This page describes the official Redpanda Helm Chart. In particular, this page describes the contents of the chart’s values.yaml
file. Each of the settings is listed and described on this page, along with any default values.
For instructions on how to install and use the chart, including how to override and customize the chart’s values, refer to the deployment documentation.
Autogenerated from chart metadata using helm-docs v1.13.1
Kubernetes: >= 1.25.0-0
Repository | Name | Version |
---|---|---|
https://charts.redpanda.com | connectors | >=0.1.2 <1.0 |
https://charts.redpanda.com | console | >=0.5 <1.0 |
Affinity constraints for scheduling Pods, can override this for StatefulSets and Jobs. For details, see the Kubernetes documentation.
Default: {}
Audit logging for a redpanda cluster, must have enabled sasl and have one kafka listener supporting sasl authentication for audit logging to work. Note this feature is only available for redpanda versions >= v23.3.0.
Default:
{"clientMaxBufferSize":16777216,"enabled":false,"enabledEventTypes":null,"excludedPrincipals":null,"excludedTopics":null,"listener":"internal","partitions":12,"queueDrainIntervalMs":500,"queueMaxBufferSizePerShard":1048576,"replicationFactor":null}
Defines the number of bytes (in bytes) allocated by the internal audit client for audit messages.
Default: 16777216
Enable or disable audit logging, for production clusters we suggest you enable, however, this will only work if you also enable sasl and a listener with sasl enabled.
Default: false
Event types that should be captured by audit logs, default is [admin
, authenticate
, management
].
Default: nil
List of principals to exclude from auditing, default is null.
Default: nil
List of topics to exclude from auditing, default is null.
Default: nil
Kafka listener name, note that it must have authenticationMethod
set to sasl
. For external listeners, use the external listener name, such as default
.
Default: "internal"
Integer value defining the number of partitions used by a newly created audit topic.
Default: 12
In ms, frequency in which per shard audit logs are batched to client for write to audit log.
Default: 500
Defines the maximum amount of memory used (in bytes) by the audit buffer in each shard.
Default: 1048576
Defines the replication factor for a newly created audit log topic. This configuration applies only to the audit log topic and may be different from the cluster or other topic configurations. This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided, Redpanda will use the internal_topic_replication_factor cluster
config value. Default is null
Default: nil
Authentication settings. For details, see the SASL documentation.
Default:
{"sasl":{"bootstrapUser":{"mechanism":"SCRAM-SHA-256"},"enabled":false,"mechanism":"SCRAM-SHA-512","secretRef":"redpanda-users","users":[]}}
Details about how to create the bootstrap user for the cluster. The secretKeyRef is optionally specified. If it is specified, the chart will use a password written to that secret when creating the "kubernetes-controller" bootstrap user. If it is unspecified, then the secret will be generated and stored in the secret "releasename"-bootstrap-user, with the key "password".
Default:
{"mechanism":"SCRAM-SHA-256"}
The authentication mechanism to use for the bootstrap user. Options are SCRAM-SHA-256
and SCRAM-SHA-512
.
Default: "SCRAM-SHA-256"
Enable SASL authentication. If you enable SASL authentication, you must provide a Secret in auth.sasl.secretRef
.
Default: false
The authentication mechanism to use for the superuser. Options are SCRAM-SHA-256
and SCRAM-SHA-512
.
Default: "SCRAM-SHA-512"
A Secret that contains your superuser credentials. For details, see the SASL documentation.
Default: "redpanda-users"
Optional list of superusers. These superusers will be created in the Secret whose name is defined in auth.sasl.secretRef
. If this list is empty, the Secret in auth.sasl.secretRef
must already exist in the cluster before you deploy the chart. Uncomment the sample list if you wish to try adding sample sasl users or override to use your own.
Default: []
Default Kubernetes cluster domain.
Default: "cluster.local"
Additional labels to add to all Kubernetes objects. For example, my.k8s.service: redpanda
.
Default: {}
This section contains various settings supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these settings comes with some risk. Use these settings to customize various Redpanda configurations that are not covered in other sections. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup. For descriptions of these properties, see the configuration documentation.
Default:
{"cluster":{},"node":{"crash_loop_limit":5},"pandaproxy_client":{},"rpk":{},"schema_registry_client":{},"tunable":{"compacted_log_segment_size":67108864,"kafka_connection_rate_limit":1000,"log_segment_size_max":268435456,"log_segment_size_min":16777216,"max_compacted_log_segment_size":536870912}}
Cluster Configuration Properties
Default: {}
Broker (node) Configuration Properties.
Default: {"crash_loop_limit":5}
Crash loop limit A limit on the number of consecutive times a broker can crash within one hour before its crash-tracking logic is reset. This limit prevents a broker from getting stuck in an infinite cycle of crashes. User can disable this crash loop limit check by the following action: * One hour elapses since the last crash * The node configuration file, redpanda.yaml, is updated via config.cluster or config.node or config.tunable objects * The startup_log file in the node’s data_directory is manually deleted Default to 5 REF: https://docs.redpanda.com/current/reference/broker-properties/#crash_loop_limit
Default: 5
Tunable cluster properties. Deprecated: all settings here may be specified via config.cluster
.
Default:
{"compacted_log_segment_size":67108864,"kafka_connection_rate_limit":1000,"log_segment_size_max":268435456,"log_segment_size_min":16777216,"max_compacted_log_segment_size":536870912}
See the property reference documentation.
Default: 67108864
See the property reference documentation.
Default: 1000
See the property reference documentation.
Default: 268435456
See the property reference documentation.
Default: 16777216
See the property reference documentation.
Default: 536870912
Redpanda Managed Connectors settings For a reference of configuration settings, see the Redpanda Connectors documentation.
Default:
{"deployment":{"create":false},"enabled":false,"test":{"create":false}}
Redpanda Console settings. For a reference of configuration settings, see the Redpanda Console documentation.
Default:
{"config":{},"configmap":{"create":false},"deployment":{"create":false},"enabled":true,"secret":{"create":false}}
Enterprise (optional) For details, see the License documentation.
Default:
{"license":"","licenseSecretRef":{}}
license (optional).
Default: ""
Secret name and key where the license key is stored.
Default: {}
External access settings. For details, see the Networking and Connectivity documentation.
Default:
{"enabled":true,"service":{"enabled":true},"type":"NodePort"}
Enable external access for each Service. You can toggle external access for each listener in listeners.<service name>.external.<listener-name>.enabled
.
Default: true
Service allows you to manage the creation of an external kubernetes service object
Default: {"enabled":true}
Enabled if set to false will not create the external service type You can still set your cluster with external access but not create the supporting service (NodePort/LoadBalander). Set this to false if you rather manage your own service.
Default: true
External access type. Only NodePort
and LoadBalancer
are supported. If undefined, then advertised listeners will be configured in Redpanda, but the helm chart will not create a Service. You must create a Service manually. Warning: If you use LoadBalancers, you will likely experience higher latency and increased packet loss. NodePort is recommended in cases where latency is a priority.
Default: "NodePort"
Override redpanda.fullname
template.
Default: ""
Redpanda Docker image settings.
Default:
{"pullPolicy":"IfNotPresent","repository":"docker.redpanda.com/redpandadata/redpanda","tag":""}
The imagePullPolicy. If image.tag
is 'latest', the default is Always
.
Default: "IfNotPresent"
Docker repository from which to pull the Redpanda Docker image.
Default:
"docker.redpanda.com/redpandadata/redpanda"
The Redpanda version. See DockerHub for: All stable versions and all unstable versions.
Default: Chart.appVersion
.
Pull secrets may be used to provide credentials to image repositories See the Kubernetes documentation.
Default: []
DEPRECATED Enterprise license key (optional). For details, see the License documentation.
Default: ""
DEPRECATED Secret name and secret key where the license key is stored.
Default: {}
Listener settings. Override global settings configured above for individual listeners. For details, see the listeners documentation.
Default:
{"admin":{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}},"http":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}},"kafka":{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}},"rpc":{"port":33145,"tls":{"cert":"default","requireClientAuth":false}},"schemaRegistry":{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}}}
Admin API listener (only one).
Default:
{"external":{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}},"port":9644,"tls":{"cert":"default","requireClientAuth":false}}
Optional external access settings.
Default:
{"default":{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}}
Name of the external listener.
Default:
{"advertisedPorts":[31644],"port":9645,"tls":{"cert":"external"}}
The port advertised to this listener's external clients. List one port if you want to use the same port for each broker (would be the case when using NodePort service). Otherwise, list the port you want to use for each broker in order of StatefulSet replicas. If undefined, listeners.admin.port
is used.
Default: {"cert":"external"}
The port for both internal and external connections to the Admin API.
Default: 9644
Optional TLS section (required if global TLS is enabled)
Default:
{"cert":"default","requireClientAuth":false}
Name of the Certificate used for TLS (must match a Certificate name that is registered in tls.certs).
Default: "default"
If true, the truststore file for this listener is included in the ConfigMap.
Default: false
HTTP API listeners (aka PandaProxy).
Default:
{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30082],"authenticationMethod":null,"port":8083,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8082,"tls":{"cert":"default","requireClientAuth":false}}
Kafka API listeners.
Default:
{"authenticationMethod":null,"external":{"default":{"advertisedPorts":[31092],"authenticationMethod":null,"port":9094,"tls":{"cert":"external"}}},"port":9093,"tls":{"cert":"default","requireClientAuth":false}}
If undefined, listeners.kafka.external.default.port
is used.
Default: [31092]
The port used for external client connections.
Default: 9094
The port for internal client connections.
Default: 9093
RPC listener (this is never externally accessible).
Default:
{"port":33145,"tls":{"cert":"default","requireClientAuth":false}}
Schema registry listeners.
Default:
{"authenticationMethod":null,"enabled":true,"external":{"default":{"advertisedPorts":[30081],"authenticationMethod":null,"port":8084,"tls":{"cert":"external","requireClientAuth":false}}},"kafkaEndpoint":"default","port":8081,"tls":{"cert":"default","requireClientAuth":false}}
Log-level settings.
Default:
{"logLevel":"info","usageStats":{"enabled":true}}
Log level Valid values (from least to most verbose) are: warn
, info
, debug
, and trace
.
Default: "info"
Send usage statistics back to Redpanda Data. For details, see the stats reporting documentation.
Default: {"enabled":true}
Monitoring. This will create a ServiceMonitor that can be used by Prometheus-Operator or VictoriaMetrics-Operator to scrape the metrics.
Default:
{"enabled":false,"labels":{},"scrapeInterval":"30s"}
Override redpanda.name
template.
Default: ""
Node selection constraints for scheduling Pods, can override this for StatefulSets. For details, see the Kubernetes documentation.
Default: {}
Default: {}
Default: true
Additional annotations to apply to the Pods of this Job.
Default: {}
Additional labels to apply to the Pods of this Job.
Default: {}
A subset of Kubernetes' PodSpec type that will be merged into the final PodSpec. See Merge Semantics for details.
Default:
{"containers":[{"env":[],"name":"post-install","securityContext":{}}],"securityContext":{}}
Rack Awareness settings. For details, see the Rack Awareness documentation.
Default:
{"enabled":false,"nodeAnnotation":"topology.kubernetes.io/zone"}
When running in multiple racks or availability zones, use a Kubernetes Node annotation value as the Redpanda rack value. Enabling this requires running with a service account with "get" Node permissions. To have the Helm chart configure these permissions, set serviceAccount.create=true
and rbac.enabled=true
.
Default: false
The common well-known annotation to use as the rack ID. Override this only if you use a custom Node annotation.
Default:
"topology.kubernetes.io/zone"
Role Based Access Control.
Default:
{"annotations":{},"enabled":false}
Annotations to add to the rbac
resources.
Default: {}
Enable for features that need extra privileges. If you use the Redpanda Operator, you must deploy it with the --set rbac.createRPKBundleCRs=true
flag to give it the required ClusterRoles.
Default: false
Pod resource management. This section simplifies resource allocation by providing a single location where resources are defined. Helm sets these resource values within the statefulset.yaml
and configmap.yaml
templates. The default values are for a development environment. Production-level values and other considerations are documented, where those values are different from the default. For details, see the Pod resources documentation.
Default:
{"cpu":{"cores":1},"memory":{"container":{"max":"2.5Gi"}}}
CPU resources. For details, see the Pod resources documentation.
Default: {"cores":1}
Redpanda makes use of a thread per core model. For details, see this blog. For this reason, Redpanda should only be given full cores. Note: You can increase cores, but decreasing cores is not currently supported. See the GitHub issue. This setting is equivalent to --smp
, resources.requests.cpu
, and resources.limits.cpu
. For production, use 4
or greater. To maximize efficiency, use the static
CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. See https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy.
Default: 1
Memory resources For details, see the Pod resources documentation.
Default:
{"container":{"max":"2.5Gi"}}
Enables memory locking. For production, set to true
. enable_memory_locking: false It is recommended to have at least 2Gi of memory per core for the Redpanda binary. This memory is taken from the total memory given to each container. The Helm chart allocates 80% of the container's memory to Redpanda, leaving the rest for the Seastar subsystem (reserveMemory) and other container processes. So at least 2.5Gi per core is recommended in order to ensure Redpanda has a full 2Gi. These values affect --memory
and --reserve-memory
flags passed to Redpanda and the memory requests/limits in the StatefulSet. Valid suffixes: k, M, G, T, P, Ki, Mi, Gi, Ti, Pi To create Guaranteed
Pod QoS for Redpanda brokers, provide both container max and min values for the container. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a memory limit and a memory request. * For every container in the Pod, the memory limit must equal the memory request.
Default: {"max":"2.5Gi"}
Maximum memory count for each Redpanda broker. Equivalent to resources.limits.memory
. For production, use 10Gi
or greater.
Default: "2.5Gi"
Service account management.
Default:
{"annotations":{},"automountServiceAccountToken":false,"create":false,"name":""}
Annotations to add to the service account.
Default: {}
Specifies whether a service account should automount API-Credentials. The token is used in sidecars.controllers
Default: false
Specifies whether a service account should be created.
Default: false
The name of the service account to use. If not set and serviceAccount.create
is true
, a name is generated using the redpanda.fullname
template.
Default: ""
Additional flags to pass to redpanda,
Default: []
Additional labels to be added to statefulset label selector. For example, my.k8s.service: redpanda
.
Default: {}
DEPRECATED Please use statefulset.podTemplate.annotations. Annotations are used only for Statefulset.spec.template.metadata.annotations
. The StatefulSet does not have any dedicated annotation.
Default: {}
Default: 1
Default: ""
Default: ""
Default: "busybox"
Default: "latest"
Default: ""
To create Guaranteed
Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.
Default: {}
Default: ""
Default: false
Default: "xfs"
Default: ""
To create Guaranteed
Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.
Default: {}
In environments where root is not allowed, you cannot change the ownership of files and directories. Enable setDataDirOwnership
when using default minikube cluster configuration.
Default: false
Default: ""
To create Guaranteed
Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.
Default: {}
Default: ""
To create Guaranteed
Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.
Default: {}
Default: ""
To create Guaranteed
Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request.
Default: {}
Default: 3
Default: 10
Default: 10
Node selection constraints for scheduling Pods of this StatefulSet. These constraints override the global nodeSelector
value. For details, see the Kubernetes documentation.
Default: {}
Inter-Pod Affinity rules for scheduling Pods of this StatefulSet. For details, see the Kubernetes documentation.
Default: {}
Anti-affinity rules for scheduling Pods of this StatefulSet. For details, see the Kubernetes documentation. You may either edit the default settings for anti-affinity rules, or specify new anti-affinity rules to use instead of the defaults.
Default:
{"custom":{},"topologyKey":"kubernetes.io/hostname","type":"hard","weight":100}
Change podAntiAffinity.type
to custom
and provide your own podAntiAffinity rules here.
Default: {}
The topologyKey to be used. Can be used to spread across different nodes, AZs, regions etc.
Default: "kubernetes.io/hostname"
Valid anti-affinity types are soft
, hard
, or custom
. Use custom
if you want to supply your own anti-affinity rules in the podAntiAffinity.custom
object.
Default: "hard"
Weight for soft
anti-affinity rules. Does not apply to other anti-affinity types.
Default: 100
Additional annotations to apply to the Pods of the StatefulSet.
Default: {}
Additional labels to apply to the Pods of the StatefulSet.
Default: {}
A subset of Kubernetes' PodSpec type that will be merged into the final PodSpec. See Merge Semantics for details.
Default:
{"containers":[{"env":[],"name":"redpanda","securityContext":{}}],"securityContext":{}}
PriorityClassName given to Pods of this StatefulSet. For details, see the Kubernetes documentation.
Default: ""
Default: 3
Default: 1
Default: 10
Default: 1
Number of Redpanda brokers (Redpanda Data recommends setting this to the number of worker nodes in the cluster)
Default: 3
DEPRECATED: Prefer to use podTemplate.spec.securityContext or podTemplate.spec.containers[0].securityContext.
Default:
{"fsGroup":101,"fsGroupChangePolicy":"OnRootMismatch","runAsUser":101}
Default: true
Default: ""
To create Guaranteed
Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a memory limit and a memory request. * For every container in the Pod, the memory limit must equal the memory request. * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. To maximize efficiency, use the static
CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. For details, see https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy
Default: {}
Default: {}
Default: true
Default: false
Default: ":8085"
Default:
"docker.redpanda.com/redpandadata/redpanda-operator"
Default: "v2.2.5-24.2.7"
Default: ":9082"
To create Guaranteed
Pods for Redpanda brokers, provide both requests and limits for CPU and memory. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/#create-a-pod-that-gets-assigned-a-qos-class-of-guaranteed * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. * Every container in the Pod must have a CPU limit and a CPU request. * For every container in the Pod, the CPU limit must equal the CPU request. To maximize efficiency, use the static
CPU manager policy by specifying an even integer for CPU resource requests and limits. This policy gives the Pods running Redpanda brokers access to exclusive CPUs on the node. For details, see https://kubernetes.io/docs/tasks/administer-cluster/cpu-management-policies/#static-policy
Default: {}
Default: "all"
Default: {}
Adjust the period for your probes to meet your needs. For details, see the Kubernetes documentation.
Default:
{"failureThreshold":120,"initialDelaySeconds":1,"periodSeconds":10}
Termination grace period in seconds is time required to execute preStop hook which puts particular Redpanda Pod (process/container) into maintenance mode. Before settle down on particular value please put Redpanda under load and perform rolling upgrade or rolling restart. That value needs to accommodate two processes: * preStop hook needs to put Redpanda into maintenance mode * after preStop hook Redpanda needs to handle gracefully SIGTERM signal Both processes are executed sequentially where preStop hook has hard deadline in the middle of terminationGracePeriodSeconds. REF: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#hook-handler-execution https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
Default: 90
Taints to be tolerated by Pods of this StatefulSet. These tolerations override the global tolerations value. For details, see the Kubernetes documentation.
Default: []
Default: 1
Default:
"topology.kubernetes.io/zone"
Default: "ScheduleAnyway"
Default: "RollingUpdate"
Persistence settings. For details, see the storage documentation.
Default:
{"hostPath":"","persistentVolume":{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""},"tiered":{"config":{"cloud_storage_cache_size":5368709120,"cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false},"credentialsSecretRef":{"accessKey":{"configurationKey":"cloud_storage_access_key"},"secretKey":{"configurationKey":"cloud_storage_secret_key"}},"hostPath":"","mountType":"emptyDir","persistentVolume":{"annotations":{},"labels":{},"storageClass":""}}}
Absolute path on the host to store Redpanda's data. If unspecified, then an emptyDir
volume is used. If specified but persistentVolume.enabled
is true, storage.hostPath
has no effect.
Default: ""
If persistentVolume.enabled
is true, a PersistentVolumeClaim is created and used to store Redpanda's data. Otherwise, storage.hostPath
is used.
Default:
{"annotations":{},"enabled":true,"labels":{},"nameOverwrite":"","size":"20Gi","storageClass":""}
Additional annotations to apply to the created PersistentVolumeClaims.
Default: {}
Additional labels to apply to the created PersistentVolumeClaims.
Default: {}
Option to change volume claim template name for tiered storage persistent volume if tiered.mountType is set to persistentVolume
Default: ""
To disable dynamic provisioning, set to -
. If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack).
Default: ""
Tiered Storage settings Requires enterprise.licenseKey
or enterprised.licenseSecretRef
For details, see the Tiered Storage documentation. For a list of properties, see Object Storage Properties.
Default:
{"cloud_storage_cache_size":5368709120,"cloud_storage_enable_remote_read":true,"cloud_storage_enable_remote_write":true,"cloud_storage_enabled":false}
Maximum size of the disk cache used by Tiered Storage. Default is 20 GiB. See the property reference documentation.
Default: 5368709120
Cluster level default remote read configuration for new topics. See the property reference documentation.
Default: true
Cluster level default remote write configuration for new topics. See the property reference documentation.
Default: true
Global flag that enables Tiered Storage if a license key is provided. See the property reference documentation.
Default: false
Absolute path on the host to store Redpanda's Tiered Storage cache.
Default: ""
Additional annotations to apply to the created PersistentVolumeClaims.
Default: {}
Additional labels to apply to the created PersistentVolumeClaims.
Default: {}
To disable dynamic provisioning, set to "-". If undefined or empty (default), then no storageClassName spec is set, and the default dynamic provisioner is chosen (gp2 on AWS, standard on GKE, AWS & OpenStack).
Default: ""
Default: true
TLS settings. For details, see the TLS documentation.
Default:
{"certs":{"default":{"caEnabled":true},"external":{"caEnabled":true}},"enabled":true}
List all Certificates here, then you can reference a specific Certificate's name in each listener's listeners.<listener name>.tls.cert
setting.
Default:
{"default":{"caEnabled":true},"external":{"caEnabled":true}}
This key is the Certificate name. To apply the Certificate to a specific listener, reference the Certificate's name in listeners.<listener-name>.tls.cert
.
Default: {"caEnabled":true}
Indicates whether or not the Secret holding this certificate includes a ca.crt
key. When true
, chart managed clients, such as rpk, will use ca.crt
for certificate verification and listeners with require_client_auth
and no explicit truststore
will use ca.crt
as their truststore_file
for verification of client certificates. When false
, chart managed clients will use tls.crt
for certificate verification and listeners with require_client_auth
and no explicit truststore
will use the container's CA certificates.
Default: true
Example external tls configuration uncomment and set the right key to the listeners that require them also enable the tls setting for those listeners.
Default: {"caEnabled":true}
Indicates whether or not the Secret holding this certificate includes a ca.crt
key. When true
, chart managed clients, such as rpk, will use ca.crt
for certificate verification and listeners with require_client_auth
and no explicit truststore
will use ca.crt
as their truststore_file
for verification of client certificates. When false
, chart managed clients will use tls.crt
for certificate verification and listeners with require_client_auth
and no explicit truststore
will use the container's CA certificates.
Default: true
Enable TLS globally for all listeners. Each listener must include a Certificate name in its <listener>.tls
object. To allow you to enable TLS for individual listeners, Certificates in auth.tls.certs
are always loaded, even if tls.enabled
is false
. See listeners.<listener-name>.tls.enabled
.
Default: true
Taints to be tolerated by Pods, can override this for StatefulSets. For details, see the Kubernetes documentation.
Default: []
Redpanda tuning settings. Each is set to their default values in Redpanda.
Default: {"tune_aio_events":true}
Increase the maximum number of outstanding asynchronous IO operations if the current value is below a certain threshold. This allows Redpanda to make as many simultaneous IO requests as possible, increasing throughput. When this option is enabled, Helm creates a privileged container. If your security profile does not allow this, you can disable this container by setting tune_aio_events
to false
. For more details, see the tuning documentation.
Default: true
The redpanda chart implements a form of object merging that's roughly a middleground of JSON Merge Patch and Kubernetes' Strategic Merge Patch. This is done to aid end users in setting or overriding fields that are not directly exposed via the chart.
- Directives are not supported.
- List fields that are merged by a unique key in Kubernetes' SMP (e.g.
containers
,env
) will be merged in a similar awy. - Only fields explicitly allowed by the chart's JSON schema will be merged.
- Additional containers that are not present in the original value will NOT be added.