Node Configuration Template
Sample configuration
The following redpanda.yaml configuration file includes a complete list of all node properties and their descriptions.
For a summary of all available node properties refer to node configuration properties reference.
caution
This is not a valid Redpanda configuration file, but it shows the parameters that you can configure in the redpanda.yaml file.
# organization and cluster_id help Redpanda identify your system.
organization: ""
cluster_id: ""
redpanda:
# Path where redpanda will keep the data.
# Required.
data_directory: "var/lib/redpanda/data"
# Unique ID identifying the node in the cluster.
# Required.
node_id: 1
# Enable the admin API.
# Default: true
enable_admin_api: true
# Admin API doc directory.
# Default: /usr/share/redpanda/admin-api-doc
admin_api_doc_dir: "/usr/share/redpanda/admin-api-doc"
# Address and port of admin server.
# Default: 127.0.0.1:9644
admin:
address: "0.0.0.0"
port: 9644
# TLS configuration for the admin server.
# Default: null
admin_api_tls:
# Whether to enable TLS for the admin server.
enabled: false
# Require client authentication
require_client_auth: false
# The path to the server certificate PEM file.
cert_file: ""
# The path to the server key PEM file
key_file: ""
# The path to the truststore PEM file. Only required if client authentication
# is enabled.
truststore_file: ""
# The IP address and port for the internal RPC server.
# Default: 127.0.0.0:33145
rpc_server:
address: "0.0.0.0"
port: 33145
# TLS configuration for the RPC server.
# Default: null
rpc_server_tls:
# Whether to enable TLS for the RPC server.
enabled: false
# Require client authentication
require_client_auth: false
# The path to the server certificate PEM file.
cert_file: ""
# The path to the server key PEM file
key_file: ""
# The path to the truststore PEM file. Only required if client authentication
# is enabled.
truststore_file: ""
# Address of RPC endpoint published to other cluster members.
# Default: 0.0.0.0:33145
advertised_rpc_api:
address: "0.0.0.0"
port: 33145
# Multiple listeners are also supported as per KIP-103.
# The names must match those in advertised_kafka_api
kafka_api:
- address: "0.0.0.0"
name: internal
port: 9092
- address: "0.0.0.0"
name: external
port: 9093
# A list of TLS configurations for the Kafka API listeners.
# Default: null
kafka_api_tls:
# The name of the specific listener this TLS to which this config
# will be applied. The names must match those in kafka_api.
- name: "external"
# Whether to enable TLS for the Kafka API.
enabled: true
# Require client authentication
require_client_auth: false
# The path to the server certificate PEM file.
cert_file: "certs/tls-cert.pem"
# The path to the server key PEM file
key_file: "certs/tls-key.pem"
# The path to the truststore PEM file. Only required if client authentication
# is enabled.
truststore_file: "certs/tls-ca.pem"
- name: "internal"
enabled: false
# Multiple listeners are also supported as per KIP-103.
# The names must match those in kafka_api
advertised_kafka_api:
- address: 0.0.0.0
name: internal
port: 9092
- address: redpanda-0.my.domain.com.
name: external
port: 9093
# List of the seed server IP addresses and ports used to join current cluster.
# If the seed_server list is empty the node will be a cluster root and it will form a new cluster.
# Default: []
seed_servers:
- host:
address: 192.168.0.1
port: 33145
# Rack identifier.
# Default: null
rack: "rack-id"
# The redpanda REST API provides a RESTful interface for producing and consuming messages with redpanda.
# To disable the REST API, remove this top-level config node
pandaproxy:
# A list of address and port to listen for Kafka REST API requests.
# Default: 0.0.0.0:8082
pandaproxy_api:
- address: "0.0.0.0"
name: internal
port: 8082
- address: "0.0.0.0"
name: external
port: 8083
# A list of TLS configurations for the REST API.
# Default: null
pandaproxy_api_tls:
- name: external
# Whether to enable TLS.
enabled: false
# Require client authentication
require_client_auth: false
# The path to the server certificate PEM file.
cert_file: ""
# The path to the server key PEM file
key_file: ""
# The path to the truststore PEM file. Only required if client
# authentication is enabled.
truststore_file: ""
- name: internal
enabled: false
# A list of address and port for the REST API to publish to client
# Default: from pandaproxy_api
advertised_pandaproxy_api:
- address: 0.0.0.0
name: internal
port: 8082
- address: "redpanda-rest-0.my.domain.com."
name: external
port: 8083
# How long to wait for an idle consumer before removing it.
# Default: 60000
consumer_instance_timeout_ms: 60000
# The REST API client
pandaproxy_client:
# List of address and port of the brokers
# Default: "127.0.0.1:9092
brokers:
- address: "127.0.0.1"
port: 9092
# TLS configuration for the brokers
broker_tls:
# Whether to enable TLS.
enabled: false
# Require client authentication
require_client_auth: false
# The path to the server certificate PEM file.
cert_file: ""
# The path to the server key PEM file
key_file: ""
# The path to the truststore PEM file. Only required if client authentication
# is enabled.
truststore_file: ""
# Number of times to retry a request to a broker
# Default: 5
retries: 5
# Delay (in milliseconds) for initial retry backoff
# Default: 100ms
retry_base_backoff_ms: 100
# Number of records to batch before sending to broker
# Default: 1000
produce_batch_record_count: 1000
# Number of bytes to batch before sending to broker
# Defautl 1MiB
produce_batch_size_bytes: 1048576
# Delay (in milliseconds) to wait before sending batch
# Default: 100ms
produce_batch_delay_ms: 100
# Interval (in milliseconds) for consumer request timeout
# Default: 100ms
consumer_request_timeout_ms: 100
# Max bytes to fetch per request
# Default: 1MiB
consumer_request_max_bytes: 1048576
# Timeout (in milliseconds) for consumer session
# Default: 10s
consumer_session_timeout_ms: 10000
# Timeout (in milliseconds) for consumer rebalance
# Default: 2s
consumer_rebalance_timeout_ms: 2000
# Interval (in milliseconds) for consumer heartbeats
# Default: 500ms
consumer_heartbeat_interval_ms: 500
# SASL mechanism to use for authentication
# Supported: SCRAM-SHA-{256,512}
# Default: ""
# Support for SASL is disabled when no mechanism is specified.
sasl_mechanism: ""
# Username for SCRAM authentication mechanisms
# Default: ""
scram_username: ""
# Password for SCRAM authentication mechanisms
# Default: ""
scram_password: ""
# The Schema Registry provides a RESTful interface for Schema storage, retrieval, and compatibility.
# To disable the Schema Registry, remove this top-level config node
schema_registry:
# A list of address and port to listen for Schema Registry API requests.
# Default: 0.0.0.0:8082
schema_registry_api:
- address: "0.0.0.0"
name: internal
port: 8081
- address: "0.0.0.0"
name: external
port: 18081
# The replication factor of Schema Registry's internal storage topic
schema_registry_replication_factor: 3
# A list of TLS configurations for the Schema Registry API.
# Default: null
schema_registry_api_tls:
- name: external
# Whether to enable TLS.
enabled: false
# Require client authentication
require_client_auth: false
# The path to the server certificate PEM file.
cert_file: ""
# The path to the server key PEM file
key_file: ""
# The path to the truststore PEM file. Only required if client
# authentication is enabled.
truststore_file: ""
- name: internal
enabled: false
# The Schema Registry client config
# See pandaproxy_client for a list of options
schema_registry_client:
rpk:
# Add optional flags to have rpk start redpanda with specific parameters.
# The available start flags are found in: /src/v/config/configuration.cc
additional_start_flags:
- "--overprovisioned"
- "--smp=2"
- "--memory=4G"
- "--default-log-level=info"
# The Kafka API configuration
kafka_api:
# A list of broker addresses that rpk will use
brokers:
- 192.168.72.34:9092
- 192.168.72.35:9092
# The TLS configuration to be used when interacting with the Kafka API.
# If present, TLS will be enabled. If missing or null, TLS will be disabled.
tls:
# The path to the client certificate (PEM). Only required if client authentication is
# enabled in the broker.
cert_file: ~/certs/cert.pem
# The path to the client certificate key (PEM). Only required if client authentication is
# enabled in the broker.
key_file: ~/certs/key.pem
# The path to the root CA certificate (PEM).
truststore_file: ~/certs/ca.pem
# The SASL config, if enabled in the brokers.
sasl:
user: user
password: pass
type: SCRAM-SHA-256
# The Admin API configuration
admin_api:
# A list of the nodes' admin API addresses that rpk will use.
addresses:
- 192.168.72.34:9644
- 192.168.72.35:9644
# The TLS configuration to be used when with the Admin API.
# If present, TLS will be enabled. If missing or null, TLS will be disabled.
tls:
# The path to the client certificate (PEM). Only required if client authentication is
# enabled in the broker.
cert_file: ~/certs/admin-cert.pem
# The path to the client certificate key (PEM). Only required if client authentication is
# enabled in the broker.
key_file: ~/certs/admin-key.pem
# The path to the root CA certificate (PEM).
truststore_file: ~/certs/admin-ca.pem
# Available tuners. Set to true to enable, false to disable.
# Setup NIC IRQs affinity, sets up NIC RPS and RFS, sets up NIC XPS, increases socket
# listen backlog, increases the number of remembered connection requests, bans the
# IRQ Balance service from moving distributed IRQs.
# Default: false
tune_network: false
# Sets the preferred I/O scheduler for given block devices.
# It can work using both the device name or a directory, in which the device where
# directory is stored will be optimized. Sets either 'none' or 'noop' scheduler
# if supported.
# Default: false
tune_disk_scheduler: false
# Disables IOPS merging.
# Default: false
tune_disk_nomerges: false
# Distributes IRQs across cores with the method deemed the most appropriate for the
# current device type (i.e. NVMe).
# Default: false
tune_disk_irq: false
# Installs a systemd service to run fstrim weekly, or starts the default fstrim service
# which comes with most Linux distributions.
# Default: false
tune_fstrim: false
# Disables hyper-threading, sets the ACPI-cpufreq governor to 'performance'. Additionaly
# if system reboot is allowed: disables Intel P-States, disables Intel C-States,
# disables Turbo Boost.
# Default: false
tune_cpu: true
# Increases the number of allowed asynchronous IO events.
# Default: false
tune_aio_events: false
# Syncs NTP.
# Default: false
tune_clocksource: true
# Tunes the kernel to prefer keeping processes in-memory instead of swapping them out.
# Default: false
tune_swappiness: false
# Enables transparent hugepages (THP) to reduce TLB misses.
# Default: false
tune_transparent_hugepages: false
# Enables memory locking.
# Default: false
enable_memory_locking: false
# Installs a custom script to process coredumps and save them to the given directory.
# Default: false
tune_coredump: false
# The directory where all coredumps will be saved after they're processed.
# Default: ''
coredump_dir: "/var/lib/redpanda/coredump"
# Creates a "ballast" file so that, if a Redpanda node runs out of space,
# you can delete the ballast file to allow the node to resume operations and then
# delete a topic or records to reduce the space used by Redpanda.
# Default: false
tune_ballast_file: false
# The path where the ballast file will be created.
# Default: "/var/lib/redpanda/data/ballast"
ballast_file_path: "/var/lib/redpanda/data/ballast"
# The ballast file size.
# Default: "1GiB"
ballast_file_size: "1GiB"
# (Optional) The vendor, VM type and storage device type that redpanda will run on, in
# the format <vendor>:<vm>:<storage>. This hints to rpk which configuration values it
# should use for the redpanda IO scheduler.
# Default: ''
well_known_io: "aws:i3.xlarge:default"
Suggested reading
- Working with schema registry article