) (default -1)
--delivery-timeoutduration per-record delivery timeout, if non-zero, min 1s
-H, --headerstringArray Headers in format key:value to add to each record (repeatable)
-h, --help- help for produce
-k, --keystring A fixed key to use for each record (parsed input keys take precedence)
-p, --partitionint32 partition to directly produce to, if non-negative (also allows %p parsing to set partitions) (default -1)
-Z, --tombstone- produce empty values as tombstones
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk version

Check the current version.

Usage:
rpk version [flags]

Flags

Value Type Description
-h, --help- help for version
-v, --verbose- Enable verbose logging (default: false).

rpk wasm

Deploy and remove inline WASM engine scripts.

Usage:
rpk wasm [command]

Flags

Value Type Description
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
-h, --help- help for wasm
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk wasm deploy

Deploy inline WASM function.

Usage:
rpk wasm deploy [PATH] [flags]

Flags

Value Type Description
--descriptionstring optional description about what the wasm function does
-h, --help- help for deploy
--namestring unique deploy identifier attached to the instance of this script
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk wasm generate

Create an npm template project for inline WASM engine.

Usage:
rpk wasm generate [PROJECT DIRECTORY] [flags]

Flags

Value Type Description
-h, --help- help for generate
--skip-version- Omit version check from npm, use default instead
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

rpk wasm remove

Remove inline WASM function.

Usage:
rpk wasm remove [NAME] [flags]

Flags

Value Type Description
-h, --help- help for remove
--brokersstrings Comma-separated list of broker ip:port pairs (e.g. --brokers '192.168.78.34:9092,192.168.78.35:9092,192.179.23.54:9092' ). Alternatively, you may set the REDPANDA_BROKERS environment variable with the comma-separated list of broker addresses.
--configstring Redpanda config file, if not set the file will be searched for in the default locations
--passwordstring SASL password to be used for authentication.
--sasl-mechanismstring The authentication mechanism to use. Supported values: SCRAM-SHA-256, SCRAM-SHA-512.
--tls-certstring The certificate to be used for TLS authentication with the broker.
--tls-enabled- Enable TLS for the Kafka API (not necessary if specifying custom certs).
--tls-keystring The certificate key to be used for TLS authentication with the broker.
--tls-truststorestring The truststore to be used for TLS communication with the broker.
--userstring SASL user to be used for authentication.
-v, --verbose- Enable verbose logging (default: false).

Suggested reading

  • Introduction to rpk container article
  • Getting started with rpk commands article
  • Working with schema registry article
  • Improving developer's productivity with rpk article