content/operate/rs/references/rest-api/objects/cluster/_index.md
An API object that represents the cluster.
| Name | Type/Value | Description |
|---|---|---|
| alert_settings | [alert_settings]({{< relref "/operate/rs/references/rest-api/objects/cluster/alert_settings" >}}) object | Cluster and node alert settings |
| <span class="break-all">availability_lag_tolerance_ms</span> | integer (default: 100) | The maximum replication lag in milliseconds tolerated between source and replicas during [lag-aware database availability checks]({{<relref "/operate/rs/monitoring/db-availability#lag-aware">}}). |
| bigstore_driver | "speedb" | |
| "rocksdb" | Storage engine for [Redis Flex or Auto Tiering]({{<relref "/operate/rs/databases/flash">}}) | |
| <span class="break-all">cluster_ssh_public_key</span> | string | Cluster's autogenerated SSH public key |
| client_maint_notifications | boolean (default: false) | Toggles sending client maintenance notifications about shard movements |
| cm_port | integer, (range: 1024-65535) | UI HTTPS listening port |
| <span class="break-all">cm_session_timeout_minutes</span> | integer (default: 15) | The timeout (in minutes) for the session to the CM |
| <span class="break-all">cnm_http_max_threads_per_worker</span> | integer (default: 10) | Maximum number of threads per worker in the cnm_http service (deprecated) |
| cnm_http_port | integer, (range: 1024-65535) | API HTTP listening port |
| cnm_http_workers | integer (default: 1) | Number of workers in the cnm_http service |
| cnm_https_port | integer, (range: 1024-65535) | API HTTPS listening port |
| control_cipher_suites | string | Specifies the enabled ciphers for the control plane. The ciphers are specified in the format understood by the BoringSSL library. |
| <span class="break-all">control_cipher_suites_tls_1_3</span> | string | Specifies the enabled TLS 1.3 ciphers for the control plane. The ciphers are specified in the format understood by the BoringSSL library. (read-only) |
| crdb_coordinator_port | integer, (range: 1024-65535) (default: 9081) | CRDB coordinator port |
| <span class="break-all">crdt_rest_client_retries</span> | integer | Maximum number of retries for the REST client used by the Active-Active management API |
| <span class="break-all">crdt_rest_client_timeout</span> | integer | Timeout for REST client used by the Active-Active management API |
| created_time | string | Cluster creation date (read-only) |
| data_cipher_list | string | Specifies the enabled ciphers for the data plane. The ciphers are specified in the format understood by the OpenSSL library. |
| <span class="break-all">data_cipher_suites_tls_1_3</span> | string | Specifies the enabled TLS 1.3 ciphers for the data plane. |
| debuginfo_path | string | Path to a local directory used when generating support packages |
| <span class="break-all">default_non_sharded_proxy_policy</span> | string (default: single) | Default proxy_policy for newly created non-sharded databases' endpoints (read-only) |
| <span class="break-all">default_sharded_proxy_policy</span> | string (default: all-master-shards) | Default proxy_policy for newly created sharded databases' endpoints (read-only) |
| <span class="break-all">disconnect_clients_on_password_removal</span> | "enabled" | |
| "disabled" | ||
| "auto" | This flag controls whether client connections using removed, revoked, or rotated passwords are actively disconnected | |
| email_alerts | boolean (default: false) | Send node/cluster email alerts (requires valid SMTP and email_from settings) |
| email_from | string | Sender email for automated emails |
| encrypt_pkeys | boolean (default: false) | Enable or turn off encryption of private keys |
| envoy_admin_port | integer, (range: 1024-65535) | Envoy admin port. Changing this port during runtime might result in an empty response because envoy serves as the cluster gateway. |
| <span class="break-all">envoy_max_downstream_connections</span> | integer, (range: 100-2048) | The max downstream connections envoy is allowed to open |
| <span class="break-all">envoy_mgmt_server_port</span> | integer, (range: 1024-65535) | Envoy management server port |
| <span class="break-all">gossip_envoy_admin_port</span> | integer, (range: 1024-65535) | Gossip envoy admin port (deprecated; this port is no longer used because gossip functionality is handled by the main envoy process on envoy_admin_port) |
| handle_redirects | boolean (default: false) | Handle API HTTPS requests and redirect to the master node internally |
| http_support | boolean (default: false) | Enable or turn off HTTP support |
| logrotate_settings | [logrotate_settings]({{<relref "/operate/rs/references/rest-api/objects/cluster/logrotate_settings">}}) object | Settings for logrotate configuration |
| metrics_auth | boolean (default: false) | If true, requires authentication for requests to the metrics exporter |
| <span class="break-all">min_control_TLS_version</span> | "1.2" | |
| "1.3" | The minimum version of TLS protocol which is supported at the control path | |
| min_data_TLS_version | "1.2" | |
| "1.3" | The minimum version of TLS protocol which is supported at the data path | |
| <span class="break-all">min_sentinel_TLS_version</span> | "1.2" | |
| "1.3" | The minimum version of TLS protocol which is supported at the data path | |
| <span class="break-all">mtls_authorized_subjects</span> | array | {{<code>}}[{ |
| "CN": string, | ||
| "O": string, | ||
| "OU": [array of strings], | ||
| "L": string, | ||
| "ST": string, | ||
| "C": string | ||
| }, ...]{{</code>}} A list of valid subjects used for additional certificate validations during TLS client authentication. All subject attributes are case-sensitive. | ||
| Required subject fields: | ||
| "CN" for Common Name | ||
| Optional subject fields: | ||
| "O" for Organization | ||
| "OU" for Organizational Unit (array of strings) | ||
| "L" for Locality (city) | ||
| "ST" for State/Province | ||
| "C" for 2-letter country code | ||
| <span class="break-all">mtls_certificate_authentication</span> | boolean | Require authentication of client certificates for mTLS connections to the cluster. The API_CA certificate should be configured as a prerequisite. |
| <span class="break-all">mtls_client_cert_subject_validation_type</span> | "disabled" | |
| "san_cn" | ||
| "full_subject" | Enables additional certificate validations that further limit connections to clients with valid certificates during TLS client authentication. | |
| Values: | ||
| disabled: Authenticates clients with valid certificates. No additional validations are enforced. | ||
| san_cn: A client certificate is valid only if its Common Name (CN) matches an entry in the list of valid subjects. Ignores other Subject attributes. | ||
| full_subject: A client certificate is valid only if its Subject attributes match an entry in the list of valid subjects. | ||
| multi_commands_opt | "disabled" | |
| "batch" | ||
| "force_disabled" | Determines the default multi_commands_opt setting for databases in the cluster. If set to batch, it reduces the overhead of transaction management by batching multiple commands into a single transaction. | |
| Values: | ||
| disabled: Turns off the optimization for all databases except those that override it on the [bdb level]({{<relref "/operate/rs/references/rest-api/objects/bdb">}}). Default value. | ||
| batch: Enables the optimization on all databases except those that override it on the [bdb level]({{<relref "/operate/rs/references/rest-api/objects/bdb">}}). | ||
| force_disabled: Disables the optimization for all databases, even those that override it on the [bdb level]({{<relref "/operate/rs/references/rest-api/objects/bdb">}}). | ||
| name | string | Cluster's fully qualified domain name (read-only) |
| options_method_forbidden | boolean (default: false) | Make OPTIONS http method forbidden over CNM HTTPS port. |
| password_complexity | boolean (default: false) | Enforce password complexity policy |
| <span class="break-all">password_expiration_duration</span> | integer (default: 0) | The number of days a password is valid until the user is required to replace it |
| password_min_length | integer, (range: 8-256) (default: 8) | The minimum length required for a password. |
| proxy_certificate | string | Cluster's proxy certificate |
| <span class="break-all">proxy_max_ccs_disconnection_time</span> | integer | Cluster-wide proxy timeout policy between proxy and CCS |
| rack_aware | boolean | Cluster operates in a rack-aware mode (read-only) |
| reserved_ports | array of strings | List of reserved ports and/or port ranges to avoid using for database endpoints (for example "reserved_ports": ["11000", "13000-13010"]) |
| <span class="break-all">replica_sconns_on_demand</span> | "enabled" | |
| "disabled" | ||
| "auto" | Reduces DMC internode connections by at least 50%, conserving sockets, file descriptors, and KEEPALIVE traffic | |
| robust_crdt_syncer | boolean (default: false) | If true, enables the robust syncer for Active-Active databases |
| s3_ca_cert | string | Filepath to the PEM-encoded CA certificate to use for validating TLS connections to the S3 server |
| s3_url | string | Specifies the URL for S3 export and import |
| <span class="break-all">sentinel_cipher_suites</span> | array | Specifies the list of enabled ciphers for the sentinel service. The supported ciphers are those implemented by the cipher_suites.go package. |
| <span class="break-all">sentinel_cipher_suites_tls_1_3<span> | string | Specifies the list of enabled TLS 1.3 ciphers for the discovery (sentinel) service. The supported ciphers are those implemented by the cipher_suites.go package.(read-only) |
| sentinel_tls_mode | "allowed" | |
| "disabled" | ||
| "required" | Determines whether the discovery service allows, blocks, or requires TLS connections (previously named sentinel_ssl_policy) | |
| allowed: Allows both TLS and non-TLS connections | ||
| disabled: Allows only non-TLS connections | ||
| required: Allows only TLS connections | ||
| slave_ha | boolean (default: false) | Enable the replica high-availability mechanism (read-only) |
| <span class="break-all">slave_ha_bdb_cooldown_period</span> | integer (default: 86400) | Time in seconds between runs of the replica high-availability mechanism on different nodes on the same database (read-only) |
| <span class="break-all">slave_ha_cooldown_period</span> | integer (default: 3600) | Time in seconds between runs of the replica high-availability mechanism on different nodes (read-only) |
| <span class="break-all">slave_ha_grace_period</span> | integer (default: 900) | Time in seconds between a node failure and when the replica high-availability mechanism starts relocating shards (read-only) |
| <span class="break-all">slowlog_in_sanitized_support</span> | boolean | Whether to include slowlogs in the sanitized support package |
| smtp_host | string | SMTP server for automated emails |
| smtp_password | string | SMTP server password |
| smtp_port | integer | SMTP server port for automated emails |
| smtp_tls_mode | "none" | |
| "starttls" | ||
| "tls" | Specifies which TLS mode to use for SMTP access | |
| smtp_use_tls | boolean (default: false) | Use TLS for SMTP access (deprecated as of Redis Software v4.3.3, use smtp_tls_mode field instead) |
| smtp_username | string | SMTP server username (pattern does not allow special characters &,<,>,") |
| syncer_certificate | string | Cluster's syncer certificate |
| upgrade_mode | boolean (default: false) | Is cluster currently in upgrade mode |
| use_external_ipv6 | boolean (default: true) | Should redislabs services listen on ipv6 |
| use_ipv6 | boolean (default: true) | Should redislabs services listen on ipv6 (deprecated as of Redis Software v6.4.2, replaced with use_external_ipv6) |
| wait_command | boolean (default: true) | Supports Redis wait command (read-only) |