Cluster Configuration Properties

Cluster properties are configuration settings that control the behavior of a Redpanda cluster at a global level. Configuring cluster properties allows you to adapt Redpanda to specific workloads, optimize resource usage, and enable or disable features. For information on how to edit cluster properties, see Configure Cluster Properties.

Some properties require a cluster restart for updates to take effect. This triggers a long-running operation that can take several minutes to complete.

Cluster configuration

audit_enabled

Enables or disables audit logging. When you set this to true, Redpanda checks for an existing topic named _redpanda.audit_log. If none is found, Redpanda automatically creates one for you.

Requires restart: No

Visibility: user

Type: boolean


audit_excluded_principals

List of user principals to exclude from auditing.

Requires restart: No

Visibility: user

Type: array


audit_excluded_topics

List of topics to exclude from auditing.

Requires restart: No

Visibility: user

Type: array


audit_log_num_partitions

This property is read-only in Redpanda Cloud.

Defines the number of partitions used by a newly-created audit topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics.

Unit: number of partitions per topic

Requires restart: No

Visibility: user

Type: integer

Accepted values: [-2147483648, 2147483647]


data_transforms_binary_max_size

This property is read-only in Redpanda Cloud.

The maximum size for a deployable WebAssembly binary that the broker can store.

Requires restart: No

Visibility: tunable

Type: integer

Default: 10485760


data_transforms_enabled

Enables WebAssembly-powered data transforms directly in the broker. When data_transforms_enabled is set to true, Redpanda reserves memory for data transforms, even if no transform functions are currently deployed. This memory reservation ensures that adequate resources are available for transform functions when they are needed, but it also means that some memory is allocated regardless of usage.

Requires restart: Yes

Visibility: user

Type: boolean


data_transforms_logging_line_max_bytes

Transform log lines truncate to this length. Truncation occurs after any character escaping.

Unit: bytes

Requires restart: No

Visibility: tunable

Type: integer


data_transforms_per_core_memory_reservation

This property is read-only in Redpanda Cloud.

The amount of memory to reserve per core for data transform (Wasm) virtual machines. Memory is reserved on boot. The maximum number of functions that can be deployed to a cluster is equal to data_transforms_per_core_memory_reservation / data_transforms_per_function_memory_limit.

Requires restart: Yes

Visibility: user

Type: integer


data_transforms_per_function_memory_limit

This property is read-only in Redpanda Cloud.

The amount of memory to give an instance of a data transform (Wasm) virtual machine. The maximum number of functions that can be deployed to a cluster is equal to data_transforms_per_core_memory_reservation / data_transforms_per_function_memory_limit.

Requires restart: Yes

Visibility: user

Type: integer

Default: 2097152


default_topic_replications

This property is read-only in Redpanda Cloud. In Redpanda Cloud, all new topics are created with a replication factor of 3.

Default replication factor for new topics.

Requires restart: No

Visibility: user

Type: integer

Accepted values: [-32768, 32767]


http_authentication

This property is read-only in Redpanda Cloud.

A list of supported HTTP authentication mechanisms. Accepted Values: BASIC, OIDC.

Requires restart: No

Visibility: user

Type: array

Accepted Values: BASIC, OIDC


iceberg_catalog_base_location

This property is read-only in Redpanda Cloud.

Base path for the object-storage-backed Iceberg catalog. After Iceberg is enabled, do not change this value.

Requires restart: Yes

Visibility: user

Type: string

Related topics:


iceberg_catalog_type

Iceberg catalog type that Redpanda will use to commit table metadata updates. Supported types: rest, object_storage.

Requires restart: Yes

Visibility: user

Accepted values: rest, object_storage

Related topics:


iceberg_default_partition_spec

Default value for the redpanda.iceberg.partition.spec topic property that determines the partition spec for the Iceberg table corresponding to the topic.

Requires restart: No

Visibility: user

Type: string

Related topics:


iceberg_delete

Default value for the redpanda.iceberg.delete topic property that determines if the corresponding Iceberg table is deleted upon deleting the topic.

Requires restart: No

Visibility: user

Type: boolean

Related topics:


iceberg_disable_snapshot_tagging

Whether to disable tagging of Iceberg snapshots. These tags are used to ensure that the snapshots that Redpanda writes are retained during snapshot removal, which in turn, helps Redpanda ensure exactly-once delivery of records. Disabling tags is therefore not recommended, but it may be useful if the Iceberg catalog does not support tags.

Requires restart: No

Visibility: user

Type: boolean

Related topics:


iceberg_enabled

Enables the translation of topic data into Iceberg tables. Setting iceberg_enabled to true activates the feature at the cluster level, but each topic must also set the redpanda.iceberg.enabled topic-level property to true to use it. If iceberg_enabled is set to false, then the feature is disabled for all topics in the cluster, overriding any topic-level settings.

Requires restart: Yes

Visibility: user

Type: boolean

Related topics:


iceberg_invalid_record_action

Default value for the redpanda.iceberg.invalid.record.action topic property.

Requires restart: No

Visibility: user

Related topics:


iceberg_rest_catalog_authentication_mode

The authentication mode for client requests made to the Iceberg catalog. Choose from: none, bearer, and oauth2. In bearer mode, the token specified in iceberg_rest_catalog_token is used unconditionally, and no attempts are made to refresh the token. In oauth2 mode, the credentials specified in iceberg_rest_catalog_client_id and iceberg_rest_catalog_client_secret are used to obtain a bearer token from the URI defined by iceberg_rest_catalog_oauth2_server_uri..

Requires restart: Yes

Visibility: user

Related topics:


iceberg_rest_catalog_client_id

The client ID used to query the REST catalog API for the OAuth token. Required if catalog type is set to rest.

Requires restart: Yes

Visibility: user

Type: string

Related topics:


iceberg_rest_catalog_client_secret

Secret used with the client ID to query the OAuth token endpoint for Iceberg REST catalog authentication. Required if catalog type is set to rest and iceberg_rest_catalog_authentication_mode is set to oauth2.

Requires restart: Yes

Visibility: user

Type: string

Related topics:


iceberg_rest_catalog_crl

The contents of a certificate revocation list for iceberg_rest_catalog_trust. Takes precedence over iceberg_rest_catalog_crl_file.

Requires restart: Yes

Visibility: user

Type: string


iceberg_rest_catalog_endpoint

URL of Iceberg REST catalog endpoint.

Requires restart: Yes

Visibility: user

Type: string

Related topics:


iceberg_rest_catalog_oauth2_server_uri

The OAuth URI used to retrieve access tokens for Iceberg REST catalog authentication. If left undefined, the deprecated Iceberg catalog endpoint /v1/oauth/tokens is used instead.

Requires restart: Yes

Visibility: user

Type: string

Related topics:


iceberg_rest_catalog_prefix

Prefix part of the Iceberg REST catalog URL. Prefix is appended to the catalog path, for example /v1/{prefix}/namespaces.

Requires restart: Yes

Visibility: user

Type: string

Related topics:


iceberg_rest_catalog_request_timeout_ms

Maximum length of time that Redpanda waits for a response from the REST catalog before aborting the request.

Unit: milliseconds

Requires restart: No

Visibility: tunable

Type: integer

Accepted values: [-17592186044416, 17592186044415]

Related topics:


iceberg_rest_catalog_token

Token used to access the REST Iceberg catalog. If the token is present, Redpanda ignores credentials stored in the properties iceberg_rest_catalog_client_id and iceberg_rest_catalog_client_secret.

Required if iceberg_rest_catalog_authentication_mode is set to bearer.

Requires restart: Yes

Visibility: user

Type: string

Related topics:


iceberg_rest_catalog_trust

The contents of a certificate chain to trust for the REST Iceberg catalog.

Requires restart: Yes

Visibility: user

Type: string


iceberg_target_lag_ms

Default value for the redpanda.iceberg.target.lag.ms topic property, which controls how often the data in an Iceberg table is refreshed with new data from the corresponding Redpanda topic. Redpanda attempts to commit all data produced to the topic within the lag target, subject to resource availability.

Unit: milliseconds

Requires restart: No

Visibility: user

Type: integer

Accepted values: [-17592186044416, 17592186044415]

Related topics:


log_segment_ms

This property is read-only in Redpanda Cloud.

Default lifetime of log segments. If null, the property is disabled, and no default lifetime is set. Any value under 60 seconds (60000 ms) is rejected. This property can also be set in the Kafka API using the Kafka-compatible alias, log.roll.ms.

Unit: milliseconds

Requires restart: No

Visibility: user

Type: integer

Accepted values: [-17592186044416, 17592186044415]


minimum_topic_replications

This property is read-only in Redpanda Cloud.

Minimum allowable replication factor for topics in this cluster. The set value must be positive, odd, and equal to or less than the number of available brokers. Changing this parameter only restricts newly-created topics. Redpanda returns an INVALID_REPLICATION_FACTOR error on any attempt to create a topic with a replication factor less than this property.

If you change the minimum_topic_replications setting, the replication factor of existing topics remains unchanged. However, Redpanda will log a warning on start-up with a list of any topics that have fewer replicas than this minimum. For example, you might see a message such as Topic X has a replication factor less than specified minimum: 1 < 3.

Unit: minimum number of replicas per topic

Requires restart: No

Visibility: user

Type: integer

Accepted values: [1, 32767]


oidc_discovery_url

This property is read-only in Redpanda Cloud.

The URL pointing to the well-known discovery endpoint for the OIDC provider.

Requires restart: No

Visibility: user

Type: string


oidc_principal_mapping

This property is read-only in Redpanda Cloud.

Rule for mapping JWT payload claim to a Redpanda user principal.

Requires restart: No

Visibility: user

Type: string


oidc_token_audience

This property is read-only in Redpanda Cloud.

A string representing the intended recipient of the token.

Requires restart: No

Visibility: user

Type: string


sasl_mechanisms

This property is read-only in Redpanda Cloud.

A list of supported SASL mechanisms. Accepted values: SCRAM, GSSAPI, OAUTHBEARER, PLAIN. Note that in order to enable PLAIN, you must also enable SCRAM.

Requires restart: No

Visibility: user

Type: string array

Accepted values: SCRAM, GSSAPI, OAUTHBEARER, PLAIN


tls_min_version

This property is read-only in Redpanda Cloud.

The minimum TLS version that Redpanda clusters support. This property prevents client applications from negotiating a downgrade to the TLS version when they make a connection to a Redpanda cluster.

Requires restart: Yes

Visibility: user

Accepted values: v1.0, v1.1, v1.2, v1.3

Type: string