= //// THIS FILE IS AUTOGENERATED! To make changes please edit the contents of: https://github.com/redpanda-data/connect/tree/main/cmd/tools/docs_gen/templates/redpanda.adoc.tmpl //// // © 2024 Redpanda Data Inc. As well as the default xref:components:logger/about.adoc[logger], you can configure Benthos to send logs to a topic in a Redpanda cluster. The configuration for this server lives under the `redpanda` namespace, with the following default values: [tabs] ====== Common:: + -- ```yaml # Common config fields, showing default values redpanda: seed_brokers: [] # No default (required) pipeline_id: "" logs_topic: "" logs_level: info status_topic: "" ``` -- Advanced:: + -- ```yaml # All config fields, showing default values redpanda: seed_brokers: [] # No default (required) client_id: benthos tls: enabled: false skip_cert_verify: false enable_renegotiation: false root_cas: "" root_cas_file: "" client_certs: [] sasl: [] # No default (optional) metadata_max_age: 5m pipeline_id: "" logs_topic: "" logs_level: info status_topic: "" partitioner: "" # No default (optional) idempotent_write: true compression: "" # No default (optional) timeout: 10s max_message_bytes: 1MB broker_write_max_bytes: 100MB ``` -- ====== == Fields The schema of the `redpanda` section is as follows: === `seed_brokers` A list of broker addresses to connect to in order to establish connections. If an item of the list contains commas it will be expanded into multiple addresses. *Type*: `array` ```yml # Examples seed_brokers: - localhost:9092 seed_brokers: - foo:9092 - bar:9092 seed_brokers: - foo:9092,bar:9092 ``` === `client_id` An identifier for the client connection. *Type*: `string` *Default*: `"benthos"` === `tls` Custom TLS settings can be used to override system defaults. *Type*: `object` === `tls.enabled` Whether custom TLS settings are enabled. *Type*: `bool` *Default*: `false` === `tls.skip_cert_verify` Whether to skip server side certificate verification. *Type*: `bool` *Default*: `false` === `tls.enable_renegotiation` Whether to allow the remote server to repeatedly request renegotiation. Enable this option if you're seeing the error message `local error: tls: no renegotiation`. *Type*: `bool` *Default*: `false` Requires version 3.45.0 or newer === `tls.root_cas` An optional root certificate authority to use. This is a string, representing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. [CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== *Type*: `string` *Default*: `""` ```yml # Examples root_cas: |- -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- ``` === `tls.root_cas_file` An optional path of a root certificate authority file to use. This is a file, often with a .pem extension, containing a certificate chain from the parent trusted root certificate, to possible intermediate signing certificates, to the host certificate. *Type*: `string` *Default*: `""` ```yml # Examples root_cas_file: ./root_cas.pem ``` === `tls.client_certs` A list of client certificates to use. For each certificate either the fields `cert` and `key`, or `cert_file` and `key_file` should be specified, but not both. *Type*: `array` *Default*: `[]` ```yml # Examples client_certs: - cert: foo key: bar client_certs: - cert_file: ./example.pem key_file: ./example.key ``` === `tls.client_certs[].cert` A plain text certificate to use. *Type*: `string` *Default*: `""` === `tls.client_certs[].key` A plain text certificate key to use. [CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== *Type*: `string` *Default*: `""` === `tls.client_certs[].cert_file` The path of a certificate to use. *Type*: `string` *Default*: `""` === `tls.client_certs[].key_file` The path of a certificate key to use. *Type*: `string` *Default*: `""` === `tls.client_certs[].password` A plain text password for when the private key is password encrypted in PKCS#1 or PKCS#8 format. The obsolete `pbeWithMD5AndDES-CBC` algorithm is not supported for the PKCS#8 format. Because the obsolete pbeWithMD5AndDES-CBC algorithm does not authenticate the ciphertext, it is vulnerable to padding oracle attacks that can let an attacker recover the plaintext. [CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== *Type*: `string` *Default*: `""` ```yml # Examples password: foo password: ${KEY_PASSWORD} ``` === `sasl` Specify one or more methods of SASL authentication. SASL is tried in order; if the broker supports the first mechanism, all connections will use that mechanism. If the first mechanism fails, the client will pick the first supported mechanism. If the broker does not support any client mechanisms, connections will fail. *Type*: `array` ```yml # Examples sasl: - mechanism: SCRAM-SHA-512 password: bar username: foo ``` === `sasl[].mechanism` The SASL mechanism to use. *Type*: `string` |=== | Option | Summary | `AWS_MSK_IAM` | AWS IAM based authentication as specified by the 'aws-msk-iam-auth' java library. | `OAUTHBEARER` | OAuth Bearer based authentication. | `PLAIN` | Plain text authentication. | `SCRAM-SHA-256` | SCRAM based authentication as specified in RFC5802. | `SCRAM-SHA-512` | SCRAM based authentication as specified in RFC5802. | `none` | Disable sasl authentication |=== === `sasl[].username` A username to provide for PLAIN or SCRAM-* authentication. *Type*: `string` *Default*: `""` === `sasl[].password` A password to provide for PLAIN or SCRAM-* authentication. [CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== *Type*: `string` *Default*: `""` === `sasl[].token` The token to use for a single session's OAUTHBEARER authentication. *Type*: `string` *Default*: `""` === `sasl[].extensions` Key/value pairs to add to OAUTHBEARER authentication requests. *Type*: `object` === `sasl[].aws` Contains AWS specific fields for when the `mechanism` is set to `AWS_MSK_IAM`. *Type*: `object` === `sasl[].aws.region` The AWS region to target. *Type*: `string` *Default*: `""` === `sasl[].aws.endpoint` Allows you to specify a custom endpoint for the AWS API. *Type*: `string` *Default*: `""` === `sasl[].aws.credentials` Optional manual configuration of AWS credentials to use. More information can be found in xref:guides:cloud/aws.adoc[]. *Type*: `object` === `sasl[].aws.credentials.profile` A profile from `~/.aws/credentials` to use. *Type*: `string` *Default*: `""` === `sasl[].aws.credentials.id` The ID of credentials to use. *Type*: `string` *Default*: `""` === `sasl[].aws.credentials.secret` The secret for the credentials being used. [CAUTION] ==== This field contains sensitive information that usually shouldn't be added to a config directly, read our xref:configuration:secrets.adoc[secrets page for more info]. ==== *Type*: `string` *Default*: `""` === `sasl[].aws.credentials.token` The token for the credentials being used, required when using short term credentials. *Type*: `string` *Default*: `""` === `sasl[].aws.credentials.from_ec2_role` Use the credentials of a host EC2 machine configured to assume https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html[an IAM role associated with the instance^]. *Type*: `bool` *Default*: `false` Requires version 4.2.0 or newer === `sasl[].aws.credentials.role` A role ARN to assume. *Type*: `string` *Default*: `""` === `sasl[].aws.credentials.role_external_id` An external ID to provide when assuming a role. *Type*: `string` *Default*: `""` === `metadata_max_age` The maximum age of metadata before it is refreshed. *Type*: `string` *Default*: `"5m"` === `pipeline_id` An optional identifier for the pipeline, this will be present in logs and status updates sent to topics. *Type*: `string` *Default*: `""` === `logs_topic` A topic to send process logs to. *Type*: `string` *Default*: `""` ```yml # Examples logs_topic: __redpanda.connect.logs ``` === `logs_level` Sorry! This field is missing documentation. *Type*: `string` *Default*: `"info"` Options: `debug` , `info` , `warn` , `error` . === `status_topic` A topic to send status updates to. *Type*: `string` *Default*: `""` ```yml # Examples status_topic: __redpanda.connect.status ``` === `partitioner` Override the default murmur2 hashing partitioner. *Type*: `string` |=== | Option | Summary | `least_backup` | Chooses the least backed up partition (the partition with the fewest amount of buffered records). Partitions are selected per batch. | `manual` | Manually select a partition for each message, requires the field `partition` to be specified. | `murmur2_hash` | Kafka's default hash algorithm that uses a 32-bit murmur2 hash of the key to compute which partition the record will be on. | `round_robin` | Round-robin's messages through all available partitions. This algorithm has lower throughput and causes higher CPU load on brokers, but can be useful if you want to ensure an even distribution of records to partitions. |=== === `idempotent_write` Enable the idempotent write producer option. This requires the `IDEMPOTENT_WRITE` permission on `CLUSTER` and can be disabled if this permission is not available. *Type*: `bool` *Default*: `true` === `compression` Optionally set an explicit compression type. The default preference is to use snappy when the broker supports it, and fall back to none if not. *Type*: `string` Options: `lz4` , `snappy` , `gzip` , `none` , `zstd` . === `timeout` The maximum period of time to wait for message sends before abandoning the request and retrying *Type*: `string` *Default*: `"10s"` === `max_message_bytes` The maximum space in bytes than an individual message may take, messages larger than this value will be rejected. This field corresponds to Kafka's `max.message.bytes`. *Type*: `string` *Default*: `"1MB"` ```yml # Examples max_message_bytes: 100MB max_message_bytes: 50mib ``` === `broker_write_max_bytes` The upper bound for the number of bytes written to a broker connection in a single write. This field corresponds to Kafka's `socket.request.max.bytes`. *Type*: `string` *Default*: `"100MB"` ```yml # Examples broker_write_max_bytes: 128MB broker_write_max_bytes: 50mib ```