cluster.redpanda.com/v1alpha2

type ResourceType

name string

Name of resource for which given ACL rule applies.
Can be combined with patternType field to use prefix pattern.

patternType PatternType

Describes the pattern used in the resource field. The supported types are literal
and prefixed. With literal pattern type, the resource field will be used as a definition
of a full topic name. With prefix pattern type, the resource name will be used only as
a prefix. Default value is literal.

type ACLType

resource ACLResourceSpec

Indicates the resource for which given ACL rule applies.

host string

The host from which the action described in the ACL rule is allowed or denied.
If not set, it defaults to *, allowing or denying the action from any host.

operations ACLOperation array

List of operations which will be allowed or denied.

external object (keys:string, values:ExternalListener)

Defines settings for the external listener.

port integer

Specifies the container port number for the internal listener.

tls ListenerTLS

Configures TLS settings for the internal listener.

appProtocol string

urls string array

Specifies a list of broker addresses in the format <host>:<port>

tls CommonTLS

Defines TLS configuration settings for Redpanda clusters that have TLS enabled.

sasl AdminSASL

Defines authentication configuration settings for Redpanda clusters that have authentication enabled.

username string

Specifies the username.

passwordSecretRef SecretKeyRef

Specifies the password.

mechanism SASLMechanism

Specifies the SASL/SCRAM authentication mechanism.

token SecretKeyRef

enabled boolean

Specifies whether to enable audit logging or not

listener string

Kafka external listener name, note that it must have authenticationMethod set to sasl

partitions integer

Integer value defining the number of partitions used by a newly created audit topic

enabledEventTypes string array

Event types that should be captured by audit logs

excludedTopics string array

List of topics to exclude from auditing

excludedPrincipals string array

List of principals to exclude from auditing

clientMaxBufferSize integer

Defines the number of bytes (in bytes) allocated by the internal audit client for audit messages.

queueDrainIntervalMs integer

In ms, frequency in which per shard audit logs are batched to client for write to audit log.

queueMaxBufferSizePerShard integer

Defines the maximum amount of memory used (in bytes) by the audit buffer in each shard

replicationFactor integer

Defines the replication factor for a newly created audit log topic. This configuration applies
only to the audit log topic and may be different from the cluster or other topic configurations.
This cannot be altered for existing audit log topics. Setting this value is optional. If a value is not provided,
Redpanda will use the internal_topic_replication_factor cluster config value. Default is null

sasl SASL

Configures SASL authentication in the Helm values.

secretKeyRef SecretKeySelector

Specifies the location where the generated password will be written or a pre-existing
password will be read from.

mechanism string

Specifies the authentication mechanism to use for the bootstrap user. Options are SCRAM-SHA-256 and SCRAM-SHA-512.

maxUnavailable integer

Defines the maximum number of Pods that can be unavailable during a voluntary disruption.

cores Quantity

Specifies the number of CPU cores available to the application. Redpanda makes use of a thread per core model. For details, see https://docs.redpanda.com/current/get-started/architecture/#thread-per-core-model. For this reason, Redpanda should only be given full cores. Note: You can increase cores, but decreasing cores is not currently supported. See the GitHub issue:https://github.com/redpanda-data/redpanda/issues/350. This setting is equivalent to --smp, resources.requests.cpu, and resources.limits.cpu. For production, use 4 or greater.

overprovisioned boolean

Specifies whether Redpanda assumes it has all of the provisioned CPU. This should be true unless the container has CPU affinity. Equivalent to: --idle-poll-time-us 0, --thread-affinity 0, and --poll-aio 0. If the value of full cores in resources.cpu.cores is less than 1, this setting is set to true.

issuerRef IssuerRef

Specify the name of an existing Issuer or ClusterIssuer resource to use to generate certificates. Requires cert-manager. See https://cert-manager.io/v1.1-docs.

secretRef SecretRef

Specify the name of an existing Secret resource that contains your TLS certificate.

clientSecretRef SecretRef

Specify the name of an existing Secret resource that contains your client TLS certificate.

duration Duration

Specifies the validity duration of certificates generated with issuerRef.

caEnabled boolean

Specifies whether to include the ca.crt file in the trust stores of all listeners. Set to true only for certificates that are not authenticated using public certificate authorities (CAs).

applyInternalDNSNames boolean

Specifies you wish to have Kubernetes internal dns names (IE the headless service of the redpanda StatefulSet) included in dnsNames of the certificate even, when supplying an issuer.

enabled boolean

chartName string

Specifies the name of the chart to deploy.

chartVersion string

Defines the version of the Redpanda Helm chart to deploy.

helmRepositoryName string

Defines the chart repository to use. Defaults to redpanda if not defined.

timeout Duration

Specifies the time to wait for any individual Kubernetes operation (like Jobs
for hooks) during Helm actions. Defaults to 15m0s.

upgrade HelmUpgrade

Defines how to handle upgrades, including failures.

useFlux boolean

NOTE! Alpha feature
UseFlux flag set to false will prevent helm controller from reconciling helm chart. The operator would be
tight with go based Redpanda helm chart version. The rest of the ChartRef fields would be ignored.

Before setting UseFlux flag to false please alight your ChartVersion to at least 5.9.3
version of the Redpanda chart.

RedpandaStatus might not be accurate if flag is set to false and HelmRelease is manually deleted.

To achieve dynamic switch for Flux controllers (HelmRelease and HelmRepository) the resources
would not be removed, but they will be put in suspended mode (if flag is provided and set to false).

https://fluxcd.io/flux/components/helm/helmreleases/#suspend
https://fluxcd.io/flux/components/source/helmrepositories/#suspend

name string

Name specifies the name of the cluster being referenced.

clusterRef ClusterRef

ClusterRef is a reference to the cluster where the object should be created.
It is used in constructing the client created to configure a cluster.
This takes precedence over StaticConfigurationSource.

staticConfiguration StaticConfigurationSource

StaticConfiguration holds connection parameters to Kafka and Admin APIs.

caCertSecretRef SecretKeyRef

CaCert is the reference for certificate authority used to establish TLS connection to Redpanda

certSecretRef SecretKeyRef

Cert is the reference for client public certificate to establish mTLS connection to Redpanda

keySecretRef SecretKeyRef

Key is the reference for client private certificate to establish mTLS connection to Redpanda

insecureSkipTlsVerify boolean

InsecureSkipTLSVerify can skip verifying Redpanda self-signed certificate when establish TLS connection to Redpanda

rpk RawExtension

Specifies cluster configuration properties. See https://docs.redpanda.com/current/reference/cluster-properties/.

cluster RawExtension

Specifies cluster configuration properties. See https://docs.redpanda.com/current/reference/cluster-properties/.

node RawExtension

Specifies broker configuration properties. See https://docs.redpanda.com/current/reference/node-properties/.

tunable RawExtension

Specifies tunable configuration properties. See https://docs.redpanda.com/current/reference/tunable-properties/.

schema_registry_client RawExtension

Specifies tunable configuration properties. See https://docs.redpanda.com/current/reference/tunable-properties/.

pandaproxy_client RawExtension

Specifies tunable configuration properties. See https://docs.redpanda.com/current/reference/tunable-properties/.

name string

value string

source string

unknownTags object (keys:string, values:string)

UnknownTags are tags Kafka sent that we do not know the purpose of.

enabled boolean

Specifies whether the sidecar is enabled.

extraVolumeMounts string

Specifies additional volumes to mount to the sidecar.

resources ResourceRequirements

Specifies resource requests for the sidecar container.

securityContext SecurityContext

Specifies the container’s security context, including privileges and access levels of the container and its processes.

name string

Name is a key this entry corresponds to (e.g. segment.bytes).

value string

Value is the value for this config key. If the key is sensitive,
the value will be null.

readOnly boolean

ReadOnly signifies whether this is not a dynamic config option.

Note that this field is not always correct, and you may need to check
whether the Source is any dynamic enum. See franz-go#91 for more details.

isDefault boolean

IsDefault is whether this is a default config option. This has been
replaced in favor of Source.

source string

Source is where this config entry is from.

This field has a default of -1.

isSensitive boolean

IsSensitive signifies whether this is a sensitive config key, which
is either a password or an unknown type.

configSynonyms ConfigSynonyms array

ConfigSynonyms contains fallback key/value pairs for this config
entry, in order of preference. That is, if a config entry is both
dynamically configured and has a default, the top level return will be
the dynamic configuration, while its "synonym" will be the default.

configType string

ConfigType specifies the configuration data type.

documentation string

Documentation is optional documentation for the config entry.

unknownTags object (keys:string, values:string)

UnknownTags are tags Kafka sent that we do not know the purpose of.

extraVolumeMounts string

resources ResourceRequirements

enabled boolean

Specifies whether to create a ServiceMonitor that can be used by Prometheus Operator or VictoriaMetrics Operator to scrape the metrics.

labels object (keys:string, values:string)

Adds custom labels to the ServiceMonitor resource.

scrapeInterval string

Specifies how often to scrape metrics.

annotations object (keys:string, values:string)

Adds custom Annotations to the ServiceMonitor resource.

namespaceSelector NamespaceSelector

Adds custom namespaceSelector to monitoring resources

create boolean

Specifies whether to create the resource.

enabled boolean

Deprecated: this field exists for storage backwards compatibility and is
never used. Prefer Create.

create boolean

Indicates whether the corresponding Kubernetes object (ConfigMap, Secret, or Deployment) should be created.

name string

securityContext SecurityContext

env EnvVar array

max Quantity

Specifies the maximum resources that can be allocated to a container.

min Quantity

Specifies the minimum resources required for a container.

accessKey SecretWithConfigField

secretKey SecretWithConfigField

enabled boolean

license string

Specifies the Enterprise license key.

licenseSecretRef EnterpriseLicenseSecretRef

Defines a reference to a Secret resource that contains the Enterprise license key.

key string

Specifies the key that is contains the Enterprise license in the Secret.

name string

Specifies the name of the Secret resource to use.

addresses string array

Specifies addresses for the external listeners to advertise.Provide one entry for each broker in order of StatefulSet replicas. The number of brokers is defined in statefulset.replicas. The values can be IP addresses or DNS names. If external.domain is set, the domain is appended to these values.

annotations object (keys:string, values:string)

Adds custom annotations to the external Service.

domain string

Specifies the domain to advertise to external clients. If specified, then it will be appended to the external.addresses values as each broker’s advertised address.

enabled boolean

Specifies whether the external access is enabled.

service ExternalService

Configures the external Service resource.

sourceRanges string array

Source range for external access. Only applicable when external.type is LoadBalancer.

type string

Specifies the external Service type. Only NodePort and LoadBalancer are supported. If undefined, then advertised listeners will be configured in Redpanda, but the Helm chart will not create a Service. NodePort is recommended in cases where latency is a priority.

externalDns ExternalDNS

Defines externalDNS configurations.

prefixTemplate string

Specifies a naming prefix template for external Services.

enabled boolean

Specifies whether externalDNS annotations are added to LoadBalancer Services. If you enable externalDns, each LoadBalancer Service defined in external.type will be annotated with an external-dns hostname that matches external.addresses[i].external.domain.

enabled boolean

authenticationMethod string

Specifies the authentication method for the external listener. For example, 'mtls_identity' or sasl.

port integer

Specifies the container port number for the external listener.

tls ListenerTLS

Configures TLS settings for the external listener.

advertisedPorts integer array

Specifies the network port that the external Service listens on.

prefixTemplate string

Specifies the template used for generating the advertised addresses of Services. This field accepts a string template that dynamically constructs Service addresses based on various parameters such as Service name and port number.

nodePort integer

enabled boolean

Specifies whether to create the external Service. If set to false, the external Service type is not created. You can still set your cluster with external access but not create the supporting Service. Set this to false to manage your own Service.

enabled boolean

expectedFS string

extraVolumeMounts string

Adds extra volume mounts.

resources ResourceRequirements

Specifies the resource requirements.

authenticationMethod string

Specifies the authentication method for the external listener. For example, 'mtls_identity' or sasl.

enabled boolean

Specifies whether the HTTP Proxy is enabled.

external object (keys:string, values:ExternalListener)

Defines settings for the external listener.

kafkaEndpoint string

Configures the listener to use for HTTP connections. For example default for the internal listener.

port integer

Specifies the container port number for the internal listener.

tls ListenerTLS

Configures TLS settings for the internal listener.

prefixTemplate string

Specifies the template used for generating the advertised addresses of Services. This field accepts a string template that dynamically constructs Service addresses based on various parameters such as Service name and port number.

remediation UpgradeRemediation

Specifies the actions to take on upgrade failures. See https://pkg.go.dev/github.com/fluxcd/helm-controller/api/v2beta1#UpgradeRemediation.

force boolean

Enables forceful updates during an upgrade.

preserveValues boolean

Specifies whether to preserve user-configured values during an upgrade.

cleanupOnFail boolean

Specifies whether to perform cleanup in case of failed upgrades.

repository string

tag string

configurator Configurator

extraInitContainers string

setDataDirOwnership SetDataDirOwnership

Defines the settings related to ownership of the Redpanda data directory in environments where root access is restricted.

setTieredStorageCacheDirOwnership SetTieredStorageCacheDirOwnership

Defines the settings related to ownership of the Tiered Storage cache in environments where root access is restricted.

fsValidator FsValidator

Defines the setting for init container that not allow to start Redpanda until filesystem matches

tuning Tuning

Defines settings for the autotuner tool in Redpanda. The autotuner identifies the hardware configuration in the container and optimizes the Linux kernel to give you the best performance.

name string

Specifies the name of the resource.

kind string

Specifies the kind of resource. One of Issuer or ClusterIssuer.

group string

authenticationMethod string

Specifies the authentication method for the external listener. For example, 'mtls_identity' or sasl.

external object (keys:string, values:ExternalListener)

Defines settings for the external listener.

port integer

Specifies the container port number for the internal listener.

tls ListenerTLS

Configures TLS settings for the internal listener.

prefixTemplate string

Specifies the template used for generating the advertised addresses of Services. This field accepts a string template that dynamically constructs Service addresses based on various parameters such as Service name and port number.

brokers string array

Specifies a list of broker addresses in the format <host>:<port>

tls CommonTLS

Defines TLS configuration settings for Redpanda clusters that have TLS enabled.

sasl KafkaSASL

Defines authentication configuration settings for Redpanda clusters that have authentication enabled.

username string

Specifies the username.

passwordSecretRef SecretKeyRef

Specifies the password.

mechanism SASLMechanism

Specifies the SASL/SCRAM authentication mechanism.

oauth KafkaSASLOAuthBearer

gssapi KafkaSASLGSSAPI

awsMskIam KafkaSASLAWSMskIam

accessKey string

secretKeySecretRef SecretKeyRef

sessionTokenSecretRef SecretKeyRef

SessionToken, if non-empty, is a session / security token to use for authentication.
See: https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html

userAgent string

UserAgent is the user agent to for the client to use when connecting
to Kafka, overriding the default "franz-go/<runtime.Version()>/<hostname>".

Setting a UserAgent allows authorizing based on the aws:UserAgent
condition key; see the following link for more details:
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-useragent

authType string

keyTabPath string

kerberosConfigPath string

serviceName string

username string

passwordSecretRef SecretKeyRef

realm string

enableFast boolean

EnableFAST enables FAST, which is a pre-authentication framework for Kerberos.
It includes a mechanism for tunneling pre-authentication exchanges using armored KDC messages.
FAST provides increased resistance to passive password guessing attacks.

tokenSecretRef SecretKeyRef

secret_key string

Specifies the key that is contains the Enterprise license in the Secret.

secret_name string

Specifies the name of the Secret.

cert string

References a specific certificate for the listener.

enabled boolean

Specifies whether TLS is enabled for the listener.

secretRef string

References a Secret resource containing TLS credentials for the listener.

Deprecated: Setting SecretRef has no affect and will be removed in
future releases.

requireClientAuth boolean

Indicates whether client authentication (mTLS) is required.

trustStore TrustStore

TrustStore allows setting the truststore_path on this listener. If
specified, this field takes precedence over [Certificate.CAEnabled].

admin Admin

Configures settings for the Admin API listeners.

http HTTP

Configures settings for the HTTP Proxy listeners.

kafka Kafka

Configures settings for the Kafka API listeners.

rpc RPC

Configures settings for the RPC API listener.

schemaRegistry SchemaRegistry

Configures settings for the Schema Registry listeners.

failureThreshold integer

Sets the number of consecutive failures required to consider a Pod as not live.

initialDelaySeconds integer

Specifies the time in seconds to wait before the first probe is initiated.

periodSeconds integer

Determines the frequency in seconds of performing the probe.

timeoutSeconds integer

successThreshold integer

logLevel string

Sets the verbosity level of logs.

usageStats UsageStats

Specifies whether to send usage statistics to Redpanda Data.

container ContainerResources

Defines resource limits for containers.

enable_memory_locking boolean

Enables memory locking. For production, set to true.

redpanda RedpandaMemory

Allows you to optionally specify the memory size for both the Redpanda process and the underlying reserved memory used by Seastar.

labels object (keys:string, values:string)

Labels specifies the Kubernetes labels to apply to a managed resource.

annotations object (keys:string, values:string)

Annotations specifies the Kubernetes annotations to apply to a managed resource.

enabled boolean

clusterRef NamespaceNameRef

ClusterRef by default will not be able to reach different namespaces, but it can be
overwritten by adding ClusterRole and ClusterRoleBinding to operator ServiceAccount.

consoleRef NamespaceNameRef

ConsoleRef by default will not be able to reach different namespaces, but it can be
overwritten by adding ClusterRole and ClusterRoleBinding to operator ServiceAccount.

enabled boolean

Specifies whether to create a ServiceMonitor that can be used by Prometheus Operator or VictoriaMetrics Operator to scrape the metrics.

labels object (keys:string, values:string)

Adds custom labels to the ServiceMonitor resource.

scrapeInterval string

Specifies how often to scrape metrics.

tlsConfig RawExtension

Specifies tls configuration properties.

enableHttp2 boolean

value string

valueFrom PasswordSource

secretKeyRef SecretKeySelector

SecretKeyRef specifies the secret used in reading a User password.
If the Secret exists and has a value in it, then that value is used.
If the Secret does not exist, or is empty, a password is generated and
stored based on this configuration.

annotations object (keys:string, values:string)

Adds annotations to the PersistentVolumeClaims to provide additional information or metadata that can be used by other tools or libraries.

enabled boolean

Specifies whether to enable the Helm chart to create PersistentVolumeClaims for Pods.

labels object (keys:string, values:string)

Applies labels to the PersistentVolumeClaims to facilitate identification and selection based on custom criteria.

size Quantity

Specifies the storage capacity required.

storageClass string

Specifies the StorageClass for the PersistentVolumeClaims to determine how PersistentVolumes are provisioned and managed.

nameOverwrite string

Option to change volume claim template name for tiered storage persistent volume if tiered.mountType is set to persistentVolume

topologyKey string

TopologyKey specifies the topology key used to spread Pods across different nodes or other topologies.

type string

Type defines the type of anti-affinity, such as soft or hard.

weight integer

Weight sets the weight associated with the soft anti-affinity rule.

custom RawExtension

Custom configures additional custom anti-affinity rules.

containers Container array

securityContext PodSecurityContext

labels object (keys:string, values:string)

annotations object (keys:string, values:string)

spec PodSpec

resources ResourceRequirements

Sets resource requirements (CPU, memory) for the job to ensure proper allocation and limit resource usage.

annotations object (keys:string, values:string)

Adds annotations to the job to provide additional information or metadata that can be used by other tools or libraries.

enabled boolean

Specifies whether the job is deployed.

labels object (keys:string, values:string)

Applies labels to the job to facilitate identification and selection based on custom criteria.

affinity Affinity

Affinity constraints for scheduling Pods. For details, see the
[Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).

securityContext SecurityContext

SecurityContext is deprecated. Prefer [PodTemplate.Spec.SecurityContext]
or [PodTemplate.Spec.Containers[*].SecurityContext].

podTemplate PodTemplate

PodTemplate is a subset of Kubernetes' PodTemplate that will be merged
into this Job’s PodTemplate.

annotations object (keys:string, values:string)

Adds annotations to the job to provide additional information or metadata that can be used by other tools or libraries.

enabled boolean

Specifies whether the job is deployed.

labels object (keys:string, values:string)

Applies labels to the job to facilitate identification and selection based on custom criteria.

extraEnv EnvVar array

Adds environment variables to the job container to configure its runtime behavior.

extraEnvFrom EnvFromSource array

Specifies environment variables from external sources, such as ConfigMap resources, or Secret resources, to dynamically configure the job.

resources ResourceRequirements

Sets resource requirements (CPU, memory) for the job to ensure proper allocation and limit resource usage.

backoffLimit integer

affinity Affinity

Affinity constraints for scheduling Pods. For details, see the
[Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).

securityContext SecurityContext

SecurityContext is deprecated. Prefer [PodTemplate.Spec.SecurityContext]
or [PodTemplate.Spec.Containers[*].SecurityContext].

podTemplate PodTemplate

PodTemplate is a subset of Kubernetes' PodTemplate that will be merged
into this Job’s PodTemplate.

annotations object (keys:string, values:string)

Adds custom annotations to the RBAC resources.

enabled boolean

Whether RBAC is enabled. Enable for features that need extra privileges, such as rack awareness. If you use the Redpanda Operator, you must deploy it with the --set rbac.createRPKBundleCRs=true flag to give it the required ClusterRoles.

port integer

Specifies the container port number for the internal listener.

tls ListenerTLS

Configures TLS settings for the internal listener.

enabled boolean

Specifies whether the Controllers are enabled.

resources ResourceRequirements

securityContext SecurityContext

image RedpandaImage

healthProbeAddress string

metricsAddress string

run string array

createRBAC boolean

enabled boolean

Specifies whether rack awareness is enabled. When enabled, Kubernetes failure zones are treated as racks. Redpanda maps each rack to a failure zone and places partition replicas across them. Requires rbac.enabled set to true.

nodeAnnotation string

Specifies the key in Node labels or annotations to use to denote failure zones.

failureThreshold integer

Defines the threshold for how many times the probe can fail before the Pod is marked Unready.

initialDelaySeconds integer

Sets the initial delay before the readiness probe is initiated, in seconds.

periodSeconds integer

Configures the period, in seconds, between each readiness check.

timeoutSeconds integer

successThreshold integer

apiVersion string

cluster.redpanda.com/v1alpha2

kind string

Redpanda

kind string

Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

apiVersion string

APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

metadata ObjectMeta

Refer to the Kubernetes API documentation for fields of metadata.

spec RedpandaSpec

Defines the desired state of the Redpanda cluster.

status RedpandaStatus

Represents the current status of the Redpanda cluster.

nameOverride string

Customizes the labels app.kubernetes.io/component=<nameOverride>-statefulset and app.kubernetes.io/name=<nameOverride> on the StatefulSet Pods. The default is redpanda.

fullNameOverride string

Deprecated: use FullnameOverride (fullnameOverride).

fullnameOverride string

Customizes the name of the StatefulSet and Services. The default is redpanda.

clusterDomain string

Customizes the Kubernetes cluster domain. This domain is used to generate the internal domains of the StatefulSet Pods. For details, see https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#stable-network-id. The default is the cluster.local domain.

commonLabels object (keys:string, values:string)

Assigns custom labels to all resources generated by the Redpanda Helm chart. Specify labels as key/value pairs.

nodeSelector object (keys:string, values:string)

Specifies on which nodes a Pod should be scheduled. These key/value pairs ensure that Pods are scheduled onto nodes with the specified labels.

tolerations Toleration array

Specifies tolerations to allow Pods to be scheduled onto nodes where they otherwise wouldn’t.

image RedpandaImage

Defines the container image settings to use for the Redpanda cluster.

imagePullSecrets LocalObjectReference array

Specifies credentials for a private image repository. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/.

license_key string

Deprecated: Use Enterprise instead.

license_secret_ref LicenseSecretRef

Deprecated: Use EnterpriseLicenseSecretRef instead.

enterprise Enterprise

Defines an Enterprise license.

rackAwareness RackAwareness

Defines rack awareness settings.

console RedpandaConsole

Defines Redpanda Console settings.

connectors RedpandaConnectors

Defines Redpanda Connector settings.

auth Auth

Defines authentication settings for listeners.

tls TLS

Defines TLS settings for listeners.

external External

Defines external access settings.

logging Logging

Defines the log level settings.

auditLogging AuditLogging

Defines the log level settings.

resources Resources

Defines container resource settings.

service Service

Defines settings for the headless ClusterIP Service.

storage Storage

Defines storage settings for the Redpanda data directory and the Tiered Storage cache.

post_install_job PostInstallJob

Defines settings for the post-install hook, which runs after each install or upgrade. For example, this job is responsible for setting the Enterprise license, if specified.

post_upgrade_job PostUpgradeJob

Defines settings for the post-upgrade hook, which runs after each update. For example, this job is responsible for setting cluster configuration properties and restarting services such as Schema Registry, if required.

statefulset Statefulset

Defines settings for the StatefulSet that manages Redpanda brokers.

tuning Tuning

Defines settings for the autotuner tool in Redpanda. The autotuner identifies the hardware configuration in the container and optimizes the Linux kernel to give you the best performance.

listeners Listeners

Defines settings for listeners, including HTTP Proxy, Schema Registry, the Admin API and the Kafka API.

config Config

Defines configuration properties supported by Redpanda that may not work correctly in a Kubernetes cluster. Changing these values from the defaults comes with some risk. Use these properties to customize various Redpanda configurations that are not available in the RedpandaClusterSpec. These values have no impact on the configuration or behavior of the Kubernetes objects deployed by Helm, and therefore should not be modified for the purpose of configuring those objects. Instead, these settings get passed directly to the Redpanda binary at startup.

rbac RBAC

Defines Role Based Access Control (RBAC) settings.

serviceAccount ServiceAccount

Defines Service account settings.

monitoring Monitoring

Defines settings for monitoring Redpanda.

force boolean

Adds the --force flag in helm upgrade commands. Used for allowing a change of TLS configuration for the RPC listener.
Setting force to true will result in a short period of downtime.

affinity Affinity

Affinity constraints for scheduling Pods, can override this for
StatefulSets and Jobs. For details, see the [Kubernetes
documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity).

tests Enablable

enabled boolean

test ConnectorsCreateObj

Specifies whether to create Helm tests.

monitoring ConnectorMonitoring

Specifies monitoring resources

connectors RawExtension

Connectors specified manual configurations

deployment RawExtension

Connectors specified manual configurations

nameOverride string

Specifies a custom name for the Redpanda Console resources, overriding the default naming convention.

fullnameOverride string

Specifies a full custom name, which overrides the entire naming convention including release name and chart name.

commonLabels object (keys:string, values:string)

Assigns custom labels to all resources generated by the Connector Helm chart. Specify labels as key/value pairs.

tolerations Toleration array

Applies tolerations to allow Pods to be scheduled on nodes with matching taints, enabling control over where Pods can run.

image RedpandaImage

Defines the container image settings to use for the Redpanda cluster.

imagePullSecrets LocalObjectReference array

Specifies credentials for a private image repository. For details, see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/.

auth RawExtension

Specifies superuser credentials

container RawExtension

Specifies container information

storage RawExtension

Specifies storage information

logging RawExtension

Specifies logging details

service RawExtension

Specifies service details

serviceAccount RawExtension

Specifies service account details

enabled boolean

Specifies whether the Redpanda Console subchart should be deployed.

replicaCount integer

Sets the number of replicas for the Redpanda Console Deployment resource.

nameOverride string

Specifies a custom name for the Redpanda Console resources, overriding the default naming convention.

fullnameOverride string

Specifies a full custom name, which overrides the entire naming convention including release name and chart name.

commonLabels object (keys:string, values:string)

priorityClassName string

Specifies the priority class name for the Pods that run Redpanda Console.

image RawExtension

Defines the container image for the Redpanda Console, including the repository, name, and tag.

imagePullSecrets RawExtension array

Defines Secrets used to pull the container images from a private registry.

serviceAccount RawExtension

Configures the ServiceAccount used by the Pods that run Redpanda Console.

annotations RawExtension

podAnnotations RawExtension

Adds custom annotations to the Pods that run Redpanda Console.

podLabels RawExtension

Adds custom labels to the Pods that run Redpanda Console.

podSecurityContext RawExtension

securityContext RawExtension

Sets the security context for the Pods that run Redpanda Console.

service RawExtension

Configures the Kubernetes Service for Redpanda Console.

ingress RawExtension

Configures the Kubernetes Ingress resource for Redpanda Console.

resources RawExtension

Configures resource requests and limits for the Pods that run Redpanda Console.

autoscaling RawExtension

Configures Horizontal Pod Autoscaling (HPA) for Redpanda Console.

nodeSelector RawExtension

Specifies Node labels for Pod assignment.

tolerations RawExtension array

Specifies tolerations for scheduling Pods onto Nodes with taints.

affinity RawExtension

Defines affinity rules for Pod assignment.

topologySpreadConstraints RawExtension

Specifies topology spread constraints for Pod placement.

extraEnv RawExtension array

Adds extra environment variables to the Pods that run Redpanda Console.

extraEnvFrom RawExtension array

Allows you to add extra environment variables from external resources to the Pods that run Redpanda Console.

extraVolumes RawExtension array

Adds extra volumes to the Pods that run Redpanda Console.

extraVolumeMounts RawExtension array

Mounts additional volumes inside the containers that run Redpanda Console.

extraContainers RawExtension array

Adds extra containers to the Pods that run Redpanda Console.

initContainers RawExtension

Specifies init containers for the Pods that run Redpanda Console.

secretMounts RawExtension array

Mounts additional Secret resources inside the containers that run Redpanda Console.

configmap ConsoleCreateObj

Deprecated: this field exists for storage backwards compatibility and is
never used. Prefer ConfigMap (configmap).

configMap ConsoleCreateObj

Specifies whether a ConfigMap should be created for Redpanda Console.

secret RawExtension

Specifies whether a Secret should be created for Redpanda Console.

deployment RawExtension

Specifies whether a Deployment should be created for Redpanda Console.

console RawExtension

Configures custom settings for Redpanda Console.

strategy RawExtension

Configures console’s Deployment’s update strategy.

enterprise RawExtension

Settings for license key, as an alternative to secret.enterprise when a
license secret is available

automountServiceAccountToken boolean

Automount API credentials for the Service Account into the pod.

readinessProbe ReadinessProbe

Settings for console’s Deployment’s readiness probe.

livenessProbe LivenessProbe

Settings for console’s Deployment’s liveness probe.

tests Enablable

Controls the creation of helm tests for console.

repository string

Specifies the image repository to pull from.

tag string

Specifies the image tag.

pullPolicy string

Specifies the strategy used for pulling images from the repository. For available values, see https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy.

apiVersion string

cluster.redpanda.com/v1alpha2

kind string

RedpandaList

kind string

Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

apiVersion string

APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

metadata ListMeta

Refer to the Kubernetes API documentation for fields of metadata.

items Redpanda array

Specifies a list of Redpanda resources.

memory Quantity

Memory for the Redpanda process. This must be lower than the container’s memory (resources.memory.container.min if provided, otherwise resources.memory.container.max). Equivalent to --memory. For production, use 8Gi or greater.

reserveMemory Quantity

Memory reserved for the Seastar subsystem. Any value above 1Gi will provide diminishing performance benefits. Equivalent to --reserve-memory. For production, use 1Gi.

chartRef ChartRef

Defines chart details, including the version and repository.

clusterSpec RedpandaClusterSpec

Defines the Helm values to use to deploy the cluster.

migration Migration

Deprecated and Removed in v2.2.3-24.2.X. Downgrade to v2.2.2-24.2.4 perform the migration

observedGeneration integer

Specifies the last observed generation.

lastHandledReconcileAt string

LastHandledReconcileAt holds the value of the most recent
reconcile request value, so a change of the annotation value
can be detected.

conditions Condition array

Conditions holds the conditions for the Redpanda.

lastAppliedRevision string

LastAppliedRevision is the revision of the last successfully applied source.

lastAttemptedRevision string

LastAttemptedRevision is the revision of the last reconciliation attempt.

helmRelease string

helmReleaseReady boolean

helmRepository string

helmRepositoryReady boolean

upgradeFailures integer

failures integer

Failures is the reconciliation failure count against the latest desired
state. It is reset after a successful reconciliation.

installFailures integer

decommissioningNode integer

ManagedDecommissioningNode indicates that a node is currently being
decommissioned from the cluster and provides its ordinal number.

metadata MetadataTemplate

Refer to the Kubernetes API documentation for fields of metadata.

cpu CPU

Specifies the number of CPU cores.

memory Memory

Specifies the amount of memory.

enabled boolean

Enables SASL authentication. If you enable SASL authentication, you must provide a Secret name in secretRef.

mechanism string

Specifies the default authentication mechanism to use for superusers. Options are SCRAM-SHA-256 and SCRAM-SHA-512.

secretRef string

If users is empty, secretRef specifies the name of the Secret that contains your superuser credentials in the format <username>:<password>:<optional-authentication-mechanism>. Otherwise, secretRef specifies the name of the Secret that the chart creates to store the credentials in users.

users UsersItems array

Specifies a list of superuser credentials.

bootstrapUser BootstrapUser

Specifies configuration about the bootstrap user.

authenticationMethod string

Specifies the authentication method for the external listener. For example, 'mtls_identity' or sasl.

enabled boolean

Specifies whether the Schema Registry is enabled.

external object (keys:string, values:ExternalListener)

Defines settings for the external listener.

kafkaEndpoint string

Configures the listener to use for HTTP connections. For example default for the internal listener.

port integer

Specifies the container port number for the internal listener.

tls ListenerTLS

Configures TLS settings for the internal listener.

name string

Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

key string

Key in Secret data to get value from

name string

Specifies the name of the Secret resource.

key string

name string

configurationKey string

name string

internal ServiceInternal

annotations object (keys:string, values:string)

Adds custom annotations to the ServiceAccount resources.

create boolean

Specifies whether a ServiceAccount should be created.

name string

Specifies the name of the ServiceAccount.

annotations object (keys:string, values:string)

enabled boolean

Specifies whether to enable root access. Enable only in environments where root access is not allowed, such as minikube.

extraVolumeMounts string

Adds extra volume mounts.

resources ResourceRequirements

Specifies the resource requirements.

extraVolumeMounts string

resources ResourceRequirements

enabled boolean

resources ResourceRequirements

securityContext SecurityContext

configWatcher ConfigWatcher

Configures the config-watcher sidecar. The config-watcher sidecar polls the Secret resource in auth.sasl.secretRef for changes and triggers a rolling upgrade to add the new superusers to the Redpanda cluster.

rpkStatus SideCarObj

controllers RPControllers

failureThreshold integer

Determines the failure threshold to mark the application in the Pod as not started.

initialDelaySeconds integer

Specifies the delay in seconds before the startup probe begins.

periodSeconds integer

Sets the period in seconds for conducting subsequent probes.

timeoutSeconds integer

successThreshold integer

additionalSelectorLabels object (keys:string, values:string)

additionalRedpandaCmdFlags string array

Includes additional command flags for Redpanda at startup to customize its runtime behavior.

annotations object (keys:string, values:string)

Adds annotations to the StatefulSet to provide additional information or metadata.
Please use PodTemplate to add additional annotation or labels for Pods managed by Statefulset.

podTemplate PodTemplate

PodTemplate is a subset of Kubernetes' PodTemplate that will be merged
into this StatefulSet’s PodTemplate.

budget Budget

Defines the management of disruptions affecting the Pods in the StatefulSet.

extraVolumeMounts string

Specifies extra volume mounts for the Pods.

extraVolumes string

Defines additional volumes for the Pods.

initContainerImage InitContainerImage

Defines the init container image used to perform initial setup tasks before the main containers start.

initContainers InitContainers

Configures the init container used to perform initial setup tasks before the main containers start.

livenessProbe LivenessProbe

Defines liveness probes to monitor the health of the Pods and restart them if necessary.

nodeSelector object (keys:string, values:string)

Applies node selectors to schedule Pods on specific nodes based on labels.

podAffinity PodAffinity

Defines Pod affinity rules to influence the scheduling and placement of Pods relative to other Pods.

podAntiAffinity PodAntiAffinity

Defines Pod anti-affinity rules to prevent Pods from being scheduled together on the same node.

priorityClassName string

Defines the priority class name to assign priority levels to the Pods, influencing their scheduling order.

readinessProbe ReadinessProbe

Defines readiness probes to determine when a Pod is ready to handle traffic.