Rack awareness allows you to distribute replicas of the same partition across different racks to minimize data loss in the event of a rack failure. A rack is a failure zone that has one or more Redpanda brokers assigned to it.
Redpanda supports Transport Layer Security (TLS) encryption in Kubernetes. For certificate management, the Redpanda Helm chart uses cert-manager with either a self-signed Issuer or your own custom Issuer.
Simple Authentication and Security Layer (SASL) is a method for adding authentication support to connection-based protocols. When using the Redpanda Helm chart, SASL provides authentication between the server and client. To encrypt communication, use TLS encryption. You must use TLS encryption to have secure authentication using SASL.
When a topic is created, Redpanda evenly distributes its partitions by sequentially allocating them to the node with the least number of partitions. By default, Redpanda provides leadership balancing and partition rebalancing when nodes are added or decommissioned.
Continuous Data Balancing continuously monitors your node and rack availability and disk usage. This enables self-healing clusters that dynamically balance partitions, ensuring smooth operations and optimal cluster performance.
One of the primary uses for maintenance mode is to perform a rolling upgrade on each node in the cluster. This process involves putting a node into maintenance mode, upgrading the node, taking the node out of maintenance mode, and then repeating the process on the next node in the cluster. Placing nodes into maintenance mode ensures a smooth upgrade of your cluster while reducing the risk of interruption or degradation in service.
Redpanda provides several ways to manage disk space to ensure the production stability of the cluster.
When you install Redpanda software, it automatically generates a cluster configuration with default settings assigned to each cluster property. You might want to change some of the default settings, particularly if you plan to use features such as rack awareness or tiered storage, which are disabled by default.
Different components of Redpanda support different authentication methods. You can configure multiple listeners with
redpanda.yaml, and with each listener, you can configure the
authentication_methodand optionally TLS or mTLS.
Authorization works in tandem with authentication. Access-control lists (ACLs) provide a way to configure fine-grained access to provisioned users. ACLs work with SASL/SCRAM and with mTLS with principal mapping for authentication.
By default, Redpanda data is sent unencrypted. A security best practice is to enable encryption with TLS or mTLS.
For self-hosted clusters deployed on a public cloud platform, cloud provider IAM roles provide a safer alternative to the less secure static credential system, which is based on access keys. With static credentials, the access key and secret key are stored in plaintext in the configuration file.
Integrating Redpanda Console with GitHub allows your users to use their GitHub identities to sign-in to Console.
Integrating Redpanda Console with Google allows your users to use their Google identities to sign in to Console.
Integrating Redpanda Console with Okta allows your users to use their Okta identities to sign in to Redpanda Console.
If you would like to integrate an OpenID Connect (OIDC) compatible identity provider that is not yet natively supported in Console, you can configure the generic OIDC provider.