{
  "id": "cluster",
  "title": "Cluster object",
  "url": "https://redis.io/docs/latest/operate/rs/7.8/references/rest-api/objects/cluster/",
  "summary": "An object that represents a cluster",
  "content": "\nAn API object that represents the cluster.\n\n| Name | Type/Value | Description |\n|------|------------|-------------|\n| alert_settings | [alert_settings]() object | Cluster and node alert settings |\n| bigstore_driver | 'speedb'\u003cbr /\u003e'rocksdb' | Storage engine for [Auto Tiering]() |\n| cluster_ssh_public_key | string | Cluster's autogenerated SSH public key |\n| cm_port | integer, (range:\u0026nbsp;1024-65535) | UI HTTPS listening port |\n| \u003cspan class=\"break-all\"\u003ecm_session_timeout_minutes\u003c/span\u003e | integer (default:\u0026nbsp;15) | The timeout (in minutes) for the session to the CM |\n| \u003cspan class=\"break-all\"\u003ecnm_http_max_threads_per_worker\u003c/span\u003e | integer (default: 10) | Maximum number of threads per worker in the `cnm_http` service (deprecated) |\n| cnm_http_port | integer, (range:\u0026nbsp;1024-65535) | API HTTP listening port |\n| cnm_http_workers | integer (default: 1) | Number of workers in the `cnm_http` service |\n| cnm_https_port | integer, (range:\u0026nbsp;1024-65535) | API HTTPS listening port |\n| control_cipher_suites | string | Specifies the enabled ciphers for the control plane. The ciphers are specified in the format understood by the BoringSSL library. |\n| \u003cspan class=\"break-all\"\u003econtrol_cipher_suites_tls_1_3\u003c/span\u003e | string | Specifies the enabled TLS 1.3 ciphers for the control plane. The ciphers are specified in the format understood by the BoringSSL library. (read-only) |\n| crdb_coordinator_port | integer, (range:\u0026nbsp;1024-65535) (default:\u0026nbsp;9081) | CRDB coordinator port |\n| crdt_rest_client_retries | integer | Maximum number of retries for the REST client used by the Active-Active management API |\n| crdt_rest_client_timeout | integer | Timeout for REST client used by the Active-Active management API |\n| created_time | string | Cluster creation date (read-only) |\n| data_cipher_list | string | Specifies the enabled ciphers for the data plane. The ciphers are specified in the format understood by the OpenSSL library. |\n| \u003cspan class=\"break-all\"\u003edata_cipher_suites_tls_1_3\u003c/span\u003e | string | Specifies the enabled TLS 1.3 ciphers for the data plane. |\n| debuginfo_path | string | Path to a local directory used when generating support packages |\n| \u003cspan class=\"break-all\"\u003edefault_non_sharded_proxy_policy\u003c/span\u003e | string (default:\u0026nbsp;single) | Default proxy_policy for newly created non-sharded databases' endpoints (read-only) |\n| \u003cspan class=\"break-all\"\u003edefault_sharded_proxy_policy\u003c/span\u003e | string (default:\u0026nbsp;all-master-shards) | Default proxy_policy for newly created sharded databases' endpoints (read-only) |\n| email_alerts | boolean (default:\u0026nbsp;false) | Send node/cluster email alerts (requires valid SMTP and email_from settings) |\n| email_from | string | Sender email for automated emails |\n| encrypt_pkeys | boolean (default:\u0026nbsp;false) | Enable or turn off encryption of private keys |\n| envoy_admin_port | integer, (range:\u0026nbsp;1024-65535) | Envoy admin port. Changing this port during runtime might result in an empty response because envoy serves as the cluster gateway.|\n| \u003cspan class=\"break-all\"\u003eenvoy_max_downstream_connections\u003c/span\u003e | integer, (range:\u0026nbsp;100-2048) | The max downstream connections envoy is allowed to open |\n| envoy_mgmt_server_port | integer, (range:\u0026nbsp;1024-65535) | Envoy management server port|\n| gossip_envoy_admin_port | integer, (range:\u0026nbsp;1024-65535) | Gossip envoy admin port|\n| handle_redirects | boolean (default:\u0026nbsp;false) | Handle API HTTPS requests and redirect to the master node internally |\n| http_support | boolean (default:\u0026nbsp;false) | Enable or turn off HTTP support |\n| min_control_TLS_version | '1.2'\u003cbr /\u003e'1.3' | The minimum version of TLS protocol which is supported at the control path |\n| min_data_TLS_version | '1.2'\u003cbr /\u003e'1.3' | The minimum version of TLS protocol which is supported at the data path |\n| min_sentinel_TLS_version | '1.2'\u003cbr /\u003e'1.3' | The minimum version of TLS protocol which is supported at the data path |\n| mtls_authorized_subjects | array | [{\u003cbr /\u003e  \"CN\": string,\u003cbr /\u003e  \"O\": string,\u003cbr /\u003e  \"OU\": [array of strings],\u003cbr /\u003e  \"L\": string,\u003cbr /\u003e  \"ST\": string,\u003cbr /\u003e  \"C\": string\u003cbr /\u003e}, ...] A list of valid subjects used for additional certificate validations during TLS client authentication. All subject attributes are case-sensitive.\u003cbr /\u003e**Required subject fields**:\u003cbr /\u003e\"CN\" for Common Name\u003cbr /\u003e**Optional subject fields:**\u003cbr /\u003e\"O\" for Organization\u003cbr /\u003e\"OU\" for Organizational Unit (array of strings)\u003cbr /\u003e\"L\" for Locality (city)\u003cbr /\u003e\"ST\" for State/Province\u003cbr /\u003e\"C\" for 2-letter country code |\n| \u003cspan class=\"break-all\"\u003emtls_certificate_authentication\u003c/span\u003e | boolean | Require authentication of client certificates for mTLS connections to the cluster. The API_CA certificate should be configured as a prerequisite. |\n| \u003cspan class=\"break-all\"\u003emtls_client_cert_subject_validation_type\u003c/span\u003e | `disabled`\u003cbr /\u003e`san_cn`\u003cbr /\u003e`full_subject` | Enables additional certificate validations that further limit connections to clients with valid certificates during TLS client authentication.\u003cbr /\u003eValues:\u003cbr /\u003e**disabled**: Authenticates clients with valid certificates. No additional validations are enforced.\u003cbr /\u003e**san_cn**: A client certificate is valid only if its Common Name (CN) matches an entry in the list of valid subjects. Ignores other Subject attributes.\u003cbr /\u003e**full_subject**: A client certificate is valid only if its Subject attributes match an entry in the list of valid subjects. |\n| name | string | Cluster's fully qualified domain name (read-only) |\n| options_method_forbidden | boolean (default: false) | Make OPTIONS http method forbidden over CNM HTTPS port. |\n| password_complexity | boolean (default:\u0026nbsp;false) | Enforce password complexity policy |\n| \u003cspan class=\"break-all\"\u003epassword_expiration_duration\u003c/span\u003e | integer (default:\u0026nbsp;0) | The number of days a password is valid until the user is required to replace it |\n| password_min_length | integer, (range: 8-256) (default: 8) | The minimum length required for a password. |\n| proxy_certificate | string | Cluster's proxy certificate |\n| \u003cspan class=\"break-all\"\u003eproxy_max_ccs_disconnection_time\u003c/span\u003e | integer | Cluster-wide proxy timeout policy between proxy and CCS |\n| rack_aware | boolean | Cluster operates in a rack-aware mode (read-only) |\n| reserved_ports | array of strings | List of reserved ports and/or port ranges to avoid using for database endpoints (for example `\"reserved_ports\": [\"11000\", \"13000-13010\"]`) |\n| s3_ca_cert | string | Filepath to the PEM-encoded CA certificate to use for validating TLS connections to the S3 server |\n| s3_url | string | Specifies the URL for S3 export and import |\n| sentinel_cipher_suites | array | Specifies the list of enabled ciphers for the sentinel service. The supported ciphers are those implemented by the [cipher_suites.go](\u003chttps://golang.org/src/crypto/tls/cipher_suites.go\u003e) package. |\n| \u003cspan class=\"break-all\"\u003esentinel_cipher_suites_tls_1_3\u003cspan\u003e | string | Specifies the list of enabled TLS 1.3 ciphers for the discovery (sentinel) service. The supported ciphers are those implemented by the [cipher_suites.go](\u003chttps://golang.org/src/crypto/tls/cipher_suites.go\u003e) package.(read-only) |\n| sentinel_tls_mode | 'allowed'\u003cbr /\u003e'disabled' \u003cbr /\u003e'required' | Determines whether the discovery service allows, blocks, or requires TLS connections (previously named `sentinel_ssl_policy`)\u003cbr /\u003e**allowed**: Allows both TLS and non-TLS connections\u003cbr /\u003e**disabled**: Allows only non-TLS connections\u003cbr /\u003e**required**: Allows only TLS connections |\n| slave_ha | boolean (default:\u0026nbsp;false) | Enable the replica high-availability mechanism (read-only) |\n| \u003cspan class=\"break-all\"\u003eslave_ha_bdb_cooldown_period\u003c/span\u003e | integer (default:\u0026nbsp;86400) | Time in seconds between runs of the replica high-availability mechanism on different nodes on the same database (read-only) |\n| \u003cspan class=\"break-all\"\u003eslave_ha_cooldown_period\u003c/span\u003e | integer (default:\u0026nbsp;3600) | Time in seconds between runs of the replica high-availability mechanism on different nodes (read-only) |\n| \u003cspan class=\"break-all\"\u003eslave_ha_grace_period\u003c/span\u003e | integer (default:\u0026nbsp;900) | Time in seconds between a node failure and when the replica high-availability mechanism starts relocating shards (read-only) |\n| \u003cspan class=\"break-all\"\u003eslowlog_in_sanitized_support\u003c/span\u003e | boolean | Whether to include slowlogs in the sanitized support package |\n| smtp_host | string | SMTP server for automated emails |\n| smtp_password | string | SMTP server password |\n| smtp_port | integer | SMTP server port for automated emails |\n| smtp_tls_mode | 'none'\u003cbr /\u003e'starttls'\u003cbr /\u003e'tls' | Specifies which TLS mode to use for SMTP access |\n| smtp_use_tls | boolean (default:\u0026nbsp;false) | Use TLS for SMTP access (deprecated as of Redis Enterprise v4.3.3, use smtp_tls_mode field instead) |\n| smtp_username | string | SMTP server username (pattern does not allow special characters \u0026,\\\u003c,\u003e,\") |\n| syncer_certificate | string | Cluster's syncer certificate |\n| upgrade_mode | boolean (default:\u0026nbsp;false) | Is cluster currently in upgrade mode |\n| use_external_ipv6 | boolean (default:\u0026nbsp;true) | Should redislabs services listen on ipv6 |\n| use_ipv6 | boolean (default:\u0026nbsp;true) | Should redislabs services listen on ipv6 (deprecated as of Redis Enterprise v6.4.2, replaced with use_external_ipv6) |\n| wait_command | boolean (default:\u0026nbsp;true) | Supports Redis wait command (read-only) |\n",
  "tags": ["docs","operate","rs"],
  "last_updated": "2026-04-01T08:10:08-05:00",
  "children": [{"id":"alert_settings","summary":"Documents the alert_settings object used with Redis Enterprise Software REST API calls.","title":"Alert settings object","url":"https://redis.io/docs/latest/operate/rs/7.8/references/rest-api/objects/cluster/alert_settings/"},{"id":"cluster_alert_settings_with_threshold","summary":"Documents the cluster_alert_settings_with_threshold object used with Redis Enterprise Software REST API calls.","title":"Cluster alert settings with threshold object","url":"https://redis.io/docs/latest/operate/rs/7.8/references/rest-api/objects/cluster/cluster_alert_settings_with_threshold/"}]
}