Conversation
✅ Deploy Preview for redpanda-docs-preview ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
📝 WalkthroughWalkthroughThis PR updates Iceberg and AWS Glue documentation with environment-specific configuration guidance. The main documentation file ( Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
modules/reference/partials/properties/object-storage-properties.adoc (1)
1522-1578:⚠️ Potential issue | 🔴 CriticalCritical: Auto-generated file edited directly.
This file is auto-generated and should not be edited manually. Line 1 explicitly states: "This content is autogenerated. Do not edit manually. To override descriptions, use the doc-tools CLI with the --overrides option."
Any changes made directly to this file will be overwritten the next time the properties are regenerated. Based on learnings, files in
/modules/reference/partials/properties/must never be edited directly.To properly add the
redpanda-cloudtags to thecloud_storage_credentials_sourceproperty:
- Use the doc-tools CLI with the appropriate configuration/overrides to add these tags
- Regenerate the properties file
- Alternatively, if tags are needed for conditional includes, verify if they should be added in the source data or through the generation tooling
Based on learnings: "Never directly edit files in
/modules/reference/partials/properties/- they are auto-generated and will be overwritten"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@modules/reference/partials/properties/object-storage-properties.adoc` around lines 1522 - 1578, The auto-generated property block for cloud_storage_credentials_source was edited directly (you added the redpanda-cloud tag) which will be overwritten; revert manual edits and instead add the redpanda-cloud tag in the source/overrides used by the generator: update the property definition for cloud_storage_credentials_source in the generator input (or create an overrides file) and run the doc-tools CLI with the --overrides option to regenerate the object-storage properties so the redpanda-cloud conditional tags are applied; if conditional tagging belongs in the generation tooling, add the tag there and re-run the generation pipeline rather than editing the generated object-storage-properties.adoc file.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@modules/manage/pages/iceberg/iceberg-topics-aws-glue.adoc`:
- Around line 192-202: The multiline shell command starting with "rpk cluster
config set" contains an inline comment ("# Glue requires Redpanda Iceberg tables
to be manually deleted") on a line that ends with a backslash, which breaks bash
continuation; remove the inline comment from the continued lines and place
explanatory comments on their own lines before or after the command, and ensure
each continued line ends with a backslash followed only by the argument (e.g.,
adjust the line containing "iceberg_delete=false" to remove the "# ..." comment
and move that text into a separate comment line outside the backslash-continued
command).
---
Outside diff comments:
In `@modules/reference/partials/properties/object-storage-properties.adoc`:
- Around line 1522-1578: The auto-generated property block for
cloud_storage_credentials_source was edited directly (you added the
redpanda-cloud tag) which will be overwritten; revert manual edits and instead
add the redpanda-cloud tag in the source/overrides used by the generator: update
the property definition for cloud_storage_credentials_source in the generator
input (or create an overrides file) and run the doc-tools CLI with the
--overrides option to regenerate the object-storage properties so the
redpanda-cloud conditional tags are applied; if conditional tagging belongs in
the generation tooling, add the tag there and re-run the generation pipeline
rather than editing the generated object-storage-properties.adoc file.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 903fad3a-6b53-4f7c-9b76-ea89517b2157
📒 Files selected for processing (3)
modules/manage/pages/iceberg/iceberg-topics-aws-glue.adocmodules/reference/partials/properties/cluster-properties.adocmodules/reference/partials/properties/object-storage-properties.adoc
| For clusters created before March 2026, you must run `rpk byoc apply` to provision the Glue IAM policy before enabling Iceberg. This is a one-time operation that updates the broker role with the necessary Glue permissions. | ||
| endif::[] | ||
|
|
||
| ifndef::env-cloud[] |
There was a problem hiding this comment.
@simon0191 Is this correct -- Cloud users won't have to do anything special for IAM, so the lines that follow this should display for Self-managed only?
| - `<bucket-name>` and `<warehouse-path>`: AWS Glue requires you to specify the base location where Redpanda stores Iceberg data and metadata files. You must use an S3 URI; for example, `s3://<bucket-name>/iceberg`. As a security best practice, Redpanda Data recommends specifying a subfolder (using prefixes) rather than the root of the bucket. | ||
| - `<glue-access-key>`: The AWS access key ID for your Glue service account. | ||
| - `<glue-secret-key-name>`: The name of the secret that stores the AWS secret access key for your Glue service account. To reference a secret in a cluster property, for example `iceberg_rest_catalog_aws_secret_key`, you must first xref:manage:iceberg/use-iceberg-catalogs.adoc#store-a-secret-for-rest-catalog-authentication[store the secret value]. | ||
| - `<bucket-name>` and `<warehouse-path>`: AWS Glue requires you to specify the base location where Redpanda stores Iceberg data and metadata files. You must use an S3 URI; for example, `s3://<bucket-name>/iceberg`. For BYOC clusters, the bucket name is `redpanda-cloud-storage-<cluster-id>`. For BYOVPC clusters, use the name of the bucket you created as a customer-managed resource. |
There was a problem hiding this comment.
@simon0191 Could you confirm that this is OK to add here, and should we update the table in this doc as well?
|
@simon0191 somewhat related, our docs currently say BYOC is a prereq, is it worth now specifying BYOVPC too? |
I don't see why this won't work in BYOVPC, we have some large customers on AWS that could use this feature on BYOVPC. |
2 participants
Description
Redpanda Cloud BYOC now supports authenticating to AWS Glue using the broker's existing IAM role (the same one used for S3/Tiered Storage) instead of requiring static AWS access keys.
This PR updates the AWS Glue guide to:
Resolves https://redpandadata.atlassian.net/browse/
Review deadline:
Page previews
Cloud:
AWS Glue doc
Object Storage Properties >
cloud_storage_credentials_sourceChecks