Cluster Configuration Properties

Enables or disables audit logging. When you set this to true, Redpanda checks for an existing topic named _redpanda.audit_log. If none is found, Redpanda automatically creates one for you.

Requires restart: No

Visibility: user

Type: boolean

List of user principals to exclude from auditing.

Requires restart: No

Visibility: user

Type: array

List of topics to exclude from auditing.

Requires restart: No

Visibility: user

Type: array

Defines the number of partitions used by a newly-created audit topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics.

Unit: number of partitions per topic

Requires restart: No

Visibility: user

Type: integer

Accepted values: [-2147483648, 2147483647]

The maximum size for a deployable WebAssembly binary that the broker can store.

Requires restart: No

Visibility: tunable

Type: integer

Default: 10485760

Enables WebAssembly-powered data transforms directly in the broker. When data_transforms_enabled is set to true, Redpanda reserves memory for data transforms, even if no transform functions are currently deployed. This memory reservation ensures that adequate resources are available for transform functions when they are needed, but it also means that some memory is allocated regardless of usage.

Requires restart: Yes

Visibility: user

Type: boolean

Transform log lines truncate to this length. Truncation occurs after any character escaping.

Unit: bytes

Requires restart: No

Visibility: tunable

Type: integer

The amount of memory to reserve per core for data transform (Wasm) virtual machines. Memory is reserved on boot. The maximum number of functions that can be deployed to a cluster is equal to data_transforms_per_core_memory_reservation / data_transforms_per_function_memory_limit.

Requires restart: Yes

Visibility: user

Type: integer

The amount of memory to give an instance of a data transform (Wasm) virtual machine. The maximum number of functions that can be deployed to a cluster is equal to data_transforms_per_core_memory_reservation / data_transforms_per_function_memory_limit.

Requires restart: Yes

Visibility: user

Type: integer

Default: 2097152

Default replication factor for new topics.

Requires restart: No

Visibility: user

Type: integer

Accepted values: [-32768, 32767]

A list of supported HTTP authentication mechanisms. Accepted Values: BASIC, OIDC.

Requires restart: No

Visibility: user

Type: array

Accepted Values: BASIC, OIDC

Base path for the object-storage-backed Iceberg catalog. After Iceberg is enabled, do not change this value.

Requires restart: Yes

Visibility: user

Type: string

Related topics:

Iceberg catalog type that Redpanda will use to commit table metadata updates. Supported types: rest, object_storage.

Requires restart: Yes

Visibility: user

Accepted values: rest, object_storage

Related topics:

Default value for the redpanda.iceberg.partition.spec topic property that determines the partition spec for the Iceberg table corresponding to the topic.

Requires restart: No

Visibility: user

Type: string

Related topics:

Default value for the redpanda.iceberg.delete topic property that determines if the corresponding Iceberg table is deleted upon deleting the topic.

Requires restart: No

Visibility: user

Type: boolean

Related topics:

Whether to disable tagging of Iceberg snapshots. These tags are used to ensure that the snapshots that Redpanda writes are retained during snapshot removal, which in turn, helps Redpanda ensure exactly-once delivery of records. Disabling tags is therefore not recommended, but it may be useful if the Iceberg catalog does not support tags.

Requires restart: No

Visibility: user

Type: boolean

Related topics:

Enables the translation of topic data into Iceberg tables. Setting iceberg_enabled to true activates the feature at the cluster level, but each topic must also set the redpanda.iceberg.enabled topic-level property to true to use it. If iceberg_enabled is set to false, then the feature is disabled for all topics in the cluster, overriding any topic-level settings.

Requires restart: Yes

Visibility: user

Type: boolean

Related topics:

Default value for the redpanda.iceberg.invalid.record.action topic property.

Requires restart: No

Visibility: user

Related topics:

The authentication mode for client requests made to the Iceberg catalog. Choose from: none, bearer, and oauth2. In bearer mode, the token specified in iceberg_rest_catalog_token is used unconditionally, and no attempts are made to refresh the token. In oauth2 mode, the credentials specified in iceberg_rest_catalog_client_id and iceberg_rest_catalog_client_secret are used to obtain a bearer token from the URI defined by iceberg_rest_catalog_oauth2_server_uri..

Requires restart: Yes

Visibility: user

Related topics:

The client ID used to query the REST catalog API for the OAuth token. Required if catalog type is set to rest.

Requires restart: Yes

Visibility: user

Type: string

Related topics:

Secret used with the client ID to query the OAuth token endpoint for Iceberg REST catalog authentication. Required if catalog type is set to rest and iceberg_rest_catalog_authentication_mode is set to oauth2.

Requires restart: Yes

Visibility: user

Type: string

Related topics:

The contents of a certificate revocation list for iceberg_rest_catalog_trust. Takes precedence over iceberg_rest_catalog_crl_file.

Requires restart: Yes

Visibility: user

Type: string

URL of Iceberg REST catalog endpoint.

Requires restart: Yes

Visibility: user

Type: string

Related topics:

The OAuth URI used to retrieve access tokens for Iceberg REST catalog authentication. If left undefined, the deprecated Iceberg catalog endpoint /v1/oauth/tokens is used instead.

Requires restart: Yes

Visibility: user

Type: string

Related topics:

Prefix part of the Iceberg REST catalog URL. Prefix is appended to the catalog path, for example /v1/{prefix}/namespaces.

Requires restart: Yes

Visibility: user

Type: string

Related topics:

Maximum length of time that Redpanda waits for a response from the REST catalog before aborting the request.

Unit: milliseconds

Requires restart: No

Visibility: tunable

Type: integer

Accepted values: [-17592186044416, 17592186044415]

Related topics:

Token used to access the REST Iceberg catalog. If the token is present, Redpanda ignores credentials stored in the properties iceberg_rest_catalog_client_id and iceberg_rest_catalog_client_secret.

Required if iceberg_rest_catalog_authentication_mode is set to bearer.

Requires restart: Yes

Visibility: user

Type: string

Related topics:

The contents of a certificate chain to trust for the REST Iceberg catalog.

Requires restart: Yes

Visibility: user

Type: string

Default value for the redpanda.iceberg.target.lag.ms topic property, which controls how often the data in an Iceberg table is refreshed with new data from the corresponding Redpanda topic. Redpanda attempts to commit all data produced to the topic within the lag target, subject to resource availability.

Unit: milliseconds

Requires restart: No

Visibility: user

Type: integer

Accepted values: [-17592186044416, 17592186044415]

Related topics:

Default lifetime of log segments. If null, the property is disabled, and no default lifetime is set. Any value under 60 seconds (60000 ms) is rejected. This property can also be set in the Kafka API using the Kafka-compatible alias, log.roll.ms.

Unit: milliseconds

Requires restart: No

Visibility: user

Type: integer

Accepted values: [-17592186044416, 17592186044415]

Minimum allowable replication factor for topics in this cluster. The set value must be positive, odd, and equal to or less than the number of available brokers. Changing this parameter only restricts newly-created topics. Redpanda returns an INVALID_REPLICATION_FACTOR error on any attempt to create a topic with a replication factor less than this property.

If you change the minimum_topic_replications setting, the replication factor of existing topics remains unchanged. However, Redpanda will log a warning on start-up with a list of any topics that have fewer replicas than this minimum. For example, you might see a message such as Topic X has a replication factor less than specified minimum: 1 < 3.

Unit: minimum number of replicas per topic

Requires restart: No

Visibility: user

Type: integer

Accepted values: [1, 32767]

The URL pointing to the well-known discovery endpoint for the OIDC provider.

Requires restart: No

Visibility: user

Type: string

Default: https://auth.prd.cloud.redpanda.com/.well-known/openid-configuration

Rule for mapping JWT payload claim to a Redpanda user principal.

Requires restart: No

Visibility: user

Type: string

A string representing the intended recipient of the token.

Requires restart: No

Visibility: user

Type: string

A list of supported SASL mechanisms. Accepted values: SCRAM, GSSAPI, OAUTHBEARER, PLAIN. Note that in order to enable PLAIN, you must also enable SCRAM.

Requires restart: No

Visibility: user

Type: string array

Accepted values: SCRAM, GSSAPI, OAUTHBEARER, PLAIN

The minimum TLS version that Redpanda clusters support. This property prevents client applications from negotiating a downgrade to the TLS version when they make a connection to a Redpanda cluster.

Requires restart: Yes

Visibility: user

Accepted values: v1.0, v1.1, v1.2, v1.3

Type: string