# cluster.redpanda.com/v1alpha2 > For the complete documentation index, see [llms.txt](https://docs.redpanda.com/llms.txt). Component-specific: [streaming-full.txt](https://docs.redpanda.com/streaming-full.txt) --- title: cluster.redpanda.com/v1alpha2 latest-redpanda-tag: v25.3.11 latest-console-tag: v3.7.3 latest-operator-version: v26.1.4 # EOL = End-of-Life (support lifecycle status) page-is-nearing-eol: "false" page-is-past-eol: "false" page-eol-date: November 19, 2026 latest-connect-version: 4.93.0 docname: k-crd page-component-name: streaming page-version: "25.3" page-component-version: "25.3" page-component-title: Streaming page-relative-src-path: k-crd.adoc page-edit-url: https://github.com/redpanda-data/docs/edit/v/25.3/modules/reference/pages/k-crd.adoc description: Custom resource definitions for Redpanda resources. Use the Redpanda resources to create and manage Redpanda clusters, users and topics with the Redpanda Operator. page-git-created-date: "2024-01-04" page-git-modified-date: "2025-12-16" support-status: supported --- Resource Types - [Console](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-console) - [Redpanda](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpanda) - [RedpandaRole](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandarole) - [Schema](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schema) - [ShadowLink](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlink) - [Topic](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-topic) - [User](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-user) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclaccessfilter)ACLAccessFilter Filter an ACL based on its access Appears in: - [ACLFilter](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclfilter) | Field | Description | | --- | --- | | host string | The host to match. If not set, will default to match all hostswith the specified operation and permissionType. Note thatthe asterisk is literal and matches hosts that are set to | | operation ACLOperation | The ACL operation to match | | permissionType ACLType | The permission type | | principal string | The name of the principal, if not set will default to matchall principals with the specified operation and permissionType | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclfilter)ACLFilter A filter for ACLs Appears in: - [ShadowLinkSecuritySettingsSyncOptions](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinksecuritysettingssyncoptions) | Field | Description | | --- | --- | | accessFilter ACLAccessFilter | The access filter | | resourceFilter ACLResourceFilter | The resource filter | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-acloperation)ACLOperation (string) ACLOperation specifies the type of operation for an ACL. Appears in: - [ACLAccessFilter](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclaccessfilter) - [ACLRule](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclrule) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclresourcefilter)ACLResourceFilter Appears in: - [ACLFilter](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclfilter) | Field | Description | | --- | --- | | name string | | | patternType PatternType | | | resourceType ResourceType | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclresourcespec)ACLResourceSpec ACLResourceSpec indicates the resource for which given ACL rule applies. Appears in: - [ACLRule](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclrule) | Field | Description | | --- | --- | | type ResourceType | Type specifies the type of resource an ACL is applied to. Valid values:- topic- group- cluster- transactionalId | | name string | Name of resource for which given ACL rule applies. If using type cluster this must not be specified.Can be combined with patternType field to use prefix pattern. | | patternType PatternType | Describes the pattern used in the resource field. The supported types are literaland prefixed. With literal pattern type, the resource field will be used as a definitionof a full topic name. With prefix pattern type, the resource name will be used only asa prefix. Prefixed patterns can only be specified when using types topic, group, ortransactionalId. Default value is literal. Valid values:- literal- prefixed | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclrule)ACLRule ACLRule defines an ACL rule applied to the given user. Validations taken from [https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=75978240](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=75978240) Appears in: - [RoleAuthorizationSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-roleauthorizationspec) - [UserAuthorizationSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-userauthorizationspec) | Field | Description | | --- | --- | | type ACLType | Type specifies the type of ACL rule to create. Valid values are:- allow- deny | | resource ACLResourceSpec | Indicates the resource for which given ACL rule applies. | | host string | The host from which the action described in the ACL rule is allowed or denied.If not set, it defaults to *, allowing or denying the action from any host. | | operations ACLOperation array | List of operations which will be allowed or denied. Valid values are resource type dependent, but include:- Read- Write- Delete- Alter- Describe- IdempotentWrite- ClusterAction- Create- AlterConfigs- DescribeConfigs | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-acltype)ACLType (string) ACLType specifies the type, either allow or deny of an ACL rule. Appears in: - [ACLAccessFilter](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclaccessfilter) - [ACLRule](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclrule) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-admin)Admin Admin configures settings for the Admin API listeners. Appears in: - [Listeners](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-listeners) | Field | Description | | --- | --- | | enabled boolean | Specifies whether this Listener is enabled. | | authenticationMethod string | Specifies the authentication method for this listener. For example, 'mtls_identity', sasl or http_basic. | | appProtocol string | | | port integer | Specifies the container port number for this listener. | | tls ListenerTLS | Configures TLS settings for the internal listener. | | prefixTemplate string | Specifies the template used for generating the advertised addresses ofServices. This field accepts a string template that dynamicallyconstructs Service addresses based on various parameters such as Servicename and port number.For historical backwards compatibility, this field is present on bothinternal and external listeners. However, it is ignored when specifiedon internal listeners. | | external object (keys:string, values:ExternalListener) | Defines settings for the external listeners. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-adminapispec)AdminAPISpec AdminAPISpec defines client configuration for connecting to Redpanda’s admin API. Appears in: - [StaticConfigurationSource](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-staticconfigurationsource) | Field | Description | | --- | --- | | urls string array | Specifies a list of broker addresses in the format : | | tls CommonTLS | Defines TLS configuration settings for Redpanda clusters that have TLS enabled. | | sasl AdminSASL | Defines authentication configuration settings for Redpanda clusters that have authentication enabled. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-adminsasl)AdminSASL AdminSASL configures credentials to connect to Redpanda cluster that has authentication enabled. Appears in: - [AdminAPISpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-adminapispec) | Field | Description | | --- | --- | | username string | Specifies the username. | | mechanism SASLMechanism | Specifies the SASL/SCRAM authentication mechanism. | | password ValueSource | Specifies the password. | | authToken ValueSource | Specifies token for token-based authentication (only used if no username/password are provided). | | passwordSecretRef SecretKeyRef | Deprecated: use password instead | | token SecretKeyRef | Deprecated: use authToken instead | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-auditlogging)AuditLogging AuditLogging configures how to perform audit logging for a redpanda cluster Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | enabled boolean | Specifies whether to enable audit logging or not | | listener string | Kafka external listener name, note that it must have authenticationMethod set to sasl | | partitions integer | Integer value defining the number of partitions used by a newly created audit topic | | enabledEventTypes string array | Event types that should be captured by audit logs | | excludedTopics string array | List of topics to exclude from auditing | | excludedPrincipals string array | List of principals to exclude from auditing | | clientMaxBufferSize integer | Defines the number of bytes (in bytes) allocated by the internal audit client for audit messages. | | queueDrainIntervalMs integer | In ms, frequency in which per shard audit logs are batched to client for write to audit log. | | queueMaxBufferSizePerShard integer | Defines the maximum amount of memory used (in bytes) by the audit buffer in each shard | | replicationFactor integer | Defines the replication factor for a newly created audit log topic. This configuration appliesonly to the audit log topic and may be different from the cluster or other topic configurations.This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided,Redpanda will use the internal_topic_replication_factor cluster config value. Default is null | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-auth)Auth Auth configures authentication in the Helm values. See [Authentication and Authorization for Redpanda in Kubernetes](https://docs.redpanda.com/streaming/25.3/manage/kubernetes/security/authentication/) Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | sasl SASL | Configures SASL authentication in the Helm values. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-authenticationsecrets)AuthenticationSecrets Appears in: - [SecretConfig](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-secretconfig) | Field | Description | | --- | --- | | jwtSigningKey string | | | oidc OIDCLoginSecrets | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-authorizationtype)AuthorizationType (string) AuthorizationType specifies the type of authorization to use in creating a user. Appears in: - [UserAuthorizationSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-userauthorizationspec) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-autoscaling)AutoScaling Appears in: - [ConsoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec) - [ConsoleValues](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolevalues) | Field | Description | | --- | --- | | enabled boolean | | | minReplicas integer | | | maxReplicas integer | | | targetCPUUtilizationPercentage integer | | | targetMemoryUtilizationPercentage integer | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-bootstrapuser)BootstrapUser BootstrapUser configures the user used to bootstrap Redpanda when SASL is enabled. Appears in: - [SASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-sasl) | Field | Description | | --- | --- | | name string | Name specifies the name of the bootstrap user created for the cluster, if unspecifieddefaults to "kubernetes-controller". | | secretKeyRef SecretKeySelector | Specifies the location where the generated password will be written or a pre-existingpassword will be read from. | | mechanism string | Specifies the authentication mechanism to use for the bootstrap user. Options are SCRAM-SHA-256 and SCRAM-SHA-512. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-budget)Budget Budget configures the management of disruptions affecting the Pods in the StatefulSet. Appears in: - [Statefulset](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-statefulset) | Field | Description | | --- | --- | | maxUnavailable integer | Defines the maximum number of Pods that can be unavailable during a voluntary disruption. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-cpu)CPU CPU configures CPU resources for containers. See [Manage Pod Resources in Kubernetes](https://docs.redpanda.com/streaming/25.3/manage/kubernetes/k-manage-resources/) Appears in: - [Resources](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-resources) | Field | Description | | --- | --- | | cores Quantity | Specifies the number of CPU cores available to the application. Redpanda makes use of a thread per core model. For details, see How Redpanda Works For this reason, Redpanda should only be given full cores. Note: You can increase cores, but decreasing cores is not currently supported. See the GitHub issue:https://github.com/redpanda-data/redpanda/issues/350. This setting is equivalent to --smp, resources.requests.cpu, and resources.limits.cpu. For production, use 4 or greater. | | overprovisioned boolean | Specifies whether Redpanda assumes it has all of the provisioned CPU. This should be true unless the container has CPU affinity. Equivalent to: --idle-poll-time-us 0, --thread-affinity 0, and --poll-aio 0. If the value of full cores in resources.cpu.cores is less than 1, this setting is set to true. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-certificate)Certificate Certificate configures TLS certificates. Appears in: - [TLS](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-tls) | Field | Description | | --- | --- | | issuerRef IssuerRef | Specify the name of an existing Issuer or ClusterIssuer resource to use to generate certificates. Requires cert-manager. See https://cert-manager.io/v1.1-docs. | | secretRef SecretRef | Specify the name of an existing Secret resource that contains your TLS certificate. | | clientSecretRef SecretRef | Specify the name of an existing Secret resource that contains your client TLS certificate. | | duration Duration | Specifies the validity duration of certificates generated with issuerRef. | | caEnabled boolean | Specifies whether to include the ca.crt file in the trust stores of all listeners. Set to true only for certificates that are not authenticated using public certificate authorities (CAs). | | applyInternalDNSNames boolean | Specifies you wish to have Kubernetes internal dns names (IE the headless service of the redpanda StatefulSet) included in dnsNames of the certificate even, when supplying an issuer. | | enabled boolean | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-chartref)ChartRef Appears in: - [RedpandaSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaspec) | Field | Description | | --- | --- | | chartName string | Specifies the name of the chart to deploy. | | chartVersion string | Defines the version of the Redpanda Helm chart to deploy. | | helmRepositoryName string | Defines the chart repository to use. Defaults to redpanda if not defined. | | timeout Duration | Specifies the time to wait for any individual Kubernetes operation (like Jobsfor hooks) during Helm actions. Defaults to 15m0s. | | upgrade RawExtension | Defines how to handle upgrades, including failures. | | useFlux boolean | Setting the useFlux flag to false disables the Helm controller’s reconciliation of the Helm chart.This ties the operator to a specific version of the Go-based Redpanda Helm chart, causing all otherChartRef fields to be ignored.Before disabling useFlux, ensure that your chartVersion is aligned with 5.9.21 or the correspondingversion of the Redpanda chart.Note: When useFlux is set to false, RedpandaStatus may become inaccurate if the HelmRelease ismanually deleted.To dynamically switch Flux controllers (HelmRelease and HelmRepository), setting useFlux to falsewill suspend these resources instead of removing them.References:- https://fluxcd.io/flux/components/helm/helmreleases/#suspend- https://fluxcd.io/flux/components/source/helmrepositories/#suspend | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-clusterconfiguration)ClusterConfiguration (ClusterConfiguration) Appears in: - [Config](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-config) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-clusterref)ClusterRef ClusterRef represents a reference to a cluster that is being targeted. Appears in: - [ClusterSource](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-clustersource) | Field | Description | | --- | --- | | group string | Group is used to override the object group that this reference points to.If unspecified, defaults to "cluster.redpanda.com". | | kind string | Kind is used to override the object kind that this reference points to.If unspecified, defaults to "Redpanda". | | name string | Name specifies the name of the cluster being referenced. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-clustersource)ClusterSource ClusterSource defines how to connect to a particular Redpanda cluster. Appears in: - [ConsoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec) - [RoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-rolespec) - [SchemaSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaspec) - [ShadowLinkSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkspec) - [TopicSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-topicspec) - [UserSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-userspec) | Field | Description | | --- | --- | | clusterRef ClusterRef | ClusterRef is a reference to the cluster where the object should be created.It is used in constructing the client created to configure a cluster.This takes precedence over StaticConfigurationSource. | | staticConfiguration StaticConfigurationSource | StaticConfiguration holds connection parameters to Kafka and Admin APIs. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-commontls)CommonTLS CommonTLS specifies TLS configuration settings for Redpanda clusters that have authentication enabled. Appears in: - [AdminAPISpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-adminapispec) - [KafkaAPISpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkaapispec) - [SchemaRegistrySpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaregistryspec) | Field | Description | | --- | --- | | enabled boolean | Enabled tells any connections derived from this configuration to leverage TLS even if nocertificate configuration is specified. It only is relevant if no other field is specifiedin the TLS configuration block, as, for backwards compatibility reasons, any CA/Cert/Key-specificationresults in attempting to create a connection using TLS - specifying "false" in such a case doesnot disable TLS from being used. Leveraging this option is to support the use-case where aconnection is served by publically issued TLS certificates that don’t require any additional certificatespecification. | | caCert ValueSource | CaCert is the reference for certificate authority used to establish TLS connection to Redpanda | | cert ValueSource | Cert is the reference for client public certificate to establish mTLS connection to Redpanda | | key ValueSource | Key is the reference for client private certificate to establish mTLS connection to Redpanda | | caCertSecretRef SecretKeyRef | Deprecated: replaced by "caCert". | | certSecretRef SecretKeyRef | Deprecated: replaced by "cert". | | keySecretRef SecretKeyRef | Deprecated: replaced by "key". | | insecureSkipTlsVerify boolean | InsecureSkipTLSVerify can skip verifying Redpanda self-signed certificate when establish TLS connection to Redpanda | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-compatibilitylevel)CompatibilityLevel (string) Appears in: - [SchemaSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaspec) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-config)Config Config configures Redpanda config properties supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these values from the defaults comes with some risk. Use these properties to customize various Redpanda configurations that are not available in the `RedpandaClusterSpec`. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup. Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | rpk RawExtension | Specifies cluster configuration properties. See Cluster Configuration Properties | | cluster RawExtension | Specifies cluster configuration properties. See Cluster Configuration Properties | | extraClusterConfiguration ClusterConfiguration | Holds values (or references to values) that should be used to configure the cluster; theseare resolved late in order to avoid embedding secrets directly into bootstrap configurationsexposed as Kubernetes configmaps. | | node RawExtension | Specifies broker configuration properties. See Broker Configuration Properties | | tunable RawExtension | Specifies tunable configuration properties. See Cluster Configuration Properties | | schema_registry_client RawExtension | Specifies tunable configuration properties. See Cluster Configuration Properties | | pandaproxy_client RawExtension | Specifies tunable configuration properties. See Cluster Configuration Properties | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-configsynonyms)ConfigSynonyms ConfigSynonyms was copied from [https://github.com/twmb/franz-go/blob/01651affd204d4a3577a341e748c5d09b52587f8/pkg/kmsg/generated.go#L24569-L24578](https://github.com/twmb/franz-go/blob/01651affd204d4a3577a341e748c5d09b52587f8/pkg/kmsg/generated.go#L24569-L24578) Appears in: - [Configuration](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-configuration) | Field | Description | | --- | --- | | name string | | | value string | | | source string | | | unknownTags object (keys:string, values:string) | UnknownTags are tags Kafka sent that we do not know the purpose of. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-configwatcher)ConfigWatcher ConfigWatcher configures a sidecar that watches for changes to the Secret in `auth.sasl.secretRef` and applies the changes to the Redpanda cluster. Appears in: - [SideCars](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-sidecars) | Field | Description | | --- | --- | | enabled boolean | Specifies whether the sidecar is enabled. | | extraVolumeMounts string | Specifies additional volumes to mount to the sidecar.DEPRECATED: Use sideCars.extraVolumeMounts | | resources ResourceRequirements | Specifies resource requests for the sidecar container.DEPRECATED: Use sideCars.resources | | securityContext SecurityContext | Specifies the container’s security context, including privileges and access levels of the container and its processes.DEPRECATED: Use sideCars.securityContext | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-configuration)Configuration Configuration was copied from [https://github.com/twmb/franz-go/blob/01651affd204d4a3577a341e748c5d09b52587f8/pkg/kmsg/generated.go#L24593-L24634](https://github.com/twmb/franz-go/blob/01651affd204d4a3577a341e748c5d09b52587f8/pkg/kmsg/generated.go#L24593-L24634) Appears in: - [TopicStatus](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-topicstatus) | Field | Description | | --- | --- | | name string | Name is a key this entry corresponds to (e.g. segment.bytes). | | value string | Value is the value for this config key. If the key is sensitive,the value will be null. | | readOnly boolean | ReadOnly signifies whether this is not a dynamic config option.Note that this field is not always correct, and you may need to checkwhether the Source is any dynamic enum. See franz-go#91 for more details. | | isDefault boolean | IsDefault is whether this is a default config option. This has beenreplaced in favor of Source. | | source string | Source is where this config entry is from.This field has a default of -1. | | isSensitive boolean | IsSensitive signifies whether this is a sensitive config key, whichis either a password or an unknown type. | | configSynonyms ConfigSynonyms array | ConfigSynonyms contains fallback key/value pairs for this configentry, in order of preference. That is, if a config entry is bothdynamically configured and has a default, the top level return will bethe dynamic configuration, while its "synonym" will be the default. | | configType string | ConfigType specifies the configuration data type. | | documentation string | Documentation is optional documentation for the config entry. | | unknownTags object (keys:string, values:string) | UnknownTags are tags Kafka sent that we do not know the purpose of. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-configurator)Configurator Appears in: - [InitContainers](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-initcontainers) | Field | Description | | --- | --- | | extraVolumeMounts string | | | resources ResourceRequirements | | | additionalCLIArgs string array | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-connectormonitoring)ConnectorMonitoring ConnectorMonitoring configures monitoring resources for Connectors. See [Monitor Redpanda in Kubernetes](https://docs.redpanda.com/streaming/25.3/manage/kubernetes/monitoring/k-monitor-redpanda/) Appears in: - [RedpandaConnectors](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaconnectors) | Field | Description | | --- | --- | | enabled boolean | Specifies whether to create a ServiceMonitor that can be used by Prometheus Operator or VictoriaMetrics Operator to scrape the metrics. | | labels object (keys:string, values:string) | Adds custom labels to the ServiceMonitor resource. | | scrapeInterval string | Specifies how often to scrape metrics. | | annotations object (keys:string, values:string) | Adds custom Annotations to the ServiceMonitor resource. | | namespaceSelector NamespaceSelector | Adds custom namespaceSelector to monitoring resources | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-connectorscreateobj)ConnectorsCreateObj ConnectorsCreateObj configures Kubernetes resources for Redpanda Connectors. Appears in: - [RedpandaConnectors](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaconnectors) | Field | Description | | --- | --- | | create boolean | Specifies whether to create the resource. | | enabled boolean | Deprecated: this field exists for storage backwards compatibility and isnever used. Prefer Create. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-console)Console Console defines the CRD for Redpanda Console instances. | Field | Description | | --- | --- | | apiVersion string | cluster.redpanda.com/v1alpha2 | | kind string | Console | | kind string | Kind is a string value representing the REST resource this object represents.Servers may infer this from the endpoint the client submits requests to.Cannot be updated.In CamelCase.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | apiVersion string | APIVersion defines the versioned schema of this representation of an object.Servers should convert recognized schemas to the latest internal value, andmay reject unrecognized values.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | metadata ObjectMeta | Refer to the Kubernetes API documentation for fields of metadata. | | spec ConsoleSpec | | | status ConsoleStatus | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolecreateobj)ConsoleCreateObj ConsoleCreateObj represents configuration options for creating Kubernetes objects such as ConfigMaps, Secrets, and Deployments. Appears in: - [RedpandaConsole](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaconsole) | Field | Description | | --- | --- | | create boolean | Indicates whether the corresponding Kubernetes object (ConfigMap, Secret, or Deployment) should be created. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec)ConsoleSpec Appears in: - [Console](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-console) | Field | Description | | --- | --- | | replicaCount integer | | | image Image | | | imagePullSecrets LocalObjectReference array | | | automountServiceAccountToken boolean | | | serviceAccount ServiceAccountConfig | | | commonLabels object (keys:string, values:string) | | | annotations object (keys:string, values:string) | | | podAnnotations object (keys:string, values:string) | | | podLabels object (keys:string, values:string) | | | podSecurityContext PodSecurityContext | | | securityContext SecurityContext | | | service ServiceConfig | | | ingress IngressConfig | | | resources ResourceRequirements | | | autoscaling AutoScaling | | | nodeSelector object (keys:string, values:string) | | | tolerations Toleration array | | | affinity Affinity | | | topologySpreadConstraints TopologySpreadConstraint array | | | priorityClassName string | | | config RawExtension | | | extraEnv EnvVar array | | | extraEnvFrom EnvFromSource array | | | extraVolumes Volume array | | | extraVolumeMounts VolumeMount array | | | extraContainers Container array | | | extraContainerPorts ContainerPort array | | | secretMounts SecretMount array | | | secret SecretConfig | | | licenseSecretRef SecretKeySelector | | | livenessProbe ProbeApplyConfiguration | LivenessProbe describes a health check to be performed against a container to determine whether it isalive. | | readinessProbe ProbeApplyConfiguration | ReadinessProbe describes a health check to be performed against a container to determine whether it isready to receive traffic. | | deployment DeploymentConfig | | | strategy DeploymentStrategy | | | warnings string array | Warnings is a slice of human readable warnings generated by the automaticmigration of a Console V2 config to a Console V3 config. If warnings arepresent, they will describe which fields from the original config havebeen dropped and why.Setting this field has no effect. | | cluster ClusterSource | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolestatus)ConsoleStatus Appears in: - [Console](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-console) | Field | Description | | --- | --- | | observedGeneration integer | The generation observed by the Console controller. | | replicas integer | Total number of non-terminating Pods targeted by this Console’s Deployment. | | updatedReplicas integer | Total number of non-terminating pods targeted by this Console’s Deployment that have the desired template spec. | | readyReplicas integer | Total number of non-terminating pods targeted by this Console’s Deployment with a Ready Condition. | | availableReplicas integer | Total number of available non-terminating pods (ready for at least minReadySeconds) targeted by this Console’s Deployment. | | unavailableReplicas integer | Total number of unavailable pods targeted by this deployment. This is the total number ofpods that are still required for the deployment to have 100% available capacity. They mayeither be pods that are running but not yet available or pods that still have not been created. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolevalues)ConsoleValues ConsoleValues is a CRD friendly equivalent of \[console.PartialValues\]. Any member that is optional at the top level, either by being a pointer, map, or slice, is NOT further partial-ized. This allows us to enforce validation constraints without accidentally polluting the defaults of the chart. Appears in: - [ConsoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec) | Field | Description | | --- | --- | | replicaCount integer | | | image Image | | | imagePullSecrets LocalObjectReference array | | | automountServiceAccountToken boolean | | | serviceAccount ServiceAccountConfig | | | commonLabels object (keys:string, values:string) | | | annotations object (keys:string, values:string) | | | podAnnotations object (keys:string, values:string) | | | podLabels object (keys:string, values:string) | | | podSecurityContext PodSecurityContext | | | securityContext SecurityContext | | | service ServiceConfig | | | ingress IngressConfig | | | resources ResourceRequirements | | | autoscaling AutoScaling | | | nodeSelector object (keys:string, values:string) | | | tolerations Toleration array | | | affinity Affinity | | | topologySpreadConstraints TopologySpreadConstraint array | | | priorityClassName string | | | config RawExtension | | | extraEnv EnvVar array | | | extraEnvFrom EnvFromSource array | | | extraVolumes Volume array | | | extraVolumeMounts VolumeMount array | | | extraContainers Container array | | | extraContainerPorts ContainerPort array | | | secretMounts SecretMount array | | | secret SecretConfig | | | licenseSecretRef SecretKeySelector | | | livenessProbe ProbeApplyConfiguration | LivenessProbe describes a health check to be performed against a container to determine whether it isalive. | | readinessProbe ProbeApplyConfiguration | ReadinessProbe describes a health check to be performed against a container to determine whether it isready to receive traffic. | | deployment DeploymentConfig | | | strategy DeploymentStrategy | | | warnings string array | Warnings is a slice of human readable warnings generated by the automaticmigration of a Console V2 config to a Console V3 config. If warnings arepresent, they will describe which fields from the original config havebeen dropped and why.Setting this field has no effect. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-containerresources)ContainerResources ContainerResources defines resource limits for containers. Appears in: - [Memory](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-memory) | Field | Description | | --- | --- | | max Quantity | Specifies the maximum resources that can be allocated to a container. | | min Quantity | Specifies the minimum resources required for a container. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-credentialsecretref)CredentialSecretRef CredentialSecretRef can be used to set cloud\_storage\_secret\_key from referenced Kubernetes Secret Appears in: - [Tiered](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-tiered) | Field | Description | | --- | --- | | accessKey SecretWithConfigField | | | secretKey SecretWithConfigField | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-deploymentconfig)DeploymentConfig Appears in: - [ConsoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec) - [ConsoleValues](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolevalues) | Field | Description | | --- | --- | | command string array | | | extraArgs string array | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-enterprise)Enterprise Enterprise configures an Enterprise license key to enable Redpanda Enterprise features. Requires the post-install job to be enabled (default). See [Redpanda Licenses and Enterprise Features](https://docs.redpanda.com/streaming/25.3/get-started/licensing/overview/) Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | license string | Specifies the Enterprise license key. | | licenseSecretRef EnterpriseLicenseSecretRef | Defines a reference to a Secret resource that contains the Enterprise license key. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-enterpriselicensesecretref)EnterpriseLicenseSecretRef EnterpriseLicenseSecretRef configures a reference to a Secret resource that contains the Enterprise license key. Appears in: - [Enterprise](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-enterprise) | Field | Description | | --- | --- | | key string | Specifies the key that is contains the Enterprise license in the Secret. | | name string | Specifies the name of the Secret resource to use. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-external)External External defines external connectivity settings in the Helm values. Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | addresses string array | Specifies addresses for the external listeners to advertise.Provide one entry for each broker in order of StatefulSet replicas. The number of brokers is defined in statefulset.replicas. The values can be IP addresses or DNS names. If external.domain is set, the domain is appended to these values. | | annotations object (keys:string, values:string) | Adds custom annotations to the external Service. | | domain string | Specifies the domain to advertise to external clients. If specified, then it will be appended to the external.addresses values as each broker’s advertised address. | | enabled boolean | Specifies whether the external access is enabled. | | service ExternalService | Configures the external Service resource. | | sourceRanges string array | Source range for external access. Only applicable when external.type is LoadBalancer. | | type string | Specifies the external Service type. Only NodePort and LoadBalancer are supported. If undefined, then advertised listeners will be configured in Redpanda, but the Helm chart will not create a Service. NodePort is recommended in cases where latency is a priority. | | externalDns ExternalDNS | Defines externalDNS configurations. | | prefixTemplate string | Specifies a naming prefix template for external Services. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-externaldns)ExternalDNS ExternalDNS configures externalDNS. Appears in: - [External](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-external) | Field | Description | | --- | --- | | enabled boolean | Specifies whether externalDNS annotations are added to LoadBalancer Services. If you enable externalDns, each LoadBalancer Service defined in external.type will be annotated with an external-dns hostname that matches external.addresses[i].external.domain. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-externallistener)ExternalListener ExternalListener configures settings for the external listeners. Appears in: - [Admin](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-admin) - [HTTP](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-http) - [Kafka](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafka) - [SchemaRegistry](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaregistry) | Field | Description | | --- | --- | | enabled boolean | Specifies whether this Listener is enabled. | | authenticationMethod string | Specifies the authentication method for this listener. For example, 'mtls_identity', sasl or http_basic. | | appProtocol string | | | port integer | Specifies the container port number for this listener. | | tls ListenerTLS | Configures TLS settings for the internal listener. | | prefixTemplate string | Specifies the template used for generating the advertised addresses ofServices. This field accepts a string template that dynamicallyconstructs Service addresses based on various parameters such as Servicename and port number.For historical backwards compatibility, this field is present on bothinternal and external listeners. However, it is ignored when specifiedon internal listeners. | | advertisedPorts integer array | Specifies the network port that the external Service listens on. | | nodePort integer | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-externalsecretkeyselector)ExternalSecretKeySelector ExternalSecretKeySelector selects a key of an external Secret. Appears in: - [ValueSource](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-valuesource) | Field | Description | | --- | --- | | name string | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-externalservice)ExternalService ExternalService allows you to enable or disable the creation of an external Service type. Appears in: - [External](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-external) | Field | Description | | --- | --- | | enabled boolean | Specifies whether to create the external Service. If set to false, the external Service type is not created. You can still set your cluster with external access but not create the supporting Service. Set this to false to manage your own Service. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-filtertype)FilterType (string) FilterType specifies the type, either include or exclude of a consumer group filter. Appears in: - [NameFilter](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-namefilter) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-fsvalidator)FsValidator Appears in: - [InitContainers](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-initcontainers) | Field | Description | | --- | --- | | enabled boolean | | | expectedFS string | | | extraVolumeMounts string | Adds extra volume mounts. | | resources ResourceRequirements | Specifies the resource requirements. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-http)HTTP HTTP configures settings for the HTTP Proxy listeners. Appears in: - [Listeners](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-listeners) | Field | Description | | --- | --- | | enabled boolean | Specifies whether this Listener is enabled. | | authenticationMethod string | Specifies the authentication method for this listener. For example, 'mtls_identity', sasl or http_basic. | | appProtocol string | | | port integer | Specifies the container port number for this listener. | | tls ListenerTLS | Configures TLS settings for the internal listener. | | prefixTemplate string | Specifies the template used for generating the advertised addresses ofServices. This field accepts a string template that dynamicallyconstructs Service addresses based on various parameters such as Servicename and port number.For historical backwards compatibility, this field is present on bothinternal and external listeners. However, it is ignored when specifiedon internal listeners. | | external object (keys:string, values:ExternalListener) | Defines settings for the external listeners. | | kafkaEndpoint string | Configures the listener to use for HTTP connections. For example default for the internal listener.deprecated and not respected. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-image)Image Appears in: - [ConsoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec) - [ConsoleValues](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolevalues) | Field | Description | | --- | --- | | registry string | | | repository string | | | pullPolicy PullPolicy | | | tag string | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-ingressconfig)IngressConfig Appears in: - [ConsoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec) - [ConsoleValues](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolevalues) | Field | Description | | --- | --- | | enabled boolean | | | className string | | | annotations object (keys:string, values:string) | | | hosts IngressHost array | | | tls IngressTLS array | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-ingresshost)IngressHost Appears in: - [IngressConfig](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-ingressconfig) | Field | Description | | --- | --- | | host string | | | paths IngressPath array | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-ingresspath)IngressPath Appears in: - [IngressHost](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-ingresshost) | Field | Description | | --- | --- | | path string | | | pathType PathType | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-initcontainerimage)InitContainerImage InitContainerImage configures the init container image used to perform initial setup tasks before the main containers start. Appears in: - [Statefulset](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-statefulset) | Field | Description | | --- | --- | | repository string | | | tag string | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-initcontainers)InitContainers InitContainers configures the init container used to perform initial setup tasks before the main containers start. Appears in: - [Statefulset](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-statefulset) | Field | Description | | --- | --- | | configurator Configurator | | | extraInitContainers string | | | setDataDirOwnership SetDataDirOwnership | Defines the settings related to ownership of the Redpanda data directory in environments where root access is restricted. | | setTieredStorageCacheDirOwnership SetTieredStorageCacheDirOwnership | Defines the settings related to ownership of the Tiered Storage cache in environments where root access is restricted. | | fsValidator FsValidator | Defines the setting for init container that not allow to start Redpanda until filesystem matches | | tuning Tuning | Defines settings for the autotuner tool in Redpanda. The autotuner identifies the hardware configuration in the container and optimizes the Linux kernel to give you the best performance. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-issuerref)IssuerRef IssuerRef configures the Issuer or ClusterIssuer resource to use to generate certificates. Requires cert-manager. See [https://cert-manager.io/v1.1-docs](https://cert-manager.io/v1.1-docs). Appears in: - [Certificate](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-certificate) | Field | Description | | --- | --- | | name string | Specifies the name of the resource. | | kind string | Specifies the kind of resource. One of Issuer or ClusterIssuer. | | group string | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafka)Kafka Kafka configures settings for the Kafka API listeners. Appears in: - [Listeners](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-listeners) | Field | Description | | --- | --- | | enabled boolean | Specifies whether this Listener is enabled. | | authenticationMethod string | Specifies the authentication method for this listener. For example, 'mtls_identity', sasl or http_basic. | | appProtocol string | | | port integer | Specifies the container port number for this listener. | | tls ListenerTLS | Configures TLS settings for the internal listener. | | prefixTemplate string | Specifies the template used for generating the advertised addresses ofServices. This field accepts a string template that dynamicallyconstructs Service addresses based on various parameters such as Servicename and port number.For historical backwards compatibility, this field is present on bothinternal and external listeners. However, it is ignored when specifiedon internal listeners. | | external object (keys:string, values:ExternalListener) | Defines settings for the external listeners. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkaapispec)KafkaAPISpec KafkaAPISpec configures client configuration settings for connecting to Redpanda brokers. Appears in: - [StaticConfigurationSource](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-staticconfigurationsource) - [TopicSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-topicspec) | Field | Description | | --- | --- | | brokers string array | Specifies a list of broker addresses in the format : | | tls CommonTLS | Defines TLS configuration settings for Redpanda clusters that have TLS enabled. | | sasl KafkaSASL | Defines authentication configuration settings for Redpanda clusters that have authentication enabled. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasasl)KafkaSASL KafkaSASL configures credentials to connect to Redpanda cluster that has authentication enabled. Appears in: - [KafkaAPISpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkaapispec) | Field | Description | | --- | --- | | username string | Specifies the username. | | password ValueSource | Specifies the password. | | mechanism SASLMechanism | Specifies the SASL/SCRAM authentication mechanism. | | oauth KafkaSASLOAuthBearer | | | gssapi KafkaSASLGSSAPI | | | awsMskIam KafkaSASLAWSMskIam | | | passwordSecretRef SecretKeyRef | Deprecated: use password instead | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasaslawsmskiam)KafkaSASLAWSMskIam KafkaSASLAWSMskIam is the config for AWS IAM SASL mechanism, see: [https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html](https://docs.aws.amazon.com/msk/latest/developerguide/iam-access-control.html) Appears in: - [KafkaSASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasasl) | Field | Description | | --- | --- | | accessKey string | | | secretKey ValueSource | | | secretKeySecretRef SecretKeyRef | Deprecated: use secretKey instead | | sessionToken ValueSource | SessionToken, if non-empty, is a session / security token to use for authentication.See: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html | | sessionTokenSecretRef SecretKeyRef | Deprecated: use sessionToken instead | | userAgent string | UserAgent is the user agent to for the client to use when connectingto Kafka, overriding the default "franz-go//".Setting a UserAgent allows authorizing based on the aws:UserAgentcondition key; see the following link for more details:https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-useragent | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasaslgssapi)KafkaSASLGSSAPI KafkaSASLGSSAPI represents the Kafka Kerberos config. Appears in: - [KafkaSASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasasl) | Field | Description | | --- | --- | | authType string | | | keyTabPath string | | | kerberosConfigPath string | | | serviceName string | | | username string | | | password ValueSource | | | passwordSecretRef SecretKeyRef | Deprecated: use password instead | | realm string | | | enableFast boolean | EnableFAST enables FAST, which is a pre-authentication framework for Kerberos.It includes a mechanism for tunneling pre-authentication exchanges using armored KDC messages.FAST provides increased resistance to passive password guessing attacks. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasasloauthbearer)KafkaSASLOAuthBearer KafkaSASLOAuthBearer is the config struct for the SASL OAuthBearer mechanism Appears in: - [KafkaSASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasasl) | Field | Description | | --- | --- | | token ValueSource | | | tokenSecretRef SecretKeyRef | Deprecated: use token instead | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasecrets)KafkaSecrets Appears in: - [SecretConfig](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-secretconfig) | Field | Description | | --- | --- | | saslPassword string | | | awsMskIamSecretKey string | | | tlsCa string | | | tlsCert string | | | tlsKey string | | | tlsPassphrase string | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-licensesecretref)LicenseSecretRef LicenseSecretRef is deprecated. Use `EnterpriseLicenseSecretRef` instead. Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | secret_key string | Specifies the key that is contains the Enterprise license in the Secret. | | secret_name string | Specifies the name of the Secret. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-listener)Listener Appears in: - [Admin](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-admin) - [ExternalListener](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-externallistener) - [HTTP](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-http) - [Kafka](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafka) - [SchemaRegistry](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaregistry) | Field | Description | | --- | --- | | enabled boolean | Specifies whether this Listener is enabled. | | authenticationMethod string | Specifies the authentication method for this listener. For example, 'mtls_identity', sasl or http_basic. | | appProtocol string | | | port integer | Specifies the container port number for this listener. | | tls ListenerTLS | Configures TLS settings for the internal listener. | | prefixTemplate string | Specifies the template used for generating the advertised addresses ofServices. This field accepts a string template that dynamicallyconstructs Service addresses based on various parameters such as Servicename and port number.For historical backwards compatibility, this field is present on bothinternal and external listeners. However, it is ignored when specifiedon internal listeners. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-listenertls)ListenerTLS ListenerTLS configures TLS configuration for each listener in the Helm values. Appears in: - [Admin](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-admin) - [ExternalListener](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-externallistener) - [HTTP](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-http) - [Kafka](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafka) - [Listener](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-listener) - [RPC](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-rpc) - [SchemaRegistry](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaregistry) | Field | Description | | --- | --- | | cert string | References a specific certificate for the listener. | | enabled boolean | Specifies whether TLS is enabled for the listener. | | secretRef string | References a Secret resource containing TLS credentials for the listener.Deprecated: Setting SecretRef has no affect and will be removed infuture releases. | | requireClientAuth boolean | Indicates whether client authentication (mTLS) is required. | | trustStore TrustStore | TrustStore allows setting the truststore_path on this listener. Ifspecified, this field takes precedence over [Certificate.CAEnabled]. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-listeners)Listeners Listeners configures settings for listeners, including HTTP Proxy, Schema Registry, the Admin API and the Kafka API. See [Configure Listeners in Kubernetes](https://docs.redpanda.com/streaming/25.3/manage/kubernetes/networking/k-configure-listeners/) Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | admin Admin | Configures settings for the Admin API listeners. | | http HTTP | Configures settings for the HTTP Proxy listeners. | | kafka Kafka | Configures settings for the Kafka API listeners. | | rpc RPC | Configures settings for the RPC API listener. | | schemaRegistry SchemaRegistry | Configures settings for the Schema Registry listeners. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-livenessprobe)LivenessProbe LivenessProbe configures liveness probes to monitor the health of the Pods and restart them if necessary. Appears in: - [RedpandaConsole](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaconsole) - [Statefulset](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-statefulset) | Field | Description | | --- | --- | | failureThreshold integer | Sets the number of consecutive failures required to consider a Pod as not live. | | initialDelaySeconds integer | Specifies the time in seconds to wait before the first probe is initiated. | | periodSeconds integer | Determines the frequency in seconds of performing the probe. | | timeoutSeconds integer | | | successThreshold integer | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-logging)Logging Logging configures logging settings in the Helm values. See [Resolve Errors in Kubernetes](https://docs.redpanda.com/streaming/25.3/troubleshoot/errors-solutions/k-resolve-errors/) Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | logLevel string | Sets the verbosity level of logs. | | usageStats UsageStats | Specifies whether to send usage statistics to Redpanda Data. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-memory)Memory Memory configures memory resources. Appears in: - [Resources](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-resources) | Field | Description | | --- | --- | | container ContainerResources | Defines resource limits for containers. | | enable_memory_locking boolean | Enables memory locking. For production, set to true. | | redpanda RedpandaMemory | Allows you to optionally specify the memory size for both the Redpanda process and the underlying reserved memory used by Seastar. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-metadatatemplate)MetadataTemplate MetadataTemplate defines additional metadata to associate with a resource. Appears in: - [ResourceTemplate](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-resourcetemplate) | Field | Description | | --- | --- | | labels object (keys:string, values:string) | Labels specifies the Kubernetes labels to apply to a managed resource. | | annotations object (keys:string, values:string) | Annotations specifies the Kubernetes annotations to apply to a managed resource. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-monitoring)Monitoring Monitoring configures monitoring resources for Redpanda. See [Monitor Redpanda in Kubernetes](https://docs.redpanda.com/streaming/25.3/manage/kubernetes/monitoring/k-monitor-redpanda/) Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | enabled boolean | Specifies whether to create a ServiceMonitor that can be used by Prometheus Operator or VictoriaMetrics Operator to scrape the metrics. | | labels object (keys:string, values:string) | Adds custom labels to the ServiceMonitor resource. | | scrapeInterval string | Specifies how often to scrape metrics. | | tlsConfig RawExtension | Specifies tls configuration properties. | | enableHttp2 boolean | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-namefilter)NameFilter A filter based on the name of a resource Appears in: - [ShadowLinkConsumerOffsetSyncOptions](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkconsumeroffsetsyncoptions) - [ShadowLinkTopicMetadataSyncOptions](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinktopicmetadatasyncoptions) | Field | Description | | --- | --- | | name string | The resource name, or ""Note if the wildcar "" is used it must be the only characterand patternType must be literal | | filterType FilterType | Valid values:- include- exclude | | patternType PatternType | Default value is literal. Valid values:- literal- prefixed | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-oidcloginsecrets)OIDCLoginSecrets Appears in: - [AuthenticationSecrets](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-authenticationsecrets) | Field | Description | | --- | --- | | clientSecret string | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-password)Password Password specifies a password for the user. Appears in: - [UserAuthenticationSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-userauthenticationspec) | Field | Description | | --- | --- | | value string | Value is a hardcoded value to use for the given password. It should only be used for testing purposes.In production, use ValueFrom. | | valueFrom PasswordSource | ValueFrom specifies a source for a password to be fetched from when specifying or generating user credentials. | | noGenerate boolean | NoGenerate when set to true does not create kubernetes secret when ValueFrom points to none-existent secret. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-passwordsource)PasswordSource PasswordSource contains the source for a password. Appears in: - [Password](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-password) | Field | Description | | --- | --- | | secretKeyRef SecretKeySelector | SecretKeyRef specifies the secret used in reading a User password.If the Secret exists and has a value in it, then that value is used.If the Secret does not exist, or is empty, a password is generated andstored based on this configuration. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-patterntype)PatternType (string) PatternType specifies the type of pattern applied for ACL resource matching. Appears in: - [ACLResourceFilter](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclresourcefilter) - [ACLResourceSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclresourcespec) - [NameFilter](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-namefilter) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-persistentvolume)PersistentVolume PersistentVolume configures configurations for a PersistentVolumeClaim to use to store the Redpanda data directory. Appears in: - [Storage](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-storage) - [Tiered](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-tiered) | Field | Description | | --- | --- | | annotations object (keys:string, values:string) | Adds annotations to the PersistentVolumeClaims to provide additional information or metadata that can be used by other tools or libraries. | | enabled boolean | Specifies whether to enable the Helm chart to create PersistentVolumeClaims for Pods. | | labels object (keys:string, values:string) | Applies labels to the PersistentVolumeClaims to facilitate identification and selection based on custom criteria. | | size Quantity | Specifies the storage capacity required. | | storageClass string | Specifies the StorageClass for the PersistentVolumeClaims to determine how PersistentVolumes are provisioned and managed. | | nameOverwrite string | Option to change volume claim template name for tiered storage persistent volume if tiered.mountType is set to persistentVolume | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-podantiaffinity)PodAntiAffinity PodAntiAffinity configures Pod anti-affinity rules to prevent Pods from being scheduled together on the same node. Appears in: - [Statefulset](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-statefulset) | Field | Description | | --- | --- | | topologyKey string | TopologyKey specifies the topology key used to spread Pods across different nodes or other topologies. | | type string | Type defines the type of anti-affinity, such as soft or hard. | | weight integer | Weight sets the weight associated with the soft anti-affinity rule. | | custom RawExtension | Custom configures additional custom anti-affinity rules. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-podspecapplyconfiguration)PodSpecApplyConfiguration PodSpecApplyConfiguration is a wrapper around \[applycorev1.PodSpecApplyConfiguration\] that adds support for DeepCopying. Appears in: - [PodTemplate](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-podtemplate) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-podtemplate)PodTemplate PodTemplate will pass label and annotation to Statefulset Pod template. Appears in: - [PostInstallJob](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-postinstalljob) - [PostUpgradeJob](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-postupgradejob) - [Statefulset](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-statefulset) | Field | Description | | --- | --- | | labels object (keys:string, values:string) | | | annotations object (keys:string, values:string) | | | spec PodSpecApplyConfiguration | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-poolconfigurator)PoolConfigurator Appears in: - [PoolInitContainers](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-poolinitcontainers) | Field | Description | | --- | --- | | additionalCLIArgs string array | Chart default: [] | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-poolfsvalidator)PoolFSValidator Appears in: - [PoolInitContainers](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-poolinitcontainers) | Field | Description | | --- | --- | | enabled boolean | Chart default: false | | expectedFS string | Chart default: xfs | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-poolsetdatadirownership)PoolSetDataDirOwnership Appears in: - [PoolInitContainers](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-poolinitcontainers) | Field | Description | | --- | --- | | enabled boolean | Chart default: false | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-postinstalljob)PostInstallJob PostInstallJob configures configurations for the post-install job that run after installation of the Helm chart. Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | resources ResourceRequirements | Sets resource requirements (CPU, memory) for the job to ensure proper allocation and limit resource usage. | | annotations object (keys:string, values:string) | Adds annotations to the job to provide additional information or metadata that can be used by other tools or libraries. | | enabled boolean | Specifies whether the job is deployed. | | labels object (keys:string, values:string) | Applies labels to the job to facilitate identification and selection based on custom criteria. | | affinity Affinity | Affinity constraints for scheduling Pods. For details, see theKubernetes' documentation. | | securityContext SecurityContext | SecurityContext is deprecated. Prefer [PodTemplate.Spec.SecurityContext]or [PodTemplate.Spec.Containers[*].SecurityContext]. | | podTemplate PodTemplate | PodTemplate is a subset of Kubernetes' PodTemplate that will be mergedinto this Job’s PodTemplate. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-postupgradejob)PostUpgradeJob PostUpgradeJob configures configurations for the post-upgrade job that run after each upgrade of the Helm chart. Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | annotations object (keys:string, values:string) | Adds annotations to the job to provide additional information or metadata that can be used by other tools or libraries. | | enabled boolean | Specifies whether the job is deployed. | | labels object (keys:string, values:string) | Applies labels to the job to facilitate identification and selection based on custom criteria. | | extraEnv EnvVar array | Adds environment variables to the job container to configure its runtime behavior. | | extraEnvFrom EnvFromSource array | Specifies environment variables from external sources, such as ConfigMap resources, or Secret resources, to dynamically configure the job. | | resources ResourceRequirements | Sets resource requirements (CPU, memory) for the job to ensure proper allocation and limit resource usage. | | backoffLimit integer | | | affinity Affinity | Affinity constraints for scheduling Pods. For details, see theKubernetes' documentation. | | securityContext SecurityContext | SecurityContext is deprecated. Prefer [PodTemplate.Spec.SecurityContext]or [PodTemplate.Spec.Containers[*].SecurityContext]. | | podTemplate PodTemplate | PodTemplate is a subset of Kubernetes' PodTemplate that will be mergedinto this Job’s PodTemplate. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-probeapplyconfiguration)ProbeApplyConfiguration ProbeApplyConfiguration is a wrapper type that allows including a partial \[corev1.Probe\] in a CRD. Appears in: - [ConsoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec) - [ConsoleValues](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolevalues) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-rbac)RBAC RBAC configures role-based access control (RBAC). Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | annotations object (keys:string, values:string) | Adds custom annotations to the RBAC resources. | | enabled boolean | Whether RBAC is enabled. Enable for features that need extra privileges, such as rack awareness. If you use the Redpanda Operator, you must deploy it with the --set rbac.createRPKBundleCRs=true flag to give it the required ClusterRoles. | | rpkDebugBundle boolean | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-rpc)RPC RPC configures settings for the RPC API listeners. Appears in: - [Listeners](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-listeners) | Field | Description | | --- | --- | | port integer | Specifies the container port number for the internal listener. | | tls ListenerTLS | Configures TLS settings for the internal listener. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-rpcontrollers)RPControllers RPControllers configures additional controllers that can be deployed as sidecars in rp helm Appears in: - [SideCars](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-sidecars) | Field | Description | | --- | --- | | enabled boolean | Specifies whether the Controllers are enabled. | | resources ResourceRequirements | Specifies resource requests for the sidecar container.DEPRECATED: Use sideCars.resources | | securityContext SecurityContext | Specifies the container’s security context, including privileges and access levels of the container and its processes.DEPRECATED: Use sideCars.securityContext | | image RedpandaImage | | | healthProbeAddress string | | | metricsAddress string | | | pprofAddress string | | | run string array | | | createRBAC boolean | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-rackawareness)RackAwareness RackAwareness configures rack awareness in the Helm values. See [Enable Rack Awareness in Kubernetes](https://docs.redpanda.com/streaming/25.3/manage/kubernetes/k-rack-awareness/) Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | enabled boolean | Specifies whether rack awareness is enabled. When enabled, Kubernetes failure zones are treated as racks. Redpanda maps each rack to a failure zone and places partition replicas across them. Requires rbac.enabled set to true. | | nodeAnnotation string | Specifies the key in Node labels or annotations to use to denote failure zones. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-readinessprobe)ReadinessProbe ReadinessProbe configures readiness probes to determine when a Pod is ready to handle traffic. Appears in: - [RedpandaConsole](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaconsole) - [Statefulset](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-statefulset) | Field | Description | | --- | --- | | failureThreshold integer | Defines the threshold for how many times the probe can fail before the Pod is marked Unready. | | initialDelaySeconds integer | Sets the initial delay before the readiness probe is initiated, in seconds. | | periodSeconds integer | Configures the period, in seconds, between each readiness check. | | timeoutSeconds integer | | | successThreshold integer | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpanda)Redpanda Redpanda defines the CRD for Redpanda clusters. | Field | Description | | --- | --- | | apiVersion string | cluster.redpanda.com/v1alpha2 | | kind string | Redpanda | | kind string | Kind is a string value representing the REST resource this object represents.Servers may infer this from the endpoint the client submits requests to.Cannot be updated.In CamelCase.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | apiVersion string | APIVersion defines the versioned schema of this representation of an object.Servers should convert recognized schemas to the latest internal value, andmay reject unrecognized values.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | metadata ObjectMeta | Refer to the Kubernetes API documentation for fields of metadata. | | spec RedpandaSpec | Defines the desired state of the Redpanda cluster. | | status RedpandaStatus | Represents the current status of the Redpanda cluster. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaadminapisecrets)RedpandaAdminAPISecrets Appears in: - [RedpandaSecrets](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandasecrets) | Field | Description | | --- | --- | | password string | | | tlsCa string | | | tlsCert string | | | tlsKey string | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec)RedpandaClusterSpec RedpandaClusterSpec defines the desired state of a Redpanda cluster. These settings are the same as those defined in the Redpanda Helm chart. The values in these settings are passed to the Redpanda Helm chart through Flux. For all default values and links to more documentation, see [Kubernetes Helm Chart Specifications](https://docs.redpanda.com/streaming/25.3/reference/k-helm-index/) For descriptions and default values, see [Redpanda Helm Chart Specification](https://docs.redpanda.com/streaming/25.3/reference/k-redpanda-helm-spec/). Appears in: - [RedpandaSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaspec) | Field | Description | | --- | --- | | nameOverride string | Customizes the labels app.kubernetes.io/component=-statefulset and app.kubernetes.io/name= on the StatefulSet Pods. The default is redpanda. | | fullNameOverride string | Deprecated: use FullnameOverride (fullnameOverride). | | fullnameOverride string | Customizes the name of the StatefulSet and Services. The default is redpanda. | | clusterDomain string | Customizes the Kubernetes cluster domain. This domain is used to generate the internal domains of the StatefulSet Pods. For details, see https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id. The default is the cluster.local domain. | | commonLabels object (keys:string, values:string) | Assigns custom labels to all resources generated by the Redpanda Helm chart. Specify labels as key/value pairs. | | nodeSelector object (keys:string, values:string) | Specifies on which nodes a Pod should be scheduled. These key/value pairs ensure that Pods are scheduled onto nodes with the specified labels. | | tolerations Toleration array | Specifies tolerations to allow Pods to be scheduled onto nodes where they otherwise wouldn’t. | | image RedpandaImage | Defines the container image settings to use for the Redpanda cluster. | | imagePullSecrets LocalObjectReference array | Specifies credentials for a private image repository. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/. | | enterprise Enterprise | Defines an Enterprise license. | | rackAwareness RackAwareness | Defines rack awareness settings. | | console RedpandaConsole | Defines Redpanda Console settings.Deprecated: Use the dedicated Console CRD. | | connectors RedpandaConnectors | Defines Redpanda Connector settings.Deprecated, ignored, and unused as of v25.1.1 | | auth Auth | Defines authentication settings for listeners. | | tls TLS | Defines TLS settings for listeners. | | external External | Defines external access settings. | | logging Logging | Defines the log level settings. | | auditLogging AuditLogging | Defines the log level settings. | | resources Resources | Defines container resource settings. | | service Service | Defines settings for the headless ClusterIP Service. | | storage Storage | Defines storage settings for the Redpanda data directory and the Tiered Storage cache. | | post_install_job PostInstallJob | Defines settings for the post-install hook, which runs after each install or upgrade. For example, this job is responsible for setting the Enterprise license, if specified. | | post_upgrade_job PostUpgradeJob | Defines settings for the post-upgrade hook, which runs after each update. For example, this job is responsible for setting cluster configuration properties and restarting services such as Schema Registry, if required. | | statefulset Statefulset | Defines settings for the StatefulSet that manages Redpanda brokers. | | tuning Tuning | Defines settings for the autotuner tool in Redpanda. The autotuner identifies the hardware configuration in the container and optimizes the Linux kernel to give you the best performance. | | listeners Listeners | Defines settings for listeners, including HTTP Proxy, Schema Registry, the Admin API and the Kafka API. | | config Config | Defines configuration properties supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these values from the defaults comes with some risk. Use these properties to customize various Redpanda configurations that are not available in the RedpandaClusterSpec. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup. | | rbac RBAC | Defines Role Based Access Control (RBAC) settings. | | serviceAccount ServiceAccount | Defines Service account settings. | | monitoring Monitoring | Defines settings for monitoring Redpanda. | | force boolean | Adds the --force flag in helm upgrade commands. Used for allowing a change of TLS configuration for the RPC listener.Setting force to true will result in a short period of downtime. | | affinity Affinity | Affinity constraints for scheduling Pods, can override this forStatefulSets and Jobs. For details, see the [Kubernetesdocumentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). | | license_key string | Deprecated: Use enterprise.license instead. | | license_secret_ref LicenseSecretRef | Deprecated: Use enterprise.licenseSecretRef instead. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaconnectors)RedpandaConnectors RedpandaConnectors configures Redpanda Connectors. Redpanda Connectors is a package that includes Kafka Connect and built-in connectors, sometimes known as plugins. See [Deploy Kafka Connect in Kubernetes](https://docs.redpanda.com/streaming/25.3/deploy/kafka-connect/k-deploy-kafka-connect/) Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | enabled boolean | | | test ConnectorsCreateObj | Specifies whether to create Helm tests. | | monitoring ConnectorMonitoring | Specifies monitoring resources | | connectors RawExtension | Connectors specified manual configurations | | deployment RawExtension | Connectors specified manual configurations | | nameOverride string | Specifies a custom name for the Redpanda Console resources, overriding the default naming convention. | | fullnameOverride string | Specifies a full custom name, which overrides the entire naming convention including release name and chart name. | | commonLabels object (keys:string, values:string) | Assigns custom labels to all resources generated by the Connector Helm chart. Specify labels as key/value pairs. | | tolerations Toleration array | Applies tolerations to allow Pods to be scheduled on nodes with matching taints, enabling control over where Pods can run. | | image RedpandaImage | Defines the container image settings to use for the Redpanda cluster. | | imagePullSecrets LocalObjectReference array | Specifies credentials for a private image repository. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/. | | auth RawExtension | Specifies superuser credentials | | container RawExtension | Specifies container information | | storage RawExtension | Specifies storage information | | logging RawExtension | Specifies logging details | | service RawExtension | Specifies service details | | serviceAccount RawExtension | Specifies service account details | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaconsole)RedpandaConsole RedpandaConsole is the union of console.PartialValues (earlier or equal to v0.7.31 Console version) and consolev3.PartialValues (after v0.7.31 Console version). Use these settings to configure the subchart. For more details on each setting, see the Helm values for the Redpanda Console chart: [https://artifacthub.io/packages/helm/redpanda-data/console?modal=values](https://artifacthub.io/packages/helm/redpanda-data/console?modal=values) Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | enabled boolean | Specifies whether the Redpanda Console subchart should be deployed. | | replicaCount integer | Sets the number of replicas for the Redpanda Console Deployment resource. | | nameOverride string | Specifies a custom name for the Redpanda Console resources, overriding the default naming convention. | | fullnameOverride string | Specifies a full custom name, which overrides the entire naming convention including release name and chart name. | | commonLabels object (keys:string, values:string) | | | priorityClassName string | Specifies the priority class name for the Pods that run Redpanda Console. | | image RawExtension | Defines the container image for the Redpanda Console, including the repository, name, and tag. | | imagePullSecrets RawExtension array | Defines Secrets used to pull the container images from a private registry. | | serviceAccount RawExtension | Configures the ServiceAccount used by the Pods that run Redpanda Console. | | annotations RawExtension | | | podAnnotations RawExtension | Adds custom annotations to the Pods that run Redpanda Console. | | podLabels RawExtension | Adds custom labels to the Pods that run Redpanda Console. | | podSecurityContext RawExtension | | | securityContext RawExtension | Sets the security context for the Pods that run Redpanda Console. | | service RawExtension | Configures the Kubernetes Service for Redpanda Console. | | ingress RawExtension | Configures the Kubernetes Ingress resource for Redpanda Console. | | resources RawExtension | Configures resource requests and limits for the Pods that run Redpanda Console. | | autoscaling RawExtension | Configures Horizontal Pod Autoscaling (HPA) for Redpanda Console. | | nodeSelector RawExtension | Specifies Node labels for Pod assignment. | | tolerations RawExtension array | Specifies tolerations for scheduling Pods onto Nodes with taints. | | affinity RawExtension | Defines affinity rules for Pod assignment. | | topologySpreadConstraints RawExtension | Specifies topology spread constraints for Pod placement. | | extraEnv RawExtension array | Adds extra environment variables to the Pods that run Redpanda Console. | | extraEnvFrom RawExtension array | Allows you to add extra environment variables from external resources to the Pods that run Redpanda Console. | | extraVolumes RawExtension array | Adds extra volumes to the Pods that run Redpanda Console. | | extraVolumeMounts RawExtension array | Mounts additional volumes inside the containers that run Redpanda Console. | | extraContainers RawExtension array | Adds extra containers to the Pods that run Redpanda Console. | | initContainers RawExtension | Specifies init containers for the Pods that run Redpanda Console. | | secretMounts RawExtension array | Mounts additional Secret resources inside the containers that run Redpanda Console. | | configmap ConsoleCreateObj | Deprecated: this field exists for storage backwards compatibility and isnever used. Prefer ConfigMap (configmap). | | configMap ConsoleCreateObj | Specifies whether a ConfigMap should be created for Redpanda Console. | | secret RawExtension | Specifies whether a Secret should be created for Redpanda Console. | | deployment RawExtension | Specifies whether a Deployment should be created for Redpanda Console. | | config RawExtension | Configures custom settings for Redpanda Console.config is available in Console chart version after v0.7.31 semver | | strategy RawExtension | Configures console’s Deployment’s update strategy. | | licenseSecretRef SecretKeySelector | Defines a reference to Kubernetes Secret that points to a Redpanda Enterprise license.Please consider use Enterprise in RedpandaClusterSpec type.licenseSecretRef is available in Console chart version after v0.7.31 semver | | automountServiceAccountToken boolean | Automount API credentials for the Service Account into the pod. | | readinessProbe ReadinessProbe | Settings for console’s Deployment’s readiness probe. | | livenessProbe LivenessProbe | Settings for console’s Deployment’s liveness probe. | | console RawExtension | Deprecated: Use config insteadconsole is available in Console chart version earlier or equal to v0.7.31 | | enterprise RawExtension | Deprecated: Use licenseSecretRef instead.enterprise is available in Console chart version earlier or equal to v0.7.31 | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaimage)RedpandaImage RedpandaImage configures the Redpanda container image settings in the Helm values. Appears in: - [RPControllers](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-rpcontrollers) - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) - [RedpandaConnectors](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaconnectors) - [SideCars](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-sidecars) | Field | Description | | --- | --- | | repository string | Specifies the image repository to pull from. | | tag string | Specifies the image tag. | | pullPolicy string | Specifies the strategy used for pulling images from the repository. For available values, see https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandalicensestatus)RedpandaLicenseStatus Appears in: - [RedpandaStatus](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandastatus) | Field | Description | | --- | --- | | violation boolean | | | inUseFeatures string array | | | expired boolean | | | type string | | | organization string | | | expiration Time | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandamemory)RedpandaMemory RedpandaMemory allows you to optionally specify the memory size for the Redpanda process, including the Seastar subsystem. By default, this section is omitted, and memory sizes are calculated automatically based on the container’s total memory allocation. When you configure this section and manually set the memory and reserveMemory values, the automatic calculation is disabled. If you are setting these values manually, follow these guidelines carefully. Incorrect settings can lead to performance degradation, instability, or even data loss. The total memory allocated to a container is determined as the sum of the following two areas: - Redpanda (including Seastar): Defined by the `--memory` parameter. Includes the memory used by the Redpanda process and the reserved memory allocated for Seastar. A minimum of 2Gi per core is required, and this value typically accounts for ~80% of the container’s total memory. For production, allocate at least 8Gi. - Operating system (OS): Defined by the `--reserve-memory` parameter. Represents the memory available for the operating system and other processes within the container. Appears in: - [Memory](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-memory) | Field | Description | | --- | --- | | memory Quantity | Memory for the Redpanda process. This must be lower than the container’s memory (resources.memory.container.min if provided, otherwise resources.memory.container.max). Equivalent to --memory. For production, use 8Gi or greater. | | reserveMemory Quantity | Memory reserved for the OS. Any value above 1Gi will provide diminishing performance benefits. Equivalent to --reserve-memory. For production, use 1Gi. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandarole)RedpandaRole RedpandaRole defines the CRD for a Redpanda role. | Field | Description | | --- | --- | | apiVersion string | cluster.redpanda.com/v1alpha2 | | kind string | RedpandaRole | | kind string | Kind is a string value representing the REST resource this object represents.Servers may infer this from the endpoint the client submits requests to.Cannot be updated.In CamelCase.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | apiVersion string | APIVersion defines the versioned schema of this representation of an object.Servers should convert recognized schemas to the latest internal value, andmay reject unrecognized values.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | metadata ObjectMeta | Refer to the Kubernetes API documentation for fields of metadata. | | spec RoleSpec | Defines the desired state of the Redpanda role. | | status RoleStatus | Represents the current status of the Redpanda role. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandasecrets)RedpandaSecrets Appears in: - [SecretConfig](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-secretconfig) | Field | Description | | --- | --- | | adminApi RedpandaAdminAPISecrets | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaspec)RedpandaSpec RedpandaSpec defines the desired state of the Redpanda cluster. Appears in: - [Redpanda](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpanda) | Field | Description | | --- | --- | | chartRef ChartRef | Defines chart details, including the version and repository. | | clusterSpec RedpandaClusterSpec | Defines the Helm values to use to deploy the cluster. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandastatus)RedpandaStatus RedpandaStatus defines the observed state of Redpanda Appears in: - [Redpanda](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpanda) | Field | Description | | --- | --- | | conditions Condition array | Conditions holds the conditions for the Redpanda. | | license RedpandaLicenseStatus | LicenseStatus contains information about the current state of anyinstalled license in the Redpanda cluster. | | configVersion string | ConfigVersion contains the configuration version written inRedpanda used for restarting broker nodes as necessary. | | observedGeneration integer | Deprecated | | lastHandledReconcileAt string | Deprecated | | lastAppliedRevision string | Deprecated | | lastAttemptedRevision string | Deprecated | | helmRelease string | Deprecated | | helmReleaseReady boolean | Deprecated | | helmRepository string | Deprecated | | helmRepositoryReady boolean | Deprecated | | upgradeFailures integer | Deprecated | | failures integer | Failures is the reconciliation failure count against the latest desiredstate. It is reset after a successful reconciliation.deprecated | | installFailures integer | Deprecated | | decommissioningNode integer | Deprecated | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-resourcetemplate)ResourceTemplate ResourceTemplate specifies additional configuration for a resource. Appears in: - [UserTemplateSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-usertemplatespec) | Field | Description | | --- | --- | | metadata MetadataTemplate | Refer to the Kubernetes API documentation for fields of metadata. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-resourcetype)ResourceType (string) ResourceType specifies the type of resource an ACL is applied to. Appears in: - [ACLResourceFilter](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclresourcefilter) - [ACLResourceSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-aclresourcespec) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-resources)Resources RedpandaResources encapsulates the calculation of the redpanda container’s [corev1.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#resourcerequirements-v1-core) and parameters such as `--memory`, `--reserve-memory`, and `--smp`. This calculation supports two modes: - Explicit mode (recommended): Activated when `Limits` and `Requests` are set. In this mode, the CLI flags are calculated directly based on the provided `Limits` and `Requests`. This mode ensures predictable resource allocation and is recommended for production environments. If additional tuning is required, the CLI flags can be manually overridden using `statefulset.additionalRedpandaCmdFlags`. - Legacy mode (default): Used when `Limits` and `Requests` are not set. In this mode, the container resources and CLI flags are calculated using built-in default logic, where 80% of the container’s memory is allocated to Redpanda and the rest is reserved for system overhead. Legacy mode is intended for backward compatibility and less controlled environments. Explicit mode offers better control and aligns with Kubernetes best practices. Legacy mode is a fallback for users who have not defined `Limits` and `Requests`. Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | limits Quantity | | | requests Quantity | | | cpu CPU | Specifies the number of CPU cores. | | memory Memory | Specifies the amount of memory. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-roleauthorizationspec)RoleAuthorizationSpec RoleAuthorizationSpec defines authorization rules for this role. Appears in: - [RoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-rolespec) | Field | Description | | --- | --- | | acls ACLRule array | List of ACL rules which should be applied to this role. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-rolespec)RoleSpec RoleSpec defines the configuration of a Redpanda role. Appears in: - [RedpandaRole](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandarole) | Field | Description | | --- | --- | | cluster ClusterSource | ClusterSource is a reference to the cluster where the role should be created.It is used in constructing the client created to configure a cluster. | | principals string array | Principals defines the list of users assigned to this role.Format: Type:Name (e.g., User:john, User:jane). If type is omitted, defaults to User. | | authorization RoleAuthorizationSpec | Authorization rules defined for this role. If specified, the operator will manage ACLs for this role.If omitted, ACLs should be managed separately using Redpanda’s ACL management. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-rolestatus)RoleStatus RoleStatus defines the observed state of a Redpanda role Appears in: - [RedpandaRole](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandarole) | Field | Description | | --- | --- | | observedGeneration integer | Specifies the last observed generation. | | conditions Condition array | Conditions holds the conditions for the Redpanda role. | | managedAcls boolean | ManagedACLs returns whether the role has managed ACLs that needto be cleaned up. | | managedRole boolean | ManagedRole returns whether the role has been created in Redpanda and needsto be cleaned up. | | managedPrincipals boolean | ManagedPrincipals returns whether the role has managed principals (membership)that are being reconciled by the operator. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-sasl)SASL SASL configures SASL authentication in the Helm values. Appears in: - [Auth](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-auth) | Field | Description | | --- | --- | | enabled boolean | Enables SASL authentication. If you enable SASL authentication, you must provide a Secret name in secretRef. | | mechanism string | Specifies the default authentication mechanism to use for superusers. Options are SCRAM-SHA-256 and SCRAM-SHA-512. | | secretRef string | If users is empty, secretRef specifies the name of the Secret that contains your superuser credentials in the format ::. Otherwise, secretRef specifies the name of the Secret that the chart creates to store the credentials in users. | | users UsersItems array | Specifies a list of superuser credentials. | | bootstrapUser BootstrapUser | Specifies configuration about the bootstrap user. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-saslmechanism)SASLMechanism (string) SASLMechanism specifies a SASL auth mechanism. Appears in: - [AdminSASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-adminsasl) - [KafkaSASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasasl) - [SchemaRegistrySASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaregistrysasl) - [UserAuthenticationSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-userauthenticationspec) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schema)Schema Schema defines the CRD for a Redpanda schema. | Field | Description | | --- | --- | | apiVersion string | cluster.redpanda.com/v1alpha2 | | kind string | Schema | | kind string | Kind is a string value representing the REST resource this object represents.Servers may infer this from the endpoint the client submits requests to.Cannot be updated.In CamelCase.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | apiVersion string | APIVersion defines the versioned schema of this representation of an object.Servers should convert recognized schemas to the latest internal value, andmay reject unrecognized values.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | metadata ObjectMeta | Refer to the Kubernetes API documentation for fields of metadata. | | spec SchemaSpec | Defines the desired state of the Redpanda schema. | | status SchemaStatus | Represents the current status of the Redpanda schema. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemareference)SchemaReference SchemaReference is a way for a one schema to reference another. The details for how referencing is done are type specific; for example, JSON objects that use the key "$ref" can refer to another schema via URL. Appears in: - [SchemaSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaspec) | Field | Description | | --- | --- | | name string | | | subject string | | | version integer | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaregistry)SchemaRegistry SchemaRegistry configures settings for the Schema Registry listeners. Appears in: - [Listeners](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-listeners) | Field | Description | | --- | --- | | enabled boolean | Specifies whether this Listener is enabled. | | authenticationMethod string | Specifies the authentication method for this listener. For example, 'mtls_identity', sasl or http_basic. | | appProtocol string | | | port integer | Specifies the container port number for this listener. | | tls ListenerTLS | Configures TLS settings for the internal listener. | | prefixTemplate string | Specifies the template used for generating the advertised addresses ofServices. This field accepts a string template that dynamicallyconstructs Service addresses based on various parameters such as Servicename and port number.For historical backwards compatibility, this field is present on bothinternal and external listeners. However, it is ignored when specifiedon internal listeners. | | external object (keys:string, values:ExternalListener) | Defines settings for the external listeners. | | kafkaEndpoint string | Configures the listener to use for HTTP connections. For example default for the internal listener.deprecated and not respected. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaregistrysasl)SchemaRegistrySASL SchemaRegistrySASL configures credentials to connect to Redpanda cluster that has authentication enabled. Appears in: - [SchemaRegistrySpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaregistryspec) | Field | Description | | --- | --- | | username string | Specifies the username. | | password ValueSource | Specifies the password. | | authToken ValueSource | | | mechanism SASLMechanism | Specifies the SASL/SCRAM authentication mechanism. | | passwordSecretRef SecretKeyRef | Deprecated: use password instead | | token SecretKeyRef | Deprecated: use authToken instead | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaregistrysecrets)SchemaRegistrySecrets Appears in: - [SecretConfig](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-secretconfig) | Field | Description | | --- | --- | | bearerToken string | | | password string | | | tlsCa string | | | tlsCert string | | | tlsKey string | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaregistryspec)SchemaRegistrySpec SchemaRegistrySpec defines client configuration for connecting to Redpanda’s admin API. Appears in: - [StaticConfigurationSource](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-staticconfigurationsource) | Field | Description | | --- | --- | | urls string array | Specifies a list of broker addresses in the format : | | tls CommonTLS | Defines TLS configuration settings for Redpanda clusters that have TLS enabled. | | sasl SchemaRegistrySASL | Defines authentication configuration settings for Redpanda clusters that have authentication enabled. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaspec)SchemaSpec SchemaSpec defines the configuration of a Redpanda schema. Appears in: - [Schema](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schema) | Field | Description | | --- | --- | | cluster ClusterSource | ClusterSource is a reference to the cluster hosting the schema registry.It is used in constructing the client created to configure a cluster. | | text string | Text is the actual unescaped text of a schema. | | schemaType SchemaType | Type is the type of a schema. The default type is avro. | | references SchemaReference array | References declares other schemas this schema references. See thedocs on SchemaReference for more details. | | compatibilityLevel CompatibilityLevel | CompatibilityLevel sets the compatibility level for the given schema | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemastatus)SchemaStatus SchemaStatus defines the observed state of a Redpanda schema. Appears in: - [Schema](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schema) | Field | Description | | --- | --- | | observedGeneration integer | Specifies the last observed generation. | | conditions Condition array | Conditions holds the conditions for the Redpanda schema. | | versions integer array | Versions shows the versions of a given schema | | schemaHash string | SchemaHash is the hashed value of the schema synced to the cluster | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schematype)SchemaType (string) SchemaType specifies the type of the given schema. Appears in: - [SchemaSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaspec) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-secretconfig)SecretConfig Appears in: - [ConsoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec) - [ConsoleValues](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolevalues) | Field | Description | | --- | --- | | create boolean | | | kafka KafkaSecrets | | | authentication AuthenticationSecrets | | | license string | | | redpanda RedpandaSecrets | | | serde SerdeSecrets | | | schemaRegistry SchemaRegistrySecrets | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-secretkeyref)SecretKeyRef Deprecated: SecretKeyRef contains enough information to inspect or modify the referred Secret data See [https://pkg.go.dev/k8s.io/api/core/v1#ObjectReference](https://pkg.go.dev/k8s.io/api/core/v1#ObjectReference). Appears in: - [AdminSASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-adminsasl) - [CommonTLS](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-commontls) - [KafkaSASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasasl) - [KafkaSASLAWSMskIam](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasaslawsmskiam) - [KafkaSASLGSSAPI](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasaslgssapi) - [KafkaSASLOAuthBearer](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasasloauthbearer) - [SchemaRegistrySASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaregistrysasl) | Field | Description | | --- | --- | | name string | Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names | | key string | Key in Secret data to get value from | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-secretmount)SecretMount Appears in: - [ConsoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec) - [ConsoleValues](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolevalues) | Field | Description | | --- | --- | | name string | | | secretName string | | | path string | | | subPath string | | | defaultMode integer | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-secretref)SecretRef SecretRef configures the Secret resource that contains existing TLS certificates. Appears in: - [Certificate](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-certificate) | Field | Description | | --- | --- | | name string | Specifies the name of the Secret resource. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-secretwithconfigfield)SecretWithConfigField Appears in: - [CredentialSecretRef](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-credentialsecretref) | Field | Description | | --- | --- | | key string | | | name string | | | configurationKey string | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-serdesecrets)SerdeSecrets Appears in: - [SecretConfig](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-secretconfig) | Field | Description | | --- | --- | | protobufGitBasicAuthPassword string | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-service)Service Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | name string | | | internal ServiceInternal | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-serviceaccount)ServiceAccount ServiceAccount configures Service Accounts. Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | automountServiceAccountToken boolean | Specifies whether a service account should automount API-Credentials | | annotations object (keys:string, values:string) | Adds custom annotations to the ServiceAccount resources. | | create boolean | Specifies whether a ServiceAccount should be created. | | name string | Specifies the name of the ServiceAccount. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-serviceaccountconfig)ServiceAccountConfig Appears in: - [ConsoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec) - [ConsoleValues](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolevalues) | Field | Description | | --- | --- | | automountServiceAccountToken boolean | | | annotations object (keys:string, values:string) | | | name string | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-serviceconfig)ServiceConfig Appears in: - [ConsoleSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolespec) - [ConsoleValues](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-consolevalues) | Field | Description | | --- | --- | | type ServiceType | | | port integer | | | nodePort integer | | | targetPort integer | | | annotations object (keys:string, values:string) | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-serviceinternal)ServiceInternal Appears in: - [Service](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-service) | Field | Description | | --- | --- | | annotations object (keys:string, values:string) | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-setdatadirownership)SetDataDirOwnership SetDataDirOwnership defines the settings related to ownership of the Redpanda data directory in environments where root access is restricted. Appears in: - [InitContainers](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-initcontainers) | Field | Description | | --- | --- | | enabled boolean | Specifies whether to enable root access. Enable only in environments where root access is not allowed, such as minikube. | | extraVolumeMounts string | Adds extra volume mounts. | | resources ResourceRequirements | Specifies the resource requirements. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-settieredstoragecachedirownership)SetTieredStorageCacheDirOwnership SetTieredStorageCacheDirOwnership configures the settings related to ownership of the Tiered Storage cache in environments where root access is restricted. Appears in: - [InitContainers](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-initcontainers) | Field | Description | | --- | --- | | extraVolumeMounts string | | | resources ResourceRequirements | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlink)ShadowLink ShadowLink defines the CRD for ShadowLink cluster configuration. | Field | Description | | --- | --- | | apiVersion string | cluster.redpanda.com/v1alpha2 | | kind string | ShadowLink | | kind string | Kind is a string value representing the REST resource this object represents.Servers may infer this from the endpoint the client submits requests to.Cannot be updated.In CamelCase.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | apiVersion string | APIVersion defines the versioned schema of this representation of an object.Servers should convert recognized schemas to the latest internal value, andmay reject unrecognized values.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | metadata ObjectMeta | Refer to the Kubernetes API documentation for fields of metadata. | | spec ShadowLinkSpec | | | status ShadowLinkStatus | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkconsumeroffsetsyncoptions)ShadowLinkConsumerOffsetSyncOptions Options for syncing consumer offsets Appears in: - [ShadowLinkSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkspec) | Field | Description | | --- | --- | | interval Duration | Sync intervalIf 0 provided, defaults to 30 seconds | | paused boolean | Allows user to pause the consumer offset sync task. If paused, thenthe task will enter the 'paused' state and not sync consumer offsets fromthe source cluster | | groupFilters NameFilter array | The filters | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkschemaregistrysyncoptions)ShadowLinkSchemaRegistrySyncOptions Options for syncing schema registry settings Appears in: - [ShadowLinkSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkspec) | Field | Description | | --- | --- | | schema_registry_shadowing_mode ShadowLinkSchemaRegistrySyncOptionsMode | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkschemaregistrysyncoptionsmode)ShadowLinkSchemaRegistrySyncOptionsMode (string) Appears in: - [ShadowLinkSchemaRegistrySyncOptions](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkschemaregistrysyncoptions) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinksecuritysettingssyncoptions)ShadowLinkSecuritySettingsSyncOptions Options for syncing security settings Appears in: - [ShadowLinkSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkspec) | Field | Description | | --- | --- | | interval Duration | Sync intervalIf 0 provided, defaults to 30 seconds | | paused boolean | Allows user to pause the security settings sync task. If paused,then the task will enter the 'paused' state and will not sync securitysettings from the source cluster | | aclFilters ACLFilter array | ACL filters | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkspec)ShadowLinkSpec Appears in: - [ShadowLink](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlink) | Field | Description | | --- | --- | | shadowCluster ClusterSource | | | sourceCluster ClusterSource | | | topicMetadataSyncOptions ShadowLinkTopicMetadataSyncOptions | Topic metadata sync options | | consumerOffsetSyncOptions ShadowLinkConsumerOffsetSyncOptions | Consumer offset sync options | | securitySyncOptions ShadowLinkSecuritySettingsSyncOptions | Security settings sync options | | schemaRegistrySyncOptions ShadowLinkSchemaRegistrySyncOptions | options for schema registry | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkstate)ShadowLinkState (string) State of the shadow link Appears in: - [ShadowLinkStatus](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkstatus) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkstatus)ShadowLinkStatus ShadowLinkStatus defines the observed state of any node pools tied to this cluster Appears in: - [ShadowLink](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlink) | Field | Description | | --- | --- | | state ShadowLinkState | State of the shadow link | | taskStatuses ShadowLinkTaskStatus array | Statuses of the running tasks | | shadowTopicStatuses ShadowTopicStatus array | Status of shadow topics | | conditions Condition array | Conditions holds the conditions for the ShadowLink. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinktaskstatus)ShadowLinkTaskStatus Appears in: - [ShadowLinkStatus](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkstatus) | Field | Description | | --- | --- | | lastTransitionTime Time | | | name string | Name of the task | | state TaskState | State of the task | | reason string | Reason for task being in state | | brokerId integer | The broker the task is running on | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinktopicmetadatasyncoptions)ShadowLinkTopicMetadataSyncOptions Options for syncing topic metadata Appears in: - [ShadowLinkSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkspec) | Field | Description | | --- | --- | | interval Duration | How often to sync metadataIf 0 provided, defaults to 30 seconds | | autoCreateShadowTopicFilters NameFilter array | List of filters that indicate which topics should be automaticallycreated as shadow topics on the shadow cluster. This only controlsautomatic creation of shadow topics and does not effect the state of themirror topic once it is created.Literal filters for consumer_offsets and redpanda.audit_log will berejected as well as prefix filters to match topics prefixed with_redpanda or redpanda.Wildcard * is permitted only for literal filters and will _not matchany topics that start with _redpanda or redpanda. If users wish toshadow topics that start with _redpanda or redpanda, they shouldprovide a literal filter for those topics. | | syncedShadowTopicProperties string array | List of topic properties that should be synced from the source topic.The following properties will always be replicated- Partition count- max.message.bytes- cleanup.policy- timestamp.typeThe following properties are not allowed to be replicated and adding themto this list will result in an error:- redpanda.remote.readreplica- redpanda.remote.recovery- redpanda.remote.allowgaps- redpanda.virtual.cluster.id- redpanda.leaders.preference- redpanda.cloud_topic.enabledThis list is a list of properties in addition to the default propertiesthat will be synced. See excludeDefault. | | excludeDefault boolean | If false, then the following topic properties will be synced by default:- compression.type- retention.bytes- retention.ms- delete.retention.ms- Replication Factor- min.compaction.lag.ms- max.compaction.lag.msIf this is true, then only the properties listed insynced_shadow_topic_properties will be synced. | | startOffset TopicMetadataSyncOffset | The starting offset for new shadow topic partitions.Defaults to earliest.Only applies if the shadow partition is empty. | | startOffsetTimestamp Time | The timestamp to start at if startOffset` is set to "timestamp".Not providing this when setting startOffset to "timestamp" isan error. | | paused boolean | Allows user to pause the topic sync task. If paused, thenthe task will enter the 'paused' state and not sync topics or theirproperties from the source cluster | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowtopicstate)ShadowTopicState (string) State of a shadow topic Appears in: - [ShadowTopicStatus](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowtopicstatus) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowtopicstatus)ShadowTopicStatus Status of a ShadowTopic Appears in: - [ShadowLinkStatus](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinkstatus) | Field | Description | | --- | --- | | lastTransitionTime Time | | | name string | Name of the shadow topic | | topicId string | Topic ID of the shadow topic | | state ShadowTopicState | State of the shadow topic | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-sidecarobj)SideCarObj SideCarObj represents a generic sidecar object. This is a placeholder for now. Appears in: - [SideCars](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-sidecars) | Field | Description | | --- | --- | | enabled boolean | | | resources ResourceRequirements | Specifies resource requests for the sidecar container.DEPRECATED: Use sideCars.resources | | securityContext SecurityContext | Specifies the container’s security context, including privileges and access levels of the container and its processes.DEPRECATED: Use sideCars.securityContext | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-sidecars)SideCars SideCars configures the additional sidecar containers that run alongside the main Redpanda container in the Pod. Appears in: - [Statefulset](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-statefulset) | Field | Description | | --- | --- | | image RedpandaImage | | | extraVolumeMounts string | Specifies additional volumes to mount to the sidecar. | | resources ResourceRequirements | Specifies resource requests for the sidecar container. | | securityContext SecurityContext | Specifies the container’s security context, including privileges and access levels of the container and its processes. | | args string array | | | configWatcher ConfigWatcher | Configures the config-watcher sidecar. The config-watcher sidecar polls the Secret resource in auth.sasl.secretRef for changes and triggers a rolling upgrade to add the new superusers to the Redpanda cluster. | | rpkStatus SideCarObj | | | controllers RPControllers | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-startupprobe)StartupProbe StartupProbe configures the startup probe to determine when the Redpanda application within the Pod has started successfully. Appears in: - [Statefulset](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-statefulset) | Field | Description | | --- | --- | | failureThreshold integer | Determines the failure threshold to mark the application in the Pod as not started. | | initialDelaySeconds integer | Specifies the delay in seconds before the startup probe begins. | | periodSeconds integer | Sets the period in seconds for conducting subsequent probes. | | timeoutSeconds integer | | | successThreshold integer | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-statefulset)Statefulset Statefulset defines configurations for the StatefulSet in Helm values. Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | additionalSelectorLabels object (keys:string, values:string) | | | additionalRedpandaCmdFlags string array | Includes additional command flags for Redpanda at startup to customize its runtime behavior. | | annotations object (keys:string, values:string) | Adds annotations to the StatefulSet to provide additional information or metadata.Please use PodTemplate to add additional annotation or labels for Pods managed by Statefulset. | | podTemplate PodTemplate | PodTemplate is a subset of Kubernetes' PodTemplate that will be mergedinto this StatefulSet’s PodTemplate. | | budget Budget | Defines the management of disruptions affecting the Pods in the StatefulSet. | | extraVolumeMounts string | Specifies extra volume mounts for the Pods. | | extraVolumes string | Defines additional volumes for the Pods. | | initContainerImage InitContainerImage | Defines the init container image used to perform initial setup tasks before the main containers start. | | initContainers InitContainers | Configures the init container used to perform initial setup tasks before the main containers start. | | livenessProbe LivenessProbe | Defines liveness probes to monitor the health of the Pods and restart them if necessary. | | nodeSelector object (keys:string, values:string) | Applies node selectors to schedule Pods on specific nodes based on labels. | | podAffinity PodAffinity | Defines Pod affinity rules to influence the scheduling and placement of Pods relative to other Pods. | | podAntiAffinity PodAntiAffinity | Defines Pod anti-affinity rules to prevent Pods from being scheduled together on the same node. | | priorityClassName string | Defines the priority class name to assign priority levels to the Pods, influencing their scheduling order. | | readinessProbe ReadinessProbe | Defines readiness probes to determine when a Pod is ready to handle traffic. | | replicas integer | Specifies the number of replicas to determine the desired number of Pods (Redpanda brokers) in the StatefulSet. | | securityContext SecurityContext | Sets a security context for the Pods to define privilege and access control settings. | | sideCars SideCars | Defines the additional sidecar containers that run alongside the main Redpanda container in the Pod. | | skipChown boolean | Specifies whether to skip the changing of file ownership (chown) during Pod initialization. | | startupProbe StartupProbe | Configures the startup probe to determine when the Redpanda application within the Pod has started successfully. | | tolerations Toleration array | Applies tolerations to allow Pods to be scheduled on nodes with matching taints, enabling control over where Pods can run. | | topologySpreadConstraints TopologySpreadConstraints array | Defines topology spread constraints to control how Pods are spread across different topology domains. | | updateStrategy UpdateStrategy | Defines the update strategy for the StatefulSet to manage how updates are rolled out to the Pods. | | terminationGracePeriodSeconds integer | Specifies the termination grace period in seconds to control the time delay before forcefully terminating a Pod. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-staticconfigurationsource)StaticConfigurationSource StaticConfigurationSource configures connections to a Redpanda cluster via hard-coded connection strings and manually configured TLS and authentication parameters. Appears in: - [ClusterSource](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-clustersource) | Field | Description | | --- | --- | | kafka KafkaAPISpec | Kafka is the configuration information for communicating with the KafkaAPI of a Redpanda cluster where the object should be created. | | admin AdminAPISpec | AdminAPISpec is the configuration information for communicating with the AdminAPI of a Redpanda cluster where the object should be created. | | schemaRegistry SchemaRegistrySpec | SchemaRegistry is the configuration information for communicating with the Schema RegistryAPI of a Redpanda cluster where the object should be created. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-storage)Storage Storage configures storage-related settings in the Helm values. See [Storage for Redpanda in Kubernetes](https://docs.redpanda.com/streaming/25.3/manage/kubernetes/storage/) Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | hostPath string | Specifies the absolute path on the worker node to store the Redpanda data directory. If unspecified, then an emptyDir volume is used. If specified but persistentVolume.enabled is true, storage.hostPath has no effect. | | persistentVolume PersistentVolume | Configures a PersistentVolumeClaim (PVC) template to create for each Pod. This PVC is used to store the Redpanda data directory. | | tiered Tiered | Configures storage for the Tiered Storage cache. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-tls)TLS TLS configures TLS in the Helm values. See [TLS for Redpanda in Kubernetes](https://docs.redpanda.com/streaming/25.3/manage/kubernetes/security/tls/) Appears in: - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | certs object (keys:string, values:Certificate) | Lists all available certificates in the cluster. You can reference a specific certificate’s name in each listener’s listeners..tls.cert setting. | | enabled boolean | Enables TLS globally for all listeners. Each listener must include a certificate name in its .tls object. To allow you to enable TLS for individual listeners, certificates are always loaded, even if TLS is disabled. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-taskstate)TaskState (string) Task states Appears in: - [ShadowLinkTaskStatus](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinktaskstatus) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-tiered)Tiered Tiered configures storage for the Tiered Storage cache. See [Tiered Storage in Kubernetes](https://docs.redpanda.com/streaming/25.3/manage/kubernetes/tiered-storage/) Appears in: - [Storage](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-storage) | Field | Description | | --- | --- | | mountType string | mountType can be one of:none: Does not mount a volume. Tiered storage will use the same volume as the one defined for the Redpanda data directory.hostPath: Uses the path specified in hostPath on the worker node that the Pod is running on.emptyDir: Mounts an empty directory every time the Pod starts.persistentVolume: Creates and mounts a PersistentVolumeClaim using the template defined in persistentVolume. | | hostPath string | Specifies the absolute path on the worker node to store the Tiered Storage cache. | | persistentVolume PersistentVolume | Configures a PersistentVolumeClaim (PVC) template to create for each Pod. This PVC is used to store the Tiered Storage cache. | | config TieredConfig | Configures Tiered Storage, which requires an Enterprise license configured in enterprise.licenseKey or enterprised.licenseSecretRef. | | credentialsSecretRef CredentialSecretRef | CredentialSecretRef can be used to set cloud_storage_secret_key and/or cloud_storage_access_key from referenced Kubernetes Secret | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-tieredconfig)TieredConfig TieredConfig configures Tiered Storage, which requires an Enterprise license configured in `enterprise.licenseKey` or `enterprise.licenseSecretRef`.TieredConfig is a top-level field of the Helm values. Appears in: - [Tiered](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-tiered) | Field | Description | | --- | --- | | cloud_storage_enabled JSONBoolean | Enables Tiered Storage, if a license key is provided. See Cluster Configuration Properties | | cloud_storage_api_endpoint string | See Cluster Configuration Properties | | cloud_storage_api_endpoint_port integer | See Cluster Configuration Properties | | cloud_storage_bucket string | See Cluster Configuration Properties | | cloud_storage_azure_container string | See Cluster Configuration Properties | | cloud_storage_azure_managed_identity_id string | See Cluster Configuration Properties | | cloud_storage_azure_storage_account string | See Cluster Configuration Properties | | cloud_storage_azure_shared_key string | See Cluster Configuration Properties | | cloud_storage_azure_adls_endpoint string | See Cluster Configuration Properties | | cloud_storage_azure_adls_port integer | See Cluster Configuration Properties | | cloud_storage_cache_check_interval integer | See Cluster Configuration Properties | | cloud_storage_cache_directory string | See Broker Configuration Properties | | cloud_storage_cache_size string | See Cluster Configuration Properties | | cloud_storage_credentials_source string | See Cluster Configuration Properties | | cloud_storage_disable_tls boolean | See Cluster Configuration Properties | | cloud_storage_enable_remote_read boolean | See Cluster Configuration Properties | | cloud_storage_enable_remote_write boolean | See Cluster Configuration Properties | | cloud_storage_initial_backoff_ms integer | See Cluster Configuration Properties | | cloud_storage_manifest_upload_timeout_ms integer | See Cluster Configuration Properties | | cloud_storage_max_connection_idle_time_ms integer | See Cluster Configuration Properties | | cloud_storage_max_connections integer | See Cluster Configuration Properties | | cloud_storage_reconciliation_interval_ms integer | Deprecated: See Cluster Configuration Properties | | cloud_storage_region string | See Cluster Configuration Properties | | cloud_storage_segment_max_upload_interval_sec integer | See Cluster Configuration Properties | | cloud_storage_segment_upload_timeout_ms integer | See Cluster Configuration Properties | | cloud_storage_trust_file string | See Cluster Configuration Properties | | cloud_storage_upload_ctrl_d_coeff integer | See Cluster Configuration Properties | | cloud_storage_upload_ctrl_max_shares integer | See Cluster Configuration Properties | | cloud_storage_upload_ctrl_min_shares integer | See Cluster Configuration Properties | | cloud_storage_upload_ctrl_p_coeff integer | See Cluster Configuration Properties | | cloud_storage_upload_ctrl_update_interval_ms integer | See Cluster Configuration Properties | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-topic)Topic Topic defines the CRD for Topic resources. See [Manage Topics with the Redpanda Operator](https://docs.redpanda.com/streaming/25.3/manage/kubernetes/k-manage-topics/) | Field | Description | | --- | --- | | apiVersion string | cluster.redpanda.com/v1alpha2 | | kind string | Topic | | kind string | Kind is a string value representing the REST resource this object represents.Servers may infer this from the endpoint the client submits requests to.Cannot be updated.In CamelCase.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | apiVersion string | APIVersion defines the versioned schema of this representation of an object.Servers should convert recognized schemas to the latest internal value, andmay reject unrecognized values.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | metadata ObjectMeta | Refer to the Kubernetes API documentation for fields of metadata. | | spec TopicSpec | Defines the desired state of the Topic resource. | | status TopicStatus | Represents the current status of the Topic resource. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-topicmetadatasyncoffset)TopicMetadataSyncOffset (string) Appears in: - [ShadowLinkTopicMetadataSyncOptions](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-shadowlinktopicmetadatasyncoptions) ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-topicspec)TopicSpec TopicSpec defines the desired state of the topic. See [Manage Topics with the Redpanda Operator](https://docs.redpanda.com/streaming/25.3/manage/kubernetes/k-manage-topics/) Appears in: - [Topic](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-topic) | Field | Description | | --- | --- | | partitions integer | Specifies the number of topic shards that are distributed across the brokers in a cluster.This number cannot be decreased after topic creation.It can be increased after topic creation, but it isimportant to understand the consequences that has, especially fortopics with semantic partitioning. When absent this will default tothe Redpanda cluster configuration default_topic_partitions.See Cluster Configuration Properties andHow Redpanda Works | | replicationFactor integer | Specifies the number of replicas the topic should have. Must be odd value.When absent this will default to the Redpanda cluster configuration default_topic_replications.See Cluster Configuration Properties | | overwriteTopicName string | Changes the topic name from the value of metadata.name. | | additionalConfig object (keys:string, values:string) | Adds extra topic configurations. This is a free-form map of any configuration options that topics can have.Examples:cleanup.policy=compactredpanda.remote.write=trueredpanda.remote.read=trueredpanda.remote.recovery=trueredpanda.remote.delete=true | | cluster ClusterSource | ClusterSource is a reference to the cluster where the user should be created.It is used in constructing the client created to configure a cluster. | | kafkaApiSpec KafkaAPISpec | Defines client configuration for connecting to Redpanda brokers.Deprecated: Use cluster.staticConfiguration.kafkaApiSpec if explicit connectionconfiguration is required. Otherwise, prefer cluster.clusterRef. | | metricsNamespace string | Overwrites the fully-qualifiedname of the metric. This should be easier to identify ifmultiple operator instances runs inside the same Kubernetes cluster.By default, it is set to redpanda-operator. | | interval Duration | Defines when the topic controller will schedule the next reconciliation.Default is 3 seconds. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-topicstatus)TopicStatus TopicStatus defines the observed state of the Topic resource. Appears in: - [Topic](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-topic) | Field | Description | | --- | --- | | observedGeneration integer | ObservedGeneration is the last observed generation of the Topic. | | conditions Condition array | Conditions holds the conditions for the Topic. | | topicConfiguration Configuration array | TopicConfiguration is the last snapshot of the topic configuration during successful reconciliation. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-topologyspreadconstraints)TopologySpreadConstraints TopologySpreadConstraints configures topology spread constraints to control how Pods are spread across different topology domains. Appears in: - [Statefulset](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-statefulset) | Field | Description | | --- | --- | | maxSkew integer | Defines the maximum skew between the number of Pods in any two topology domains. | | topologyKey string | Specifies the topology key to use for spreading Pods. | | whenUnsatisfiable string | Sets the policy for how to handle unsatisfiable constraints, such as DoNotSchedule or ScheduleAnyway. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-truststore)TrustStore TrustStore is a mapping from a value on either a Secret or ConfigMap to the `truststore_path` field of a listener. Appears in: - [ListenerTLS](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-listenertls) | Field | Description | | --- | --- | | configMapKeyRef ConfigMapKeySelector | | | secretKeyRef SecretKeySelector | | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-tuning)Tuning Tuning configures settings for the autotuner tool in Redpanda. The autotuner identifies the hardware configuration in the container and optimizes the Linux kernel to give you the best performance. Appears in: - [InitContainers](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-initcontainers) - [RedpandaClusterSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-redpandaclusterspec) | Field | Description | | --- | --- | | extraVolumeMounts string | Configures additional volume mounts for the Pod. | | resources ResourceRequirements | Sets resource requirements such as CPU and memory limits. | | ballast_file_path string | Specifies the file path for ballast file. A ballast file is an empty file that takes up disk space. If Redpanda runs out of disk space and becomes unavailable, you can delete the ballast file as a last resort. This clears up some space and gives you time to delete topics or records and change your retention properties. | | ballast_file_size string | Defines the size of the ballast file. | | tune_aio_events boolean | Specifies whether to increase the number of allowed asynchronous IO events. | | tune_ballast_file boolean | Specifies whether to create the ballast file. | | tune_clocksource boolean | Specifies whether to synchronize NTP. | | well_known_io string | Specifies the vendor, VM type, and storage device type that Redpanda runs on, in the format ::. This hints to Redpanda which configuration values it should use for the Redpanda IO scheduler. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-updatestrategy)UpdateStrategy UpdateStrategy configures the update strategy for the StatefulSet to manage how updates are rolled out to the Pods. Appears in: - [Statefulset](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-statefulset) | Field | Description | | --- | --- | | type string | Defines the strategy type for updating the StatefulSet, such as RollingUpdate or OnDelete. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-usagestats)UsageStats UsageStats configures the reporting of usage statistics. Redpanda Data uses these metrics to learn how the software is used, which can guide future improvements. Appears in: - [Logging](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-logging) | Field | Description | | --- | --- | | enabled boolean | Specifies whether usage reporting is enabled. | | organization string | Specifies the name of the organization using the software. This can be useful for identifying and segmenting usage data by organization, if usage reporting is enabled.Deprecated: This value is no longer respected in the redpanda helm chartand will be removed in a future version. | | clusterId string | Specifies the ID of your Redpanda cluster. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-user)User User defines the CRD for a Redpanda user. | Field | Description | | --- | --- | | apiVersion string | cluster.redpanda.com/v1alpha2 | | kind string | User | | kind string | Kind is a string value representing the REST resource this object represents.Servers may infer this from the endpoint the client submits requests to.Cannot be updated.In CamelCase.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds | | apiVersion string | APIVersion defines the versioned schema of this representation of an object.Servers should convert recognized schemas to the latest internal value, andmay reject unrecognized values.More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources | | metadata ObjectMeta | Refer to the Kubernetes API documentation for fields of metadata. | | spec UserSpec | Defines the desired state of the Redpanda user. | | status UserStatus | Represents the current status of the Redpanda user. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-userauthenticationspec)UserAuthenticationSpec UserAuthenticationSpec defines the authentication mechanism enabled for this Redpanda user. Appears in: - [UserSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-userspec) | Field | Description | | --- | --- | | type SASLMechanism | SASL mechanism to use for the user credentials. Valid values are:- scram-sha-512- scram-sha-256 | | password Password | Password specifies where a password is read from. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-userauthorizationspec)UserAuthorizationSpec UserAuthorizationSpec defines authorization rules for this user. Appears in: - [UserSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-userspec) | Field | Description | | --- | --- | | type AuthorizationType | Type specifies the type of authorization to use for User ACLs. If unspecified, defaults to simple. Valid values are:- simple | | acls ACLRule array | List of ACL rules which should be applied to this user. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-userspec)UserSpec UserSpec defines the configuration of a Redpanda user. Appears in: - [User](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-user) | Field | Description | | --- | --- | | cluster ClusterSource | ClusterSource is a reference to the cluster where the user should be created.It is used in constructing the client created to configure a cluster. | | authentication UserAuthenticationSpec | Authentication defines the authentication information for a user. If noAuthentication credentials are specified, then no user will be created.This is useful when wanting to manage ACLs for an already-existing user. | | authorization UserAuthorizationSpec | Authorization rules defined for this user. | | template UserTemplateSpec | Template to specify how user secrets are generated. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-userstatus)UserStatus UserStatus defines the observed state of a Redpanda user Appears in: - [User](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-user) | Field | Description | | --- | --- | | observedGeneration integer | Specifies the last observed generation. | | conditions Condition array | Conditions holds the conditions for the Redpanda user. | | managedAcls boolean | ManagedACLs returns whether the user has managed ACLs that needto be cleaned up. | | managedUser boolean | ManagedUser returns whether the user has a managed SCRAM user that needto be cleaned up. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-usertemplatespec)UserTemplateSpec UserTemplateSpec defines the template metadata (labels and annotations) for any subresources, such as Secrets, created by a User object. Appears in: - [UserSpec](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-userspec) | Field | Description | | --- | --- | | secret ResourceTemplate | Specifies how the Secret with a user password is generated. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-usersitems)UsersItems UsersItems configures a list of superusers in the Helm values. Appears in: - [SASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-sasl) | Field | Description | | --- | --- | | mechanism string | Specifies the authentication mechanism to use for superusers. Overrides the default in SASL. Options are SCRAM-SHA-256 and SCRAM-SHA-512. | | name string | Specifies the name of the superuser. | | password string | Specifies the superuser password. | ## [](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-valuesource)ValueSource ValueSource represents where a value can be pulled from Appears in: - [AdminSASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-adminsasl) - [CommonTLS](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-commontls) - [KafkaSASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasasl) - [KafkaSASLAWSMskIam](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasaslawsmskiam) - [KafkaSASLGSSAPI](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasaslgssapi) - [KafkaSASLOAuthBearer](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-kafkasasloauthbearer) - [SchemaRegistrySASL](#k8s-api-github-com-redpanda-data-redpanda-operator-operator-api-redpanda-v1alpha2-schemaregistrysasl) | Field | Description | | --- | --- | | inline string | Inline is the raw value specified inline. | | configMapKeyRef ConfigMapKeySelector | If the value is supplied by a kubernetes object reference, coordinates are embedded here.For target values, the string value fetched from the source will be treated asa raw string. | | secretKeyRef SecretKeySelector | Should the value be contained in a k8s secret rather than configmap, we can referto it here. | | externalSecretRef ExternalSecretKeySelector | If the value is supplied by an external source, coordinates are embedded here.Note: we interpret all fetched external secrets as raw string values |