Skip to main content
Version: 22.3


  • Kubernetes

  • Customize the Helm Chart

    You can customize the Redpanda Helm chart to configure the cluster and the Kubernetes components that the chart deploys.

    • Storage

      Store Redpanda data in PersistentVolumes, hostPath volumes, or emptyDir volumes.

    • Tiered Storage

      Tiered Storage lets you save storage costs by offloading log segments to cloud storage.

    • Networking and Connectivity

      Learn how internal and external connectivity works when Redpanda is running in Kubernetes.

    • Security

      Configure encryption, authentication, and authorization for production environments.

    • Rack Awareness

      Distribute replicas of the same partition across different racks to minimize data loss in the event of a rack failure.

    • Remote Read Replicas

      A Remote Read Replica topic is a read-only topic that mirrors a topic on a different cluster.

    • Troubleshooting

      Find advice on how to diagnose and troubleshoot problems with Redpanda in Kubernetes.

  • Cluster Maintenance

    • Cluster Balancing

      When a topic is created, Redpanda evenly distributes its partitions by sequentially allocating them to the node with the least number of partitions. By default, Redpanda provides leadership balancing and partition rebalancing when nodes are added or decommissioned.

    • Continuous Data Balancing

      Continuous Data Balancing continuously monitors your node and rack availability and disk usage. This enables self-healing clusters that dynamically balance partitions, ensuring smooth operations and optimal cluster performance.

    • Rolling Upgrades

      One of the primary uses for maintenance mode is to perform a rolling upgrade on each node in the cluster. This process involves putting a node into maintenance mode, upgrading the node, taking the node out of maintenance mode, and then repeating the process on the next node in the cluster. Placing nodes into maintenance mode ensures a smooth upgrade of your cluster while reducing the risk of interruption or degradation in service.

    • Manage Disk Space

      Redpanda provides several ways to manage disk space to ensure the production stability of the cluster.

    • Cluster Properties

      When you install Redpanda software, it automatically generates a cluster configuration with default settings assigned to each cluster property. You might want to change some of the default settings, particularly if you plan to use features such as rack awareness or tiered storage, which are disabled by default.

  • Security

    • Configure Authentication

      Different components of Redpanda support different authentication methods. You can configure multiple listeners with redpanda.yaml, and with each listener, you can configure the authentication_method and optionally TLS or mTLS.

    • Configure Authorization

      Authorization works in tandem with authentication. Access-control lists (ACLs) provide a way to configure fine-grained access to provisioned users. ACLs work with SASL/SCRAM and with mTLS with principal mapping for authentication.

    • Configure Encryption

      By default, Redpanda data is sent unencrypted. A security best practice is to enable encryption with TLS or mTLS.

    • IAM Roles

      For self-hosted clusters deployed on a public cloud platform, cloud provider IAM roles provide a safer alternative to the less secure static credential system, which is based on access keys. With static credentials, the access key and secret key are stored in plaintext in the configuration file.

    • Redpanda Console Security

      • GitHub SSO Setup

        Integrating Redpanda Console with GitHub allows your users to use their GitHub identities to sign-in to Console.

      • Google SSO Setup

        Integrating Redpanda Console with Google allows your users to use their Google identities to sign in to Console.

      • Okta SSO Setup

        Integrating Redpanda Console with Okta allows your users to use their Okta identities to sign in to Redpanda Console.

      • Generic OIDC

        If you would like to integrate an OpenID Connect (OIDC) compatible identity provider that is not yet natively supported in Console, you can configure the generic OIDC provider.

What do you like about this doc?

Optional: Share your email address if we can contact you about your feedback.

Let us know what we do well: