Google Git
Sign in
apache / kafka-site / 215ddd11d49cb5e17bb464ece33e01f2e81d1ec6 / . / 26 / generated / kafka_config.html
blob: cdc2a3497b3e849c6c82ea0a1c9ea7ff9856ff2e [file] [log] [blame]
<ul class="config-list">
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.connect"></a>
<a href="#zookeeper.connect">zookeeper.connect</a>
</h4>
<p>Specifies the ZooKeeper connection string in the form <code>hostname:port</code> where host and port are the host and port of a ZooKeeper server. To allow connecting through other ZooKeeper nodes when that ZooKeeper machine is down you can also specify multiple hosts in the form <code>hostname1:port1,hostname2:port2,hostname3:port3</code>.<br>The server can also have a ZooKeeper chroot path as part of its ZooKeeper connection string which puts its data under some path in the global ZooKeeper namespace. For example to give a chroot path of <code>/chroot/path</code> you would give the connection string as <code>hostname1:port1,hostname2:port2,hostname3:port3/chroot/path</code>.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td></td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="advertised.host.name"></a>
<a href="#advertised.host.name">advertised.host.name</a>
</h4>
<p>DEPRECATED: only used when <code>advertised.listeners</code> or <code>listeners</code> are not set. Use <code>advertised.listeners</code> instead. <br>Hostname to publish to ZooKeeper for clients to use. In IaaS environments, this may need to be different from the interface to which the broker binds. If this is not set, it will use the value for <code>host.name</code> if configured. Otherwise it will use the value returned from java.net.InetAddress.getCanonicalHostName().</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="advertised.listeners"></a>
<a href="#advertised.listeners">advertised.listeners</a>
</h4>
<p>Listeners to publish to ZooKeeper for clients to use, if different than the <code>listeners</code> config property. In IaaS environments, this may need to be different from the interface to which the broker binds. If this is not set, the value for <code>listeners</code> will be used. Unlike <code>listeners</code> it is not valid to advertise the 0.0.0.0 meta-address.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="advertised.port"></a>
<a href="#advertised.port">advertised.port</a>
</h4>
<p>DEPRECATED: only used when <code>advertised.listeners</code> or <code>listeners</code> are not set. Use <code>advertised.listeners</code> instead. <br>The port to publish to ZooKeeper for clients to use. In IaaS environments, this may need to be different from the port to which the broker binds. If this is not set, it will publish the same port that the broker binds to.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="auto.create.topics.enable"></a>
<a href="#auto.create.topics.enable">auto.create.topics.enable</a>
</h4>
<p>Enable auto creation of topic on the server</p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>true</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="auto.leader.rebalance.enable"></a>
<a href="#auto.leader.rebalance.enable">auto.leader.rebalance.enable</a>
</h4>
<p>Enables auto leader balancing. A background thread checks the distribution of partition leaders at regular intervals, configurable by `leader.imbalance.check.interval.seconds`. If the leader imbalance exceeds `leader.imbalance.per.broker.percentage`, leader rebalance to the preferred leader for partitions is triggered.</p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>true</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="background.threads"></a>
<a href="#background.threads">background.threads</a>
</h4>
<p>The number of threads to use for various background processing tasks</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>10</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="broker.id"></a>
<a href="#broker.id">broker.id</a>
</h4>
<p>The broker id for this server. If unset, a unique broker id will be generated.To avoid conflicts between zookeeper generated broker id's and user configured broker id's, generated broker ids start from reserved.broker.max.id + 1.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>-1</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="compression.type"></a>
<a href="#compression.type">compression.type</a>
</h4>
<p>Specify the final compression type for a given topic. This configuration accepts the standard compression codecs ('gzip', 'snappy', 'lz4', 'zstd'). It additionally accepts 'uncompressed' which is equivalent to no compression; and 'producer' which means retain the original compression codec set by the producer.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>producer</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="control.plane.listener.name"></a>
<a href="#control.plane.listener.name">control.plane.listener.name</a>
</h4>
<p>Name of listener used for communication between controller and brokers. Broker will use the control.plane.listener.name to locate the endpoint in listeners list, to listen for connections from the controller. For example, if a broker's config is :<br>listeners = INTERNAL://192.1.1.8:9092, EXTERNAL://10.1.1.5:9093, CONTROLLER://192.1.1.8:9094<br>listener.security.protocol.map = INTERNAL:PLAINTEXT, EXTERNAL:SSL, CONTROLLER:SSL<br>control.plane.listener.name = CONTROLLER<br>On startup, the broker will start listening on "192.1.1.8:9094" with security protocol "SSL".<br>On controller side, when it discovers a broker's published endpoints through zookeeper, it will use the control.plane.listener.name to find the endpoint, which it will use to establish connection to the broker.<br>For example, if the broker's published endpoints on zookeeper are :<br>"endpoints" : ["INTERNAL://broker1.example.com:9092","EXTERNAL://broker1.example.com:9093","CONTROLLER://broker1.example.com:9094"]<br> and the controller's config is :<br>listener.security.protocol.map = INTERNAL:PLAINTEXT, EXTERNAL:SSL, CONTROLLER:SSL<br>control.plane.listener.name = CONTROLLER<br>then controller will use "broker1.example.com:9094" with security protocol "SSL" to connect to the broker.<br>If not explicitly configured, the default value will be null and there will be no dedicated endpoints for controller connections.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="delete.topic.enable"></a>
<a href="#delete.topic.enable">delete.topic.enable</a>
</h4>
<p>Enables delete topic. Delete topic through the admin tool will have no effect if this config is turned off</p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>true</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="host.name"></a>
<a href="#host.name">host.name</a>
</h4>
<p>DEPRECATED: only used when <code>listeners</code> is not set. Use <code>listeners</code> instead. <br>hostname of broker. If this is set, it will only bind to this address. If this is not set, it will bind to all interfaces</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>""</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="leader.imbalance.check.interval.seconds"></a>
<a href="#leader.imbalance.check.interval.seconds">leader.imbalance.check.interval.seconds</a>
</h4>
<p>The frequency with which the partition rebalance check is triggered by the controller</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>300</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="leader.imbalance.per.broker.percentage"></a>
<a href="#leader.imbalance.per.broker.percentage">leader.imbalance.per.broker.percentage</a>
</h4>
<p>The ratio of leader imbalance allowed per broker. The controller would trigger a leader balance if it goes above this value per broker. The value is specified in percentage.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>10</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading"><a id="listeners" class="anchor-link"></a><a href="#listeners">listeners</a></h4>
<p>Listener List - Comma-separated list of URIs we will listen on and the listener names. If the listener name is not a security protocol, listener.security.protocol.map must also be set.<br> Specify hostname as 0.0.0.0 to bind to all interfaces.<br> Leave hostname empty to bind to default interface.<br> Examples of legal listener lists:<br> PLAINTEXT://myhost:9092,SSL://:9091<br> CLIENT://0.0.0.0:9092,REPLICATION://localhost:9093<br></p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.dir"></a>
<a href="#log.dir">log.dir</a>
</h4>
<p>The directory in which the log data is kept (supplemental for log.dirs property)</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>/tmp/kafka-logs</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.dirs"></a>
<a href="#log.dirs">log.dirs</a>
</h4>
<p>The directories in which the log data is kept. If not set, the value in log.dir is used</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.flush.interval.messages"></a>
<a href="#log.flush.interval.messages">log.flush.interval.messages</a>
</h4>
<p>The number of messages accumulated on a log partition before messages are flushed to disk </p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>9223372036854775807</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.flush.interval.ms"></a>
<a href="#log.flush.interval.ms">log.flush.interval.ms</a>
</h4>
<p>The maximum time in ms that a message in any topic is kept in memory before flushed to disk. If not set, the value in log.flush.scheduler.interval.ms is used</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.flush.offset.checkpoint.interval.ms"></a>
<a href="#log.flush.offset.checkpoint.interval.ms">log.flush.offset.checkpoint.interval.ms</a>
</h4>
<p>The frequency with which we update the persistent record of the last flush which acts as the log recovery point</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>60000 (1 minute)</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.flush.scheduler.interval.ms"></a>
<a href="#log.flush.scheduler.interval.ms">log.flush.scheduler.interval.ms</a>
</h4>
<p>The frequency in ms that the log flusher checks whether any log needs to be flushed to disk</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>9223372036854775807</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.flush.start.offset.checkpoint.interval.ms"></a>
<a href="#log.flush.start.offset.checkpoint.interval.ms">log.flush.start.offset.checkpoint.interval.ms</a>
</h4>
<p>The frequency with which we update the persistent record of log start offset</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>60000 (1 minute)</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.retention.bytes"></a>
<a href="#log.retention.bytes">log.retention.bytes</a>
</h4>
<p>The maximum size of the log before deleting it</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>-1</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.retention.hours"></a>
<a href="#log.retention.hours">log.retention.hours</a>
</h4>
<p>The number of hours to keep a log file before deleting it (in hours), tertiary to log.retention.ms property</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>168</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.retention.minutes"></a>
<a href="#log.retention.minutes">log.retention.minutes</a>
</h4>
<p>The number of minutes to keep a log file before deleting it (in minutes), secondary to log.retention.ms property. If not set, the value in log.retention.hours is used</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.retention.ms"></a>
<a href="#log.retention.ms">log.retention.ms</a>
</h4>
<p>The number of milliseconds to keep a log file before deleting it (in milliseconds), If not set, the value in log.retention.minutes is used. If set to -1, no time limit is applied.</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.roll.hours"></a>
<a href="#log.roll.hours">log.roll.hours</a>
</h4>
<p>The maximum time before a new log segment is rolled out (in hours), secondary to log.roll.ms property</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>168</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.roll.jitter.hours"></a>
<a href="#log.roll.jitter.hours">log.roll.jitter.hours</a>
</h4>
<p>The maximum jitter to subtract from logRollTimeMillis (in hours), secondary to log.roll.jitter.ms property</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>0</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.roll.jitter.ms"></a>
<a href="#log.roll.jitter.ms">log.roll.jitter.ms</a>
</h4>
<p>The maximum jitter to subtract from logRollTimeMillis (in milliseconds). If not set, the value in log.roll.jitter.hours is used</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.roll.ms"></a>
<a href="#log.roll.ms">log.roll.ms</a>
</h4>
<p>The maximum time before a new log segment is rolled out (in milliseconds). If not set, the value in log.roll.hours is used</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.segment.bytes"></a>
<a href="#log.segment.bytes">log.segment.bytes</a>
</h4>
<p>The maximum size of a single log file</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1073741824 (1 gibibyte)</td></tr>
<tr><th>Valid Values:</th><td>[14,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.segment.delete.delay.ms"></a>
<a href="#log.segment.delete.delay.ms">log.segment.delete.delay.ms</a>
</h4>
<p>The amount of time to wait before deleting a file from the filesystem</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>60000 (1 minute)</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="message.max.bytes"></a>
<a href="#message.max.bytes">message.max.bytes</a>
</h4>
<p>The largest record batch size allowed by Kafka (after compression if compression is enabled). If this is increased and there are consumers older than 0.10.2, the consumers' fetch size must also be increased so that they can fetch record batches this large. In the latest message format version, records are always grouped into batches for efficiency. In previous message format versions, uncompressed records are not grouped into batches and this limit only applies to a single record in that case.This can be set per topic with the topic level <code>max.message.bytes</code> config.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1048588</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="min.insync.replicas"></a>
<a href="#min.insync.replicas">min.insync.replicas</a>
</h4>
<p>When a producer sets acks to "all" (or "-1"), min.insync.replicas specifies the minimum number of replicas that must acknowledge a write for the write to be considered successful. If this minimum cannot be met, then the producer will raise an exception (either NotEnoughReplicas or NotEnoughReplicasAfterAppend).<br>When used together, min.insync.replicas and acks allow you to enforce greater durability guarantees. A typical scenario would be to create a topic with a replication factor of 3, set min.insync.replicas to 2, and produce with acks of "all". This will ensure that the producer raises an exception if a majority of replicas do not receive a write.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="num.io.threads"></a>
<a href="#num.io.threads">num.io.threads</a>
</h4>
<p>The number of threads that the server uses for processing requests, which may include disk I/O</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>8</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="num.network.threads"></a>
<a href="#num.network.threads">num.network.threads</a>
</h4>
<p>The number of threads that the server uses for receiving requests from the network and sending responses to the network</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>3</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="num.recovery.threads.per.data.dir"></a>
<a href="#num.recovery.threads.per.data.dir">num.recovery.threads.per.data.dir</a>
</h4>
<p>The number of threads per data directory to be used for log recovery at startup and flushing at shutdown</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="num.replica.alter.log.dirs.threads"></a>
<a href="#num.replica.alter.log.dirs.threads">num.replica.alter.log.dirs.threads</a>
</h4>
<p>The number of threads that can move replicas between log directories, which may include disk I/O</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="num.replica.fetchers"></a>
<a href="#num.replica.fetchers">num.replica.fetchers</a>
</h4>
<p>Number of fetcher threads used to replicate messages from a source broker. Increasing this value can increase the degree of I/O parallelism in the follower broker.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="offset.metadata.max.bytes"></a>
<a href="#offset.metadata.max.bytes">offset.metadata.max.bytes</a>
</h4>
<p>The maximum size for a metadata entry associated with an offset commit</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>4096 (4 kibibytes)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="offsets.commit.required.acks"></a>
<a href="#offsets.commit.required.acks">offsets.commit.required.acks</a>
</h4>
<p>The required acks before the commit can be accepted. In general, the default (-1) should not be overridden</p>
<table><tbody>
<tr><th>Type:</th><td>short</td></tr>
<tr><th>Default:</th><td>-1</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="offsets.commit.timeout.ms"></a>
<a href="#offsets.commit.timeout.ms">offsets.commit.timeout.ms</a>
</h4>
<p>Offset commit will be delayed until all replicas for the offsets topic receive the commit or this timeout is reached. This is similar to the producer request timeout.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>5000 (5 seconds)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="offsets.load.buffer.size"></a>
<a href="#offsets.load.buffer.size">offsets.load.buffer.size</a>
</h4>
<p>Batch size for reading from the offsets segments when loading offsets into the cache (soft-limit, overridden if records are too large).</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>5242880</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="offsets.retention.check.interval.ms"></a>
<a href="#offsets.retention.check.interval.ms">offsets.retention.check.interval.ms</a>
</h4>
<p>Frequency at which to check for stale offsets</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>600000 (10 minutes)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="offsets.retention.minutes"></a>
<a href="#offsets.retention.minutes">offsets.retention.minutes</a>
</h4>
<p>After a consumer group loses all its consumers (i.e. becomes empty) its offsets will be kept for this retention period before getting discarded. For standalone consumers (using manual assignment), offsets will be expired after the time of last commit plus this retention period.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>10080</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="offsets.topic.compression.codec"></a>
<a href="#offsets.topic.compression.codec">offsets.topic.compression.codec</a>
</h4>
<p>Compression codec for the offsets topic - compression may be used to achieve "atomic" commits</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>0</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="offsets.topic.num.partitions"></a>
<a href="#offsets.topic.num.partitions">offsets.topic.num.partitions</a>
</h4>
<p>The number of partitions for the offset commit topic (should not change after deployment)</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>50</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="offsets.topic.replication.factor"></a>
<a href="#offsets.topic.replication.factor">offsets.topic.replication.factor</a>
</h4>
<p>The replication factor for the offsets topic (set higher to ensure availability). Internal topic creation will fail until the cluster size meets this replication factor requirement.</p>
<table><tbody>
<tr><th>Type:</th><td>short</td></tr>
<tr><th>Default:</th><td>3</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="offsets.topic.segment.bytes"></a>
<a href="#offsets.topic.segment.bytes">offsets.topic.segment.bytes</a>
</h4>
<p>The offsets topic segment bytes should be kept relatively small in order to facilitate faster log compaction and cache loads</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>104857600 (100 mebibytes)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading"><a id="port" class="anchor-link"></a><a href="#port">port</a></h4>
<p>DEPRECATED: only used when <code>listeners</code> is not set. Use <code>listeners</code> instead. <br>the port to listen and accept connections on</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>9092</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="queued.max.requests"></a>
<a href="#queued.max.requests">queued.max.requests</a>
</h4>
<p>The number of queued requests allowed for data-plane, before blocking the network threads</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>500</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="quota.consumer.default"></a>
<a href="#quota.consumer.default">quota.consumer.default</a>
</h4>
<p>DEPRECATED: Used only when dynamic default quotas are not configured for <user, <client-id> or <user, client-id> in Zookeeper. Any consumer distinguished by clientId/consumer group will get throttled if it fetches more bytes than this value per-second</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>9223372036854775807</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="quota.producer.default"></a>
<a href="#quota.producer.default">quota.producer.default</a>
</h4>
<p>DEPRECATED: Used only when dynamic default quotas are not configured for <user>, <client-id> or <user, client-id> in Zookeeper. Any producer distinguished by clientId will get throttled if it produces more bytes than this value per-second</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>9223372036854775807</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="replica.fetch.min.bytes"></a>
<a href="#replica.fetch.min.bytes">replica.fetch.min.bytes</a>
</h4>
<p>Minimum bytes expected for each fetch response. If not enough bytes, wait up to replicaMaxWaitTimeMs</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="replica.fetch.wait.max.ms"></a>
<a href="#replica.fetch.wait.max.ms">replica.fetch.wait.max.ms</a>
</h4>
<p>max wait time for each fetcher request issued by follower replicas. This value should always be less than the replica.lag.time.max.ms at all times to prevent frequent shrinking of ISR for low throughput topics</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>500</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="replica.high.watermark.checkpoint.interval.ms"></a>
<a href="#replica.high.watermark.checkpoint.interval.ms">replica.high.watermark.checkpoint.interval.ms</a>
</h4>
<p>The frequency with which the high watermark is saved out to disk</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>5000 (5 seconds)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="replica.lag.time.max.ms"></a>
<a href="#replica.lag.time.max.ms">replica.lag.time.max.ms</a>
</h4>
<p>If a follower hasn't sent any fetch requests or hasn't consumed up to the leaders log end offset for at least this time, the leader will remove the follower from isr</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>30000 (30 seconds)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="replica.socket.receive.buffer.bytes"></a>
<a href="#replica.socket.receive.buffer.bytes">replica.socket.receive.buffer.bytes</a>
</h4>
<p>The socket receive buffer for network requests</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>65536 (64 kibibytes)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="replica.socket.timeout.ms"></a>
<a href="#replica.socket.timeout.ms">replica.socket.timeout.ms</a>
</h4>
<p>The socket timeout for network requests. Its value should be at least replica.fetch.wait.max.ms</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>30000 (30 seconds)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="request.timeout.ms"></a>
<a href="#request.timeout.ms">request.timeout.ms</a>
</h4>
<p>The configuration controls the maximum amount of time the client will wait for the response of a request. If the response is not received before the timeout elapses the client will resend the request if necessary or fail the request if retries are exhausted.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>30000 (30 seconds)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="socket.receive.buffer.bytes"></a>
<a href="#socket.receive.buffer.bytes">socket.receive.buffer.bytes</a>
</h4>
<p>The SO_RCVBUF buffer of the socket server sockets. If the value is -1, the OS default will be used.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>102400 (100 kibibytes)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="socket.request.max.bytes"></a>
<a href="#socket.request.max.bytes">socket.request.max.bytes</a>
</h4>
<p>The maximum number of bytes in a socket request</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>104857600 (100 mebibytes)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="socket.send.buffer.bytes"></a>
<a href="#socket.send.buffer.bytes">socket.send.buffer.bytes</a>
</h4>
<p>The SO_SNDBUF buffer of the socket server sockets. If the value is -1, the OS default will be used.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>102400 (100 kibibytes)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="transaction.max.timeout.ms"></a>
<a href="#transaction.max.timeout.ms">transaction.max.timeout.ms</a>
</h4>
<p>The maximum allowed timeout for transactions. If a client’s requested transaction time exceed this, then the broker will return an error in InitProducerIdRequest. This prevents a client from too large of a timeout, which can stall consumers reading from topics included in the transaction.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>900000 (15 minutes)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="transaction.state.log.load.buffer.size"></a>
<a href="#transaction.state.log.load.buffer.size">transaction.state.log.load.buffer.size</a>
</h4>
<p>Batch size for reading from the transaction log segments when loading producer ids and transactions into the cache (soft-limit, overridden if records are too large).</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>5242880</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="transaction.state.log.min.isr"></a>
<a href="#transaction.state.log.min.isr">transaction.state.log.min.isr</a>
</h4>
<p>Overridden min.insync.replicas config for the transaction topic.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>2</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="transaction.state.log.num.partitions"></a>
<a href="#transaction.state.log.num.partitions">transaction.state.log.num.partitions</a>
</h4>
<p>The number of partitions for the transaction topic (should not change after deployment).</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>50</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="transaction.state.log.replication.factor"></a>
<a href="#transaction.state.log.replication.factor">transaction.state.log.replication.factor</a>
</h4>
<p>The replication factor for the transaction topic (set higher to ensure availability). Internal topic creation will fail until the cluster size meets this replication factor requirement.</p>
<table><tbody>
<tr><th>Type:</th><td>short</td></tr>
<tr><th>Default:</th><td>3</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="transaction.state.log.segment.bytes"></a>
<a href="#transaction.state.log.segment.bytes">transaction.state.log.segment.bytes</a>
</h4>
<p>The transaction topic segment bytes should be kept relatively small in order to facilitate faster log compaction and cache loads</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>104857600 (100 mebibytes)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="transactional.id.expiration.ms"></a>
<a href="#transactional.id.expiration.ms">transactional.id.expiration.ms</a>
</h4>
<p>The time in ms that the transaction coordinator will wait without receiving any transaction status updates for the current transaction before expiring its transactional id. This setting also influences producer id expiration - producer ids are expired once this time has elapsed after the last write with the given producer id. Note that producer ids may expire sooner if the last write from the producer id is deleted due to the topic's retention settings.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>604800000 (7 days)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="unclean.leader.election.enable"></a>
<a href="#unclean.leader.election.enable">unclean.leader.election.enable</a>
</h4>
<p>Indicates whether to enable replicas not in the ISR set to be elected as leader as a last resort, even though doing so may result in data loss</p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>false</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.connection.timeout.ms"></a>
<a href="#zookeeper.connection.timeout.ms">zookeeper.connection.timeout.ms</a>
</h4>
<p>The max time that the client waits to establish a connection to zookeeper. If not set, the value in zookeeper.session.timeout.ms is used</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.max.in.flight.requests"></a>
<a href="#zookeeper.max.in.flight.requests">zookeeper.max.in.flight.requests</a>
</h4>
<p>The maximum number of unacknowledged requests the client will send to Zookeeper before blocking.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>10</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.session.timeout.ms"></a>
<a href="#zookeeper.session.timeout.ms">zookeeper.session.timeout.ms</a>
</h4>
<p>Zookeeper session timeout</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>18000 (18 seconds)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.set.acl"></a>
<a href="#zookeeper.set.acl">zookeeper.set.acl</a>
</h4>
<p>Set client to use secure ACLs</p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>false</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>high</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="broker.id.generation.enable"></a>
<a href="#broker.id.generation.enable">broker.id.generation.enable</a>
</h4>
<p>Enable automatic broker id generation on the server. When enabled the value configured for reserved.broker.max.id should be reviewed.</p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>true</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="broker.rack"></a>
<a href="#broker.rack">broker.rack</a>
</h4>
<p>Rack of the broker. This will be used in rack aware replication assignment for fault tolerance. Examples: `RACK1`, `us-east-1d`</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="connections.max.idle.ms"></a>
<a href="#connections.max.idle.ms">connections.max.idle.ms</a>
</h4>
<p>Idle connections timeout: the server socket processor threads close the connections that idle more than this</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>600000 (10 minutes)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="connections.max.reauth.ms"></a>
<a href="#connections.max.reauth.ms">connections.max.reauth.ms</a>
</h4>
<p>When explicitly set to a positive number (the default is 0, not a positive number), a session lifetime that will not exceed the configured value will be communicated to v2.2.0 or later clients when they authenticate. The broker will disconnect any such connection that is not re-authenticated within the session lifetime and that is then subsequently used for any purpose other than re-authentication. Configuration names can optionally be prefixed with listener prefix and SASL mechanism name in lower-case. For example, listener.name.sasl_ssl.oauthbearer.connections.max.reauth.ms=3600000</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>0</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="controlled.shutdown.enable"></a>
<a href="#controlled.shutdown.enable">controlled.shutdown.enable</a>
</h4>
<p>Enable controlled shutdown of the server</p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>true</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="controlled.shutdown.max.retries"></a>
<a href="#controlled.shutdown.max.retries">controlled.shutdown.max.retries</a>
</h4>
<p>Controlled shutdown can fail for multiple reasons. This determines the number of retries when such failure happens</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>3</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="controlled.shutdown.retry.backoff.ms"></a>
<a href="#controlled.shutdown.retry.backoff.ms">controlled.shutdown.retry.backoff.ms</a>
</h4>
<p>Before each retry, the system needs time to recover from the state that caused the previous failure (Controller fail over, replica lag etc). This config determines the amount of time to wait before retrying.</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>5000 (5 seconds)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="controller.socket.timeout.ms"></a>
<a href="#controller.socket.timeout.ms">controller.socket.timeout.ms</a>
</h4>
<p>The socket timeout for controller-to-broker channels</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>30000 (30 seconds)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="default.replication.factor"></a>
<a href="#default.replication.factor">default.replication.factor</a>
</h4>
<p>default replication factors for automatically created topics</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="delegation.token.expiry.time.ms"></a>
<a href="#delegation.token.expiry.time.ms">delegation.token.expiry.time.ms</a>
</h4>
<p>The token validity time in miliseconds before the token needs to be renewed. Default value 1 day.</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>86400000 (1 day)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="delegation.token.master.key"></a>
<a href="#delegation.token.master.key">delegation.token.master.key</a>
</h4>
<p>Master/secret key to generate and verify delegation tokens. Same key must be configured across all the brokers. If the key is not set or set to empty string, brokers will disable the delegation token support.</p>
<table><tbody>
<tr><th>Type:</th><td>password</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="delegation.token.max.lifetime.ms"></a>
<a href="#delegation.token.max.lifetime.ms">delegation.token.max.lifetime.ms</a>
</h4>
<p>The token has a maximum lifetime beyond which it cannot be renewed anymore. Default value 7 days.</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>604800000 (7 days)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="delete.records.purgatory.purge.interval.requests"></a>
<a href="#delete.records.purgatory.purge.interval.requests">delete.records.purgatory.purge.interval.requests</a>
</h4>
<p>The purge interval (in number of requests) of the delete records request purgatory</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="fetch.max.bytes"></a>
<a href="#fetch.max.bytes">fetch.max.bytes</a>
</h4>
<p>The maximum number of bytes we will return for a fetch request. Must be at least 1024.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>57671680 (55 mebibytes)</td></tr>
<tr><th>Valid Values:</th><td>[1024,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="fetch.purgatory.purge.interval.requests"></a>
<a href="#fetch.purgatory.purge.interval.requests">fetch.purgatory.purge.interval.requests</a>
</h4>
<p>The purge interval (in number of requests) of the fetch request purgatory</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1000</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="group.initial.rebalance.delay.ms"></a>
<a href="#group.initial.rebalance.delay.ms">group.initial.rebalance.delay.ms</a>
</h4>
<p>The amount of time the group coordinator will wait for more consumers to join a new group before performing the first rebalance. A longer delay means potentially fewer rebalances, but increases the time until processing begins.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>3000 (3 seconds)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="group.max.session.timeout.ms"></a>
<a href="#group.max.session.timeout.ms">group.max.session.timeout.ms</a>
</h4>
<p>The maximum allowed session timeout for registered consumers. Longer timeouts give consumers more time to process messages in between heartbeats at the cost of a longer time to detect failures.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1800000 (30 minutes)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="group.max.size"></a>
<a href="#group.max.size">group.max.size</a>
</h4>
<p>The maximum number of consumers that a single consumer group can accommodate.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>2147483647</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="group.min.session.timeout.ms"></a>
<a href="#group.min.session.timeout.ms">group.min.session.timeout.ms</a>
</h4>
<p>The minimum allowed session timeout for registered consumers. Shorter timeouts result in quicker failure detection at the cost of more frequent consumer heartbeating, which can overwhelm broker resources.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>6000 (6 seconds)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="inter.broker.listener.name"></a>
<a href="#inter.broker.listener.name">inter.broker.listener.name</a>
</h4>
<p>Name of listener used for communication between brokers. If this is unset, the listener name is defined by security.inter.broker.protocol. It is an error to set this and security.inter.broker.protocol properties at the same time.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="inter.broker.protocol.version"></a>
<a href="#inter.broker.protocol.version">inter.broker.protocol.version</a>
</h4>
<p>Specify which version of the inter-broker protocol will be used.<br> This is typically bumped after all brokers were upgraded to a new version.<br> Example of some valid values are: 0.8.0, 0.8.1, 0.8.1.1, 0.8.2, 0.8.2.0, 0.8.2.1, 0.9.0.0, 0.9.0.1 Check ApiVersion for the full list.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>2.6-IV0</td></tr>
<tr><th>Valid Values:</th><td>[0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.10.0-IV0, 0.10.0-IV1, 0.10.1-IV0, 0.10.1-IV1, 0.10.1-IV2, 0.10.2-IV0, 0.11.0-IV0, 0.11.0-IV1, 0.11.0-IV2, 1.0-IV0, 1.1-IV0, 2.0-IV0, 2.0-IV1, 2.1-IV0, 2.1-IV1, 2.1-IV2, 2.2-IV0, 2.2-IV1, 2.3-IV0, 2.3-IV1, 2.4-IV0, 2.4-IV1, 2.5-IV0, 2.6-IV0]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.cleaner.backoff.ms"></a>
<a href="#log.cleaner.backoff.ms">log.cleaner.backoff.ms</a>
</h4>
<p>The amount of time to sleep when there are no logs to clean</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>15000 (15 seconds)</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.cleaner.dedupe.buffer.size"></a>
<a href="#log.cleaner.dedupe.buffer.size">log.cleaner.dedupe.buffer.size</a>
</h4>
<p>The total memory used for log deduplication across all cleaner threads</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>134217728</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.cleaner.delete.retention.ms"></a>
<a href="#log.cleaner.delete.retention.ms">log.cleaner.delete.retention.ms</a>
</h4>
<p>How long are delete records retained?</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>86400000 (1 day)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.cleaner.enable"></a>
<a href="#log.cleaner.enable">log.cleaner.enable</a>
</h4>
<p>Enable the log cleaner process to run on the server. Should be enabled if using any topics with a cleanup.policy=compact including the internal offsets topic. If disabled those topics will not be compacted and continually grow in size.</p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>true</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.cleaner.io.buffer.load.factor"></a>
<a href="#log.cleaner.io.buffer.load.factor">log.cleaner.io.buffer.load.factor</a>
</h4>
<p>Log cleaner dedupe buffer load factor. The percentage full the dedupe buffer can become. A higher value will allow more log to be cleaned at once but will lead to more hash collisions</p>
<table><tbody>
<tr><th>Type:</th><td>double</td></tr>
<tr><th>Default:</th><td>0.9</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.cleaner.io.buffer.size"></a>
<a href="#log.cleaner.io.buffer.size">log.cleaner.io.buffer.size</a>
</h4>
<p>The total memory used for log cleaner I/O buffers across all cleaner threads</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>524288</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.cleaner.io.max.bytes.per.second"></a>
<a href="#log.cleaner.io.max.bytes.per.second">log.cleaner.io.max.bytes.per.second</a>
</h4>
<p>The log cleaner will be throttled so that the sum of its read and write i/o will be less than this value on average</p>
<table><tbody>
<tr><th>Type:</th><td>double</td></tr>
<tr><th>Default:</th><td>1.7976931348623157E308</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.cleaner.max.compaction.lag.ms"></a>
<a href="#log.cleaner.max.compaction.lag.ms">log.cleaner.max.compaction.lag.ms</a>
</h4>
<p>The maximum time a message will remain ineligible for compaction in the log. Only applicable for logs that are being compacted.</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>9223372036854775807</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.cleaner.min.cleanable.ratio"></a>
<a href="#log.cleaner.min.cleanable.ratio">log.cleaner.min.cleanable.ratio</a>
</h4>
<p>The minimum ratio of dirty log to total log for a log to eligible for cleaning. If the log.cleaner.max.compaction.lag.ms or the log.cleaner.min.compaction.lag.ms configurations are also specified, then the log compactor considers the log eligible for compaction as soon as either: (i) the dirty ratio threshold has been met and the log has had dirty (uncompacted) records for at least the log.cleaner.min.compaction.lag.ms duration, or (ii) if the log has had dirty (uncompacted) records for at most the log.cleaner.max.compaction.lag.ms period.</p>
<table><tbody>
<tr><th>Type:</th><td>double</td></tr>
<tr><th>Default:</th><td>0.5</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.cleaner.min.compaction.lag.ms"></a>
<a href="#log.cleaner.min.compaction.lag.ms">log.cleaner.min.compaction.lag.ms</a>
</h4>
<p>The minimum time a message will remain uncompacted in the log. Only applicable for logs that are being compacted.</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>0</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.cleaner.threads"></a>
<a href="#log.cleaner.threads">log.cleaner.threads</a>
</h4>
<p>The number of background threads to use for log cleaning</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.cleanup.policy"></a>
<a href="#log.cleanup.policy">log.cleanup.policy</a>
</h4>
<p>The default cleanup policy for segments beyond the retention window. A comma separated list of valid policies. Valid policies are: "delete" and "compact"</p>
<table><tbody>
<tr><th>Type:</th><td>list</td></tr>
<tr><th>Default:</th><td>delete</td></tr>
<tr><th>Valid Values:</th><td>[compact, delete]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.index.interval.bytes"></a>
<a href="#log.index.interval.bytes">log.index.interval.bytes</a>
</h4>
<p>The interval with which we add an entry to the offset index</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>4096 (4 kibibytes)</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.index.size.max.bytes"></a>
<a href="#log.index.size.max.bytes">log.index.size.max.bytes</a>
</h4>
<p>The maximum size in bytes of the offset index</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>10485760 (10 mebibytes)</td></tr>
<tr><th>Valid Values:</th><td>[4,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.message.format.version"></a>
<a href="#log.message.format.version">log.message.format.version</a>
</h4>
<p>Specify the message format version the broker will use to append messages to the logs. The value should be a valid ApiVersion. Some examples are: 0.8.2, 0.9.0.0, 0.10.0, check ApiVersion for more details. By setting a particular message format version, the user is certifying that all the existing messages on disk are smaller or equal than the specified version. Setting this value incorrectly will cause consumers with older versions to break as they will receive messages with a format that they don't understand.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>2.6-IV0</td></tr>
<tr><th>Valid Values:</th><td>[0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.10.0-IV0, 0.10.0-IV1, 0.10.1-IV0, 0.10.1-IV1, 0.10.1-IV2, 0.10.2-IV0, 0.11.0-IV0, 0.11.0-IV1, 0.11.0-IV2, 1.0-IV0, 1.1-IV0, 2.0-IV0, 2.0-IV1, 2.1-IV0, 2.1-IV1, 2.1-IV2, 2.2-IV0, 2.2-IV1, 2.3-IV0, 2.3-IV1, 2.4-IV0, 2.4-IV1, 2.5-IV0, 2.6-IV0]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.message.timestamp.difference.max.ms"></a>
<a href="#log.message.timestamp.difference.max.ms">log.message.timestamp.difference.max.ms</a>
</h4>
<p>The maximum difference allowed between the timestamp when a broker receives a message and the timestamp specified in the message. If log.message.timestamp.type=CreateTime, a message will be rejected if the difference in timestamp exceeds this threshold. This configuration is ignored if log.message.timestamp.type=LogAppendTime.The maximum timestamp difference allowed should be no greater than log.retention.ms to avoid unnecessarily frequent log rolling.</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>9223372036854775807</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.message.timestamp.type"></a>
<a href="#log.message.timestamp.type">log.message.timestamp.type</a>
</h4>
<p>Define whether the timestamp in the message is message create time or log append time. The value should be either `CreateTime` or `LogAppendTime`</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>CreateTime</td></tr>
<tr><th>Valid Values:</th><td>[CreateTime, LogAppendTime]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.preallocate"></a>
<a href="#log.preallocate">log.preallocate</a>
</h4>
<p>Should pre allocate file when create new segment? If you are using Kafka on Windows, you probably need to set it to true.</p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>false</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.retention.check.interval.ms"></a>
<a href="#log.retention.check.interval.ms">log.retention.check.interval.ms</a>
</h4>
<p>The frequency in milliseconds that the log cleaner checks whether any log is eligible for deletion</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>300000 (5 minutes)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="max.connections"></a>
<a href="#max.connections">max.connections</a>
</h4>
<p>The maximum number of connections we allow in the broker at any time. This limit is applied in addition to any per-ip limits configured using max.connections.per.ip. Listener-level limits may also be configured by prefixing the config name with the listener prefix, for example, <code>listener.name.internal.max.connections</code>. Broker-wide limit should be configured based on broker capacity while listener limits should be configured based on application requirements. New connections are blocked if either the listener or broker limit is reached. Connections on the inter-broker listener are permitted even if broker-wide limit is reached. The least recently used connection on another listener will be closed in this case.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>2147483647</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="max.connections.per.ip"></a>
<a href="#max.connections.per.ip">max.connections.per.ip</a>
</h4>
<p>The maximum number of connections we allow from each ip address. This can be set to 0 if there are overrides configured using max.connections.per.ip.overrides property. New connections from the ip address are dropped if the limit is reached.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>2147483647</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="max.connections.per.ip.overrides"></a>
<a href="#max.connections.per.ip.overrides">max.connections.per.ip.overrides</a>
</h4>
<p>A comma-separated list of per-ip or hostname overrides to the default maximum number of connections. An example value is "hostName:100,127.0.0.1:200"</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>""</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="max.incremental.fetch.session.cache.slots"></a>
<a href="#max.incremental.fetch.session.cache.slots">max.incremental.fetch.session.cache.slots</a>
</h4>
<p>The maximum number of incremental fetch sessions that we will maintain.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1000</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="num.partitions"></a>
<a href="#num.partitions">num.partitions</a>
</h4>
<p>The default number of log partitions per topic</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="password.encoder.old.secret"></a>
<a href="#password.encoder.old.secret">password.encoder.old.secret</a>
</h4>
<p>The old secret that was used for encoding dynamically configured passwords. This is required only when the secret is updated. If specified, all dynamically encoded passwords are decoded using this old secret and re-encoded using password.encoder.secret when broker starts up.</p>
<table><tbody>
<tr><th>Type:</th><td>password</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="password.encoder.secret"></a>
<a href="#password.encoder.secret">password.encoder.secret</a>
</h4>
<p>The secret used for encoding dynamically configured passwords for this broker.</p>
<table><tbody>
<tr><th>Type:</th><td>password</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="principal.builder.class"></a>
<a href="#principal.builder.class">principal.builder.class</a>
</h4>
<p>The fully qualified name of a class that implements the KafkaPrincipalBuilder interface, which is used to build the KafkaPrincipal object used during authorization. This config also supports the deprecated PrincipalBuilder interface which was previously used for client authentication over SSL. If no principal builder is defined, the default behavior depends on the security protocol in use. For SSL authentication, the principal will be derived using the rules defined by <code>ssl.principal.mapping.rules</code> applied on the distinguished name from the client certificate if one is provided; otherwise, if client authentication is not required, the principal name will be ANONYMOUS. For SASL authentication, the principal will be derived using the rules defined by <code>sasl.kerberos.principal.to.local.rules</code> if GSSAPI is in use, and the SASL authentication ID for other mechanisms. For PLAINTEXT, the principal will be ANONYMOUS.</p>
<table><tbody>
<tr><th>Type:</th><td>class</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="producer.purgatory.purge.interval.requests"></a>
<a href="#producer.purgatory.purge.interval.requests">producer.purgatory.purge.interval.requests</a>
</h4>
<p>The purge interval (in number of requests) of the producer request purgatory</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1000</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="queued.max.request.bytes"></a>
<a href="#queued.max.request.bytes">queued.max.request.bytes</a>
</h4>
<p>The number of queued bytes allowed before no more requests are read</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>-1</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="replica.fetch.backoff.ms"></a>
<a href="#replica.fetch.backoff.ms">replica.fetch.backoff.ms</a>
</h4>
<p>The amount of time to sleep when fetch partition error occurs.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1000 (1 second)</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="replica.fetch.max.bytes"></a>
<a href="#replica.fetch.max.bytes">replica.fetch.max.bytes</a>
</h4>
<p>The number of bytes of messages to attempt to fetch for each partition. This is not an absolute maximum, if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. The maximum record batch size accepted by the broker is defined via <code>message.max.bytes</code> (broker config) or <code>max.message.bytes</code> (topic config).</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1048576 (1 mebibyte)</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="replica.fetch.response.max.bytes"></a>
<a href="#replica.fetch.response.max.bytes">replica.fetch.response.max.bytes</a>
</h4>
<p>Maximum bytes expected for the entire fetch response. Records are fetched in batches, and if the first record batch in the first non-empty partition of the fetch is larger than this value, the record batch will still be returned to ensure that progress can be made. As such, this is not an absolute maximum. The maximum record batch size accepted by the broker is defined via <code>message.max.bytes</code> (broker config) or <code>max.message.bytes</code> (topic config).</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>10485760 (10 mebibytes)</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="replica.selector.class"></a>
<a href="#replica.selector.class">replica.selector.class</a>
</h4>
<p>The fully qualified class name that implements ReplicaSelector. This is used by the broker to find the preferred read replica. By default, we use an implementation that returns the leader.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="reserved.broker.max.id"></a>
<a href="#reserved.broker.max.id">reserved.broker.max.id</a>
</h4>
<p>Max number that can be used for a broker.id</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1000</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.client.callback.handler.class"></a>
<a href="#sasl.client.callback.handler.class">sasl.client.callback.handler.class</a>
</h4>
<p>The fully qualified name of a SASL client callback handler class that implements the AuthenticateCallbackHandler interface.</p>
<table><tbody>
<tr><th>Type:</th><td>class</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.enabled.mechanisms"></a>
<a href="#sasl.enabled.mechanisms">sasl.enabled.mechanisms</a>
</h4>
<p>The list of SASL mechanisms enabled in the Kafka server. The list may contain any mechanism for which a security provider is available. Only GSSAPI is enabled by default.</p>
<table><tbody>
<tr><th>Type:</th><td>list</td></tr>
<tr><th>Default:</th><td>GSSAPI</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.jaas.config"></a>
<a href="#sasl.jaas.config">sasl.jaas.config</a>
</h4>
<p>JAAS login context parameters for SASL connections in the format used by JAAS configuration files. JAAS configuration file format is described <a href="http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/LoginConfigFile.html">here</a>. The format for the value is: '<code>loginModuleClass controlFlag (optionName=optionValue)*;</code>'. For brokers, the config must be prefixed with listener prefix and SASL mechanism name in lower-case. For example, listener.name.sasl_ssl.scram-sha-256.sasl.jaas.config=com.example.ScramLoginModule required;</p>
<table><tbody>
<tr><th>Type:</th><td>password</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.kerberos.kinit.cmd"></a>
<a href="#sasl.kerberos.kinit.cmd">sasl.kerberos.kinit.cmd</a>
</h4>
<p>Kerberos kinit command path.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>/usr/bin/kinit</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.kerberos.min.time.before.relogin"></a>
<a href="#sasl.kerberos.min.time.before.relogin">sasl.kerberos.min.time.before.relogin</a>
</h4>
<p>Login thread sleep time between refresh attempts.</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>60000</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.kerberos.principal.to.local.rules"></a>
<a href="#sasl.kerberos.principal.to.local.rules">sasl.kerberos.principal.to.local.rules</a>
</h4>
<p>A list of rules for mapping from principal names to short names (typically operating system usernames). The rules are evaluated in order and the first rule that matches a principal name is used to map it to a short name. Any later rules in the list are ignored. By default, principal names of the form {username}/{hostname}@{REALM} are mapped to {username}. For more details on the format please see <a href="#security_authz"> security authorization and acls</a>. Note that this configuration is ignored if an extension of KafkaPrincipalBuilder is provided by the <code>principal.builder.class</code> configuration.</p>
<table><tbody>
<tr><th>Type:</th><td>list</td></tr>
<tr><th>Default:</th><td>DEFAULT</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.kerberos.service.name"></a>
<a href="#sasl.kerberos.service.name">sasl.kerberos.service.name</a>
</h4>
<p>The Kerberos principal name that Kafka runs as. This can be defined either in Kafka's JAAS config or in Kafka's config.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.kerberos.ticket.renew.jitter"></a>
<a href="#sasl.kerberos.ticket.renew.jitter">sasl.kerberos.ticket.renew.jitter</a>
</h4>
<p>Percentage of random jitter added to the renewal time.</p>
<table><tbody>
<tr><th>Type:</th><td>double</td></tr>
<tr><th>Default:</th><td>0.05</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.kerberos.ticket.renew.window.factor"></a>
<a href="#sasl.kerberos.ticket.renew.window.factor">sasl.kerberos.ticket.renew.window.factor</a>
</h4>
<p>Login thread will sleep until the specified window factor of time from last refresh to ticket's expiry has been reached, at which time it will try to renew the ticket.</p>
<table><tbody>
<tr><th>Type:</th><td>double</td></tr>
<tr><th>Default:</th><td>0.8</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.login.callback.handler.class"></a>
<a href="#sasl.login.callback.handler.class">sasl.login.callback.handler.class</a>
</h4>
<p>The fully qualified name of a SASL login callback handler class that implements the AuthenticateCallbackHandler interface. For brokers, login callback handler config must be prefixed with listener prefix and SASL mechanism name in lower-case. For example, listener.name.sasl_ssl.scram-sha-256.sasl.login.callback.handler.class=com.example.CustomScramLoginCallbackHandler</p>
<table><tbody>
<tr><th>Type:</th><td>class</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.login.class"></a>
<a href="#sasl.login.class">sasl.login.class</a>
</h4>
<p>The fully qualified name of a class that implements the Login interface. For brokers, login config must be prefixed with listener prefix and SASL mechanism name in lower-case. For example, listener.name.sasl_ssl.scram-sha-256.sasl.login.class=com.example.CustomScramLogin</p>
<table><tbody>
<tr><th>Type:</th><td>class</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.login.refresh.buffer.seconds"></a>
<a href="#sasl.login.refresh.buffer.seconds">sasl.login.refresh.buffer.seconds</a>
</h4>
<p>The amount of buffer time before credential expiration to maintain when refreshing a credential, in seconds. If a refresh would otherwise occur closer to expiration than the number of buffer seconds then the refresh will be moved up to maintain as much of the buffer time as possible. Legal values are between 0 and 3600 (1 hour); a default value of 300 (5 minutes) is used if no value is specified. This value and sasl.login.refresh.min.period.seconds are both ignored if their sum exceeds the remaining lifetime of a credential. Currently applies only to OAUTHBEARER.</p>
<table><tbody>
<tr><th>Type:</th><td>short</td></tr>
<tr><th>Default:</th><td>300</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.login.refresh.min.period.seconds"></a>
<a href="#sasl.login.refresh.min.period.seconds">sasl.login.refresh.min.period.seconds</a>
</h4>
<p>The desired minimum time for the login refresh thread to wait before refreshing a credential, in seconds. Legal values are between 0 and 900 (15 minutes); a default value of 60 (1 minute) is used if no value is specified. This value and sasl.login.refresh.buffer.seconds are both ignored if their sum exceeds the remaining lifetime of a credential. Currently applies only to OAUTHBEARER.</p>
<table><tbody>
<tr><th>Type:</th><td>short</td></tr>
<tr><th>Default:</th><td>60</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.login.refresh.window.factor"></a>
<a href="#sasl.login.refresh.window.factor">sasl.login.refresh.window.factor</a>
</h4>
<p>Login refresh thread will sleep until the specified window factor relative to the credential's lifetime has been reached, at which time it will try to refresh the credential. Legal values are between 0.5 (50%) and 1.0 (100%) inclusive; a default value of 0.8 (80%) is used if no value is specified. Currently applies only to OAUTHBEARER.</p>
<table><tbody>
<tr><th>Type:</th><td>double</td></tr>
<tr><th>Default:</th><td>0.8</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.login.refresh.window.jitter"></a>
<a href="#sasl.login.refresh.window.jitter">sasl.login.refresh.window.jitter</a>
</h4>
<p>The maximum amount of random jitter relative to the credential's lifetime that is added to the login refresh thread's sleep time. Legal values are between 0 and 0.25 (25%) inclusive; a default value of 0.05 (5%) is used if no value is specified. Currently applies only to OAUTHBEARER.</p>
<table><tbody>
<tr><th>Type:</th><td>double</td></tr>
<tr><th>Default:</th><td>0.05</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.mechanism.inter.broker.protocol"></a>
<a href="#sasl.mechanism.inter.broker.protocol">sasl.mechanism.inter.broker.protocol</a>
</h4>
<p>SASL mechanism used for inter-broker communication. Default is GSSAPI.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>GSSAPI</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="sasl.server.callback.handler.class"></a>
<a href="#sasl.server.callback.handler.class">sasl.server.callback.handler.class</a>
</h4>
<p>The fully qualified name of a SASL server callback handler class that implements the AuthenticateCallbackHandler interface. Server callback handlers must be prefixed with listener prefix and SASL mechanism name in lower-case. For example, listener.name.sasl_ssl.plain.sasl.server.callback.handler.class=com.example.CustomPlainCallbackHandler.</p>
<table><tbody>
<tr><th>Type:</th><td>class</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="security.inter.broker.protocol"></a>
<a href="#security.inter.broker.protocol">security.inter.broker.protocol</a>
</h4>
<p>Security protocol used to communicate between brokers. Valid values are: PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL. It is an error to set this and inter.broker.listener.name properties at the same time.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>PLAINTEXT</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.cipher.suites"></a>
<a href="#ssl.cipher.suites">ssl.cipher.suites</a>
</h4>
<p>A list of cipher suites. This is a named combination of authentication, encryption, MAC and key exchange algorithm used to negotiate the security settings for a network connection using TLS or SSL network protocol. By default all the available cipher suites are supported.</p>
<table><tbody>
<tr><th>Type:</th><td>list</td></tr>
<tr><th>Default:</th><td>""</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.client.auth"></a>
<a href="#ssl.client.auth">ssl.client.auth</a>
</h4>
<p>Configures kafka broker to request client authentication. The following settings are common: <ul> <li><code>ssl.client.auth=required</code> If set to required client authentication is required. <li><code>ssl.client.auth=requested</code> This means client authentication is optional. unlike requested , if this option is set client can choose not to provide authentication information about itself <li><code>ssl.client.auth=none</code> This means client authentication is not needed.</ul></p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>none</td></tr>
<tr><th>Valid Values:</th><td>[required, requested, none]</td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.enabled.protocols"></a>
<a href="#ssl.enabled.protocols">ssl.enabled.protocols</a>
</h4>
<p>The list of protocols enabled for SSL connections. The default is 'TLSv1.2,TLSv1.3' when running with Java 11 or newer, 'TLSv1.2' otherwise. With the default value for Java 11, clients and servers will prefer TLSv1.3 if both support it and fallback to TLSv1.2 otherwise (assuming both support at least TLSv1.2). This default should be fine for most cases. Also see the config documentation for `ssl.protocol`.</p>
<table><tbody>
<tr><th>Type:</th><td>list</td></tr>
<tr><th>Default:</th><td>TLSv1.2</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.key.password"></a>
<a href="#ssl.key.password">ssl.key.password</a>
</h4>
<p>The password of the private key in the key store file. This is optional for client.</p>
<table><tbody>
<tr><th>Type:</th><td>password</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.keymanager.algorithm"></a>
<a href="#ssl.keymanager.algorithm">ssl.keymanager.algorithm</a>
</h4>
<p>The algorithm used by key manager factory for SSL connections. Default value is the key manager factory algorithm configured for the Java Virtual Machine.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>SunX509</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.keystore.location"></a>
<a href="#ssl.keystore.location">ssl.keystore.location</a>
</h4>
<p>The location of the key store file. This is optional for client and can be used for two-way authentication for client.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.keystore.password"></a>
<a href="#ssl.keystore.password">ssl.keystore.password</a>
</h4>
<p>The store password for the key store file. This is optional for client and only needed if ssl.keystore.location is configured. </p>
<table><tbody>
<tr><th>Type:</th><td>password</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.keystore.type"></a>
<a href="#ssl.keystore.type">ssl.keystore.type</a>
</h4>
<p>The file format of the key store file. This is optional for client.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>JKS</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.protocol"></a>
<a href="#ssl.protocol">ssl.protocol</a>
</h4>
<p>The SSL protocol used to generate the SSLContext. The default is 'TLSv1.3' when running with Java 11 or newer, 'TLSv1.2' otherwise. This value should be fine for most use cases. Allowed values in recent JVMs are 'TLSv1.2' and 'TLSv1.3'. 'TLS', 'TLSv1.1', 'SSL', 'SSLv2' and 'SSLv3' may be supported in older JVMs, but their usage is discouraged due to known security vulnerabilities. With the default value for this config and 'ssl.enabled.protocols', clients will downgrade to 'TLSv1.2' if the server does not support 'TLSv1.3'. If this config is set to 'TLSv1.2', clients will not use 'TLSv1.3' even if it is one of the values in ssl.enabled.protocols and the server only supports 'TLSv1.3'.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>TLSv1.2</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.provider"></a>
<a href="#ssl.provider">ssl.provider</a>
</h4>
<p>The name of the security provider used for SSL connections. Default value is the default security provider of the JVM.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.trustmanager.algorithm"></a>
<a href="#ssl.trustmanager.algorithm">ssl.trustmanager.algorithm</a>
</h4>
<p>The algorithm used by trust manager factory for SSL connections. Default value is the trust manager factory algorithm configured for the Java Virtual Machine.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>PKIX</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.truststore.location"></a>
<a href="#ssl.truststore.location">ssl.truststore.location</a>
</h4>
<p>The location of the trust store file. </p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.truststore.password"></a>
<a href="#ssl.truststore.password">ssl.truststore.password</a>
</h4>
<p>The password for the trust store file. If a password is not set access to the truststore is still available, but integrity checking is disabled.</p>
<table><tbody>
<tr><th>Type:</th><td>password</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.truststore.type"></a>
<a href="#ssl.truststore.type">ssl.truststore.type</a>
</h4>
<p>The file format of the trust store file.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>JKS</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.clientCnxnSocket"></a>
<a href="#zookeeper.clientCnxnSocket">zookeeper.clientCnxnSocket</a>
</h4>
<p>Typically set to <code>org.apache.zookeeper.ClientCnxnSocketNetty</code> when using TLS connectivity to ZooKeeper. Overrides any explicit value set via the same-named <code>zookeeper.clientCnxnSocket</code> system property.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.client.enable"></a>
<a href="#zookeeper.ssl.client.enable">zookeeper.ssl.client.enable</a>
</h4>
<p>Set client to use TLS when connecting to ZooKeeper. An explicit value overrides any value set via the <code>zookeeper.client.secure</code> system property (note the different name). Defaults to false if neither is set; when true, <code>zookeeper.clientCnxnSocket</code> must be set (typically to <code>org.apache.zookeeper.ClientCnxnSocketNetty</code>); other values to set may include <code>zookeeper.ssl.cipher.suites</code>, <code>zookeeper.ssl.crl.enable</code>, <code>zookeeper.ssl.enabled.protocols</code>, <code>zookeeper.ssl.endpoint.identification.algorithm</code>, <code>zookeeper.ssl.keystore.location</code>, <code>zookeeper.ssl.keystore.password</code>, <code>zookeeper.ssl.keystore.type</code>, <code>zookeeper.ssl.ocsp.enable</code>, <code>zookeeper.ssl.protocol</code>, <code>zookeeper.ssl.truststore.location</code>, <code>zookeeper.ssl.truststore.password</code>, <code>zookeeper.ssl.truststore.type</code></p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>false</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.keystore.location"></a>
<a href="#zookeeper.ssl.keystore.location">zookeeper.ssl.keystore.location</a>
</h4>
<p>Keystore location when using a client-side certificate with TLS connectivity to ZooKeeper. Overrides any explicit value set via the <code>zookeeper.ssl.keyStore.location</code> system property (note the camelCase).</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.keystore.password"></a>
<a href="#zookeeper.ssl.keystore.password">zookeeper.ssl.keystore.password</a>
</h4>
<p>Keystore password when using a client-side certificate with TLS connectivity to ZooKeeper. Overrides any explicit value set via the <code>zookeeper.ssl.keyStore.password</code> system property (note the camelCase). Note that ZooKeeper does not support a key password different from the keystore password, so be sure to set the key password in the keystore to be identical to the keystore password; otherwise the connection attempt to Zookeeper will fail.</p>
<table><tbody>
<tr><th>Type:</th><td>password</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.keystore.type"></a>
<a href="#zookeeper.ssl.keystore.type">zookeeper.ssl.keystore.type</a>
</h4>
<p>Keystore type when using a client-side certificate with TLS connectivity to ZooKeeper. Overrides any explicit value set via the <code>zookeeper.ssl.keyStore.type</code> system property (note the camelCase). The default value of <code>null</code> means the type will be auto-detected based on the filename extension of the keystore.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.truststore.location"></a>
<a href="#zookeeper.ssl.truststore.location">zookeeper.ssl.truststore.location</a>
</h4>
<p>Truststore location when using TLS connectivity to ZooKeeper. Overrides any explicit value set via the <code>zookeeper.ssl.trustStore.location</code> system property (note the camelCase).</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.truststore.password"></a>
<a href="#zookeeper.ssl.truststore.password">zookeeper.ssl.truststore.password</a>
</h4>
<p>Truststore password when using TLS connectivity to ZooKeeper. Overrides any explicit value set via the <code>zookeeper.ssl.trustStore.password</code> system property (note the camelCase).</p>
<table><tbody>
<tr><th>Type:</th><td>password</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.truststore.type"></a>
<a href="#zookeeper.ssl.truststore.type">zookeeper.ssl.truststore.type</a>
</h4>
<p>Truststore type when using TLS connectivity to ZooKeeper. Overrides any explicit value set via the <code>zookeeper.ssl.trustStore.type</code> system property (note the camelCase). The default value of <code>null</code> means the type will be auto-detected based on the filename extension of the truststore.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>medium</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="alter.config.policy.class.name"></a>
<a href="#alter.config.policy.class.name">alter.config.policy.class.name</a>
</h4>
<p>The alter configs policy class that should be used for validation. The class should implement the <code>org.apache.kafka.server.policy.AlterConfigPolicy</code> interface.</p>
<table><tbody>
<tr><th>Type:</th><td>class</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="alter.log.dirs.replication.quota.window.num"></a>
<a href="#alter.log.dirs.replication.quota.window.num">alter.log.dirs.replication.quota.window.num</a>
</h4>
<p>The number of samples to retain in memory for alter log dirs replication quotas</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>11</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="alter.log.dirs.replication.quota.window.size.seconds"></a>
<a href="#alter.log.dirs.replication.quota.window.size.seconds">alter.log.dirs.replication.quota.window.size.seconds</a>
</h4>
<p>The time span of each sample for alter log dirs replication quotas</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="authorizer.class.name"></a>
<a href="#authorizer.class.name">authorizer.class.name</a>
</h4>
<p>The fully qualified name of a class that implements sorg.apache.kafka.server.authorizer.Authorizer interface, which is used by the broker for authorization. This config also supports authorizers that implement the deprecated kafka.security.auth.Authorizer trait which was previously used for authorization.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>""</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="client.quota.callback.class"></a>
<a href="#client.quota.callback.class">client.quota.callback.class</a>
</h4>
<p>The fully qualified name of a class that implements the ClientQuotaCallback interface, which is used to determine quota limits applied to client requests. By default, <user, client-id>, <user> or <client-id> quotas stored in ZooKeeper are applied. For any given request, the most specific quota that matches the user principal of the session and the client-id of the request is applied.</p>
<table><tbody>
<tr><th>Type:</th><td>class</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="connection.failed.authentication.delay.ms"></a>
<a href="#connection.failed.authentication.delay.ms">connection.failed.authentication.delay.ms</a>
</h4>
<p>Connection close delay on failed authentication: this is the time (in milliseconds) by which connection close will be delayed on authentication failure. This must be configured to be less than connections.max.idle.ms to prevent connection timeout.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>100</td></tr>
<tr><th>Valid Values:</th><td>[0,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="create.topic.policy.class.name"></a>
<a href="#create.topic.policy.class.name">create.topic.policy.class.name</a>
</h4>
<p>The create topic policy class that should be used for validation. The class should implement the <code>org.apache.kafka.server.policy.CreateTopicPolicy</code> interface.</p>
<table><tbody>
<tr><th>Type:</th><td>class</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="delegation.token.expiry.check.interval.ms"></a>
<a href="#delegation.token.expiry.check.interval.ms">delegation.token.expiry.check.interval.ms</a>
</h4>
<p>Scan interval to remove expired delegation tokens.</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>3600000 (1 hour)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="kafka.metrics.polling.interval.secs"></a>
<a href="#kafka.metrics.polling.interval.secs">kafka.metrics.polling.interval.secs</a>
</h4>
<p>The metrics polling interval (in seconds) which can be used in kafka.metrics.reporters implementations.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>10</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="kafka.metrics.reporters"></a>
<a href="#kafka.metrics.reporters">kafka.metrics.reporters</a>
</h4>
<p>A list of classes to use as Yammer metrics custom reporters. The reporters should implement <code>kafka.metrics.KafkaMetricsReporter</code> trait. If a client wants to expose JMX operations on a custom reporter, the custom reporter needs to additionally implement an MBean trait that extends <code>kafka.metrics.KafkaMetricsReporterMBean</code> trait so that the registered MBean is compliant with the standard MBean convention.</p>
<table><tbody>
<tr><th>Type:</th><td>list</td></tr>
<tr><th>Default:</th><td>""</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="listener.security.protocol.map"></a>
<a href="#listener.security.protocol.map">listener.security.protocol.map</a>
</h4>
<p>Map between listener names and security protocols. This must be defined for the same security protocol to be usable in more than one port or IP. For example, internal and external traffic can be separated even if SSL is required for both. Concretely, the user could define listeners with names INTERNAL and EXTERNAL and this property as: `INTERNAL:SSL,EXTERNAL:SSL`. As shown, key and value are separated by a colon and map entries are separated by commas. Each listener name should only appear once in the map. Different security (SSL and SASL) settings can be configured for each listener by adding a normalised prefix (the listener name is lowercased) to the config name. For example, to set a different keystore for the INTERNAL listener, a config with name <code>listener.name.internal.ssl.keystore.location</code> would be set. If the config for the listener name is not set, the config will fallback to the generic config (i.e. <code>ssl.keystore.location</code>). </p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>PLAINTEXT:PLAINTEXT,SSL:SSL,SASL_PLAINTEXT:SASL_PLAINTEXT,SASL_SSL:SASL_SSL</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="log.message.downconversion.enable"></a>
<a href="#log.message.downconversion.enable">log.message.downconversion.enable</a>
</h4>
<p>This configuration controls whether down-conversion of message formats is enabled to satisfy consume requests. When set to <code>false</code>, broker will not perform down-conversion for consumers expecting an older message format. The broker responds with <code>UNSUPPORTED_VERSION</code> error for consume requests from such older clients. This configurationdoes not apply to any message format conversion that might be required for replication to followers.</p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>true</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="metric.reporters"></a>
<a href="#metric.reporters">metric.reporters</a>
</h4>
<p>A list of classes to use as metrics reporters. Implementing the <code>org.apache.kafka.common.metrics.MetricsReporter</code> interface allows plugging in classes that will be notified of new metric creation. The JmxReporter is always included to register JMX statistics.</p>
<table><tbody>
<tr><th>Type:</th><td>list</td></tr>
<tr><th>Default:</th><td>""</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>cluster-wide</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="metrics.num.samples"></a>
<a href="#metrics.num.samples">metrics.num.samples</a>
</h4>
<p>The number of samples maintained to compute metrics.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>2</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="metrics.recording.level"></a>
<a href="#metrics.recording.level">metrics.recording.level</a>
</h4>
<p>The highest recording level for metrics.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>INFO</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="metrics.sample.window.ms"></a>
<a href="#metrics.sample.window.ms">metrics.sample.window.ms</a>
</h4>
<p>The window of time a metrics sample is computed over.</p>
<table><tbody>
<tr><th>Type:</th><td>long</td></tr>
<tr><th>Default:</th><td>30000 (30 seconds)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="password.encoder.cipher.algorithm"></a>
<a href="#password.encoder.cipher.algorithm">password.encoder.cipher.algorithm</a>
</h4>
<p>The Cipher algorithm used for encoding dynamically configured passwords.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>AES/CBC/PKCS5Padding</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="password.encoder.iterations"></a>
<a href="#password.encoder.iterations">password.encoder.iterations</a>
</h4>
<p>The iteration count used for encoding dynamically configured passwords.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>4096</td></tr>
<tr><th>Valid Values:</th><td>[1024,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="password.encoder.key.length"></a>
<a href="#password.encoder.key.length">password.encoder.key.length</a>
</h4>
<p>The key length used for encoding dynamically configured passwords.</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>128</td></tr>
<tr><th>Valid Values:</th><td>[8,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="password.encoder.keyfactory.algorithm"></a>
<a href="#password.encoder.keyfactory.algorithm">password.encoder.keyfactory.algorithm</a>
</h4>
<p>The SecretKeyFactory algorithm used for encoding dynamically configured passwords. Default is PBKDF2WithHmacSHA512 if available and PBKDF2WithHmacSHA1 otherwise.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="quota.window.num"></a>
<a href="#quota.window.num">quota.window.num</a>
</h4>
<p>The number of samples to retain in memory for client quotas</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>11</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="quota.window.size.seconds"></a>
<a href="#quota.window.size.seconds">quota.window.size.seconds</a>
</h4>
<p>The time span of each sample for client quotas</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="replication.quota.window.num"></a>
<a href="#replication.quota.window.num">replication.quota.window.num</a>
</h4>
<p>The number of samples to retain in memory for replication quotas</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>11</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="replication.quota.window.size.seconds"></a>
<a href="#replication.quota.window.size.seconds">replication.quota.window.size.seconds</a>
</h4>
<p>The time span of each sample for replication quotas</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>1</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="security.providers"></a>
<a href="#security.providers">security.providers</a>
</h4>
<p>A list of configurable creator classes each returning a provider implementing security algorithms. These classes should implement the <code>org.apache.kafka.common.security.auth.SecurityProviderCreator</code> interface.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.endpoint.identification.algorithm"></a>
<a href="#ssl.endpoint.identification.algorithm">ssl.endpoint.identification.algorithm</a>
</h4>
<p>The endpoint identification algorithm to validate server hostname using server certificate. </p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>https</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.engine.factory.class"></a>
<a href="#ssl.engine.factory.class">ssl.engine.factory.class</a>
</h4>
<p>The class of type org.apache.kafka.common.security.auth.SslEngineFactory to provide SSLEngine objects. Default value is org.apache.kafka.common.security.ssl.DefaultSslEngineFactory</p>
<table><tbody>
<tr><th>Type:</th><td>class</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.principal.mapping.rules"></a>
<a href="#ssl.principal.mapping.rules">ssl.principal.mapping.rules</a>
</h4>
<p>A list of rules for mapping from distinguished name from the client certificate to short name. The rules are evaluated in order and the first rule that matches a principal name is used to map it to a short name. Any later rules in the list are ignored. By default, distinguished name of the X.500 certificate will be the principal. For more details on the format please see <a href="#security_authz"> security authorization and acls</a>. Note that this configuration is ignored if an extension of KafkaPrincipalBuilder is provided by the <code>principal.builder.class</code> configuration.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>DEFAULT</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="ssl.secure.random.implementation"></a>
<a href="#ssl.secure.random.implementation">ssl.secure.random.implementation</a>
</h4>
<p>The SecureRandom PRNG implementation to use for SSL cryptography operations. </p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>per-broker</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="transaction.abort.timed.out.transaction.cleanup.interval.ms"></a>
<a href="#transaction.abort.timed.out.transaction.cleanup.interval.ms">transaction.abort.timed.out.transaction.cleanup.interval.ms</a>
</h4>
<p>The interval at which to rollback transactions that have timed out</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>10000 (10 seconds)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="transaction.remove.expired.transaction.cleanup.interval.ms"></a>
<a href="#transaction.remove.expired.transaction.cleanup.interval.ms">transaction.remove.expired.transaction.cleanup.interval.ms</a>
</h4>
<p>The interval at which to remove transactions that have expired due to <code>transactional.id.expiration.ms</code> passing</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>3600000 (1 hour)</td></tr>
<tr><th>Valid Values:</th><td>[1,...]</td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.cipher.suites"></a>
<a href="#zookeeper.ssl.cipher.suites">zookeeper.ssl.cipher.suites</a>
</h4>
<p>Specifies the enabled cipher suites to be used in ZooKeeper TLS negotiation (csv). Overrides any explicit value set via the <code>zookeeper.ssl.ciphersuites</code> system property (note the single word "ciphersuites"). The default value of <code>null</code> means the list of enabled cipher suites is determined by the Java runtime being used.</p>
<table><tbody>
<tr><th>Type:</th><td>list</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.crl.enable"></a>
<a href="#zookeeper.ssl.crl.enable">zookeeper.ssl.crl.enable</a>
</h4>
<p>Specifies whether to enable Certificate Revocation List in the ZooKeeper TLS protocols. Overrides any explicit value set via the <code>zookeeper.ssl.crl</code> system property (note the shorter name).</p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>false</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.enabled.protocols"></a>
<a href="#zookeeper.ssl.enabled.protocols">zookeeper.ssl.enabled.protocols</a>
</h4>
<p>Specifies the enabled protocol(s) in ZooKeeper TLS negotiation (csv). Overrides any explicit value set via the <code>zookeeper.ssl.enabledProtocols</code> system property (note the camelCase). The default value of <code>null</code> means the enabled protocol will be the value of the <code>zookeeper.ssl.protocol</code> configuration property.</p>
<table><tbody>
<tr><th>Type:</th><td>list</td></tr>
<tr><th>Default:</th><td>null</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.endpoint.identification.algorithm"></a>
<a href="#zookeeper.ssl.endpoint.identification.algorithm">zookeeper.ssl.endpoint.identification.algorithm</a>
</h4>
<p>Specifies whether to enable hostname verification in the ZooKeeper TLS negotiation process, with (case-insensitively) "https" meaning ZooKeeper hostname verification is enabled and an explicit blank value meaning it is disabled (disabling it is only recommended for testing purposes). An explicit value overrides any "true" or "false" value set via the <code>zookeeper.ssl.hostnameVerification</code> system property (note the different name and values; true implies https and false implies blank).</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>HTTPS</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.ocsp.enable"></a>
<a href="#zookeeper.ssl.ocsp.enable">zookeeper.ssl.ocsp.enable</a>
</h4>
<p>Specifies whether to enable Online Certificate Status Protocol in the ZooKeeper TLS protocols. Overrides any explicit value set via the <code>zookeeper.ssl.ocsp</code> system property (note the shorter name).</p>
<table><tbody>
<tr><th>Type:</th><td>boolean</td></tr>
<tr><th>Default:</th><td>false</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.ssl.protocol"></a>
<a href="#zookeeper.ssl.protocol">zookeeper.ssl.protocol</a>
</h4>
<p>Specifies the protocol to be used in ZooKeeper TLS negotiation. An explicit value overrides any value set via the same-named <code>zookeeper.ssl.protocol</code> system property.</p>
<table><tbody>
<tr><th>Type:</th><td>string</td></tr>
<tr><th>Default:</th><td>TLSv1.2</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
<li>
<h4 class="anchor-heading">
<a class="anchor-link" id="zookeeper.sync.time.ms"></a>
<a href="#zookeeper.sync.time.ms">zookeeper.sync.time.ms</a>
</h4>
<p>How far a ZK follower can be behind a ZK leader</p>
<table><tbody>
<tr><th>Type:</th><td>int</td></tr>
<tr><th>Default:</th><td>2000 (2 seconds)</td></tr>
<tr><th>Valid Values:</th><td></td></tr>
<tr><th>Importance:</th><td>low</td></tr>
<tr><th>Update Mode:</th><td>read-only</td></tr>
</tbody></table>
</li>
</ul>