Kafka Configs Kafka Protocol Wire Format API Versions KIPs Errors Kafka Upgrade Config Advisor Policy Pack
Debezium
Config Matrix Event Envelope Snapshot Modes Error Reference
Flink SQL
conduktor.io ↗

Maximum Retention Bound

retention.ms must not exceed 30 days unless explicitly justified.

Rationale

Indefinite retention turns Kafka into cold storage it was never designed for. Bounded retention forces teams to think about archival (S3, tiered storage, CDC into a warehouse). Override via explicit label.

Pattern

retention.ms <= 30 days AND retention.ms != -1 (unless labels[retention-justified] = "true")

Examples

retention.ms: 604800000 (7d)
retention.ms: 2592000000 (30d)
retention.ms: -1 (infinite, without override)
retention.ms: 31536000000 (1y)

Parameters

NameDefaultDescription
max_ms 2592000000 Maximum retention in milliseconds (default 30 days).
override_label "retention-justified" Label key (value "true") that authorizes longer or infinite retention.

Governs

This policy relates to the following Kafka configuration keys:

Implementation

Drop this YAML into Conduktor Console as a ResourcePolicy, then link it from an ApplicationInstance, Application, or KafkaCluster.

Conduktor ResourcePolicy
# Conduktor self-service ResourcePolicy
# Schema: https://docs.conduktor.io/platform/reference/resource-reference/self-service/#resourcepolicy
# - spec.configs values are strings — wrap with int(string(...)) for numeric compare.
# - ResourcePolicy has no "unless" clause; the override is folded into the CEL.
# - retention.ms == -1 means infinite retention — also rejected unless overridden.
---
apiVersion: self-serve/v1
kind: ResourcePolicy
metadata:
  name: max-retention-bound
spec:
  targetKind: Topic
  description: retention.ms must be <= 30d and not infinite, unless labels.retention-justified == "true"
  rules:
    - condition: '("retention-justified" in metadata.labels && metadata.labels["retention-justified"] == "true") || ("retention.ms" in spec.configs && int(string(spec.configs["retention.ms"])) != -1 && int(string(spec.configs["retention.ms"])) <= 2592000000)'
      errorMessage: "retention.ms must be <= 30 days and not -1 (set label retention-justified=true to override)"

Related policies

Try Conduktor Console

Enforce policies like this across your team — central audit history, pre-commit guardrails, ApplicationInstance bindings. 5-min Docker install.

Get Started →