Known Issues in Apache Kafka
Learn about the known issues in Kafka, the impact or changes to the functionality, and the workaround.
- OPSAPS-59553: SMM's bootstrap server config should be updated based on Kafka's listeners
-
SMM does not show any metrics for Kafka or Kafka Connect when multiple listeners are set in Kafka.
- The
offsets.topic.replication.factor
property must be less than or equal to the number of live brokers -
The
offsets.topic.replication.factor
broker configuration is now enforced upon auto topic creation. Internal auto topic creation will fail with aGROUP_COORDINATOR_NOT_AVAILABLE
error until the cluster size meets this replication factor requirement.
- Requests fail when sending to a nonexistent topic with
auto.create.topics.enable
set to true -
The first few
produce
requests fail when sending to a nonexistent topic withauto.create.topics.enable
set to true.
- Performance degradation when SSL Is enabled
- In some configuration scenarios, significant performance degradation can occur when SSL is enabled. The impact varies depending on your CPU, JVM version, Kafka configuration, and message size. Consumers are typically more affected than producers.
- OPSAPS-43236: Kafka garbage collection logs are written to the process directory
- By default Kafka garbage collection logs are written to the agent process directory. Changing the default path for these log files is currently unsupported.
- RANGER-3809: Idempotent Kafka producer fails to initialize due to an authorization failure
- Kafka producers that have idempotence enabled require the
Idempotent Write permission to be set on the cluster resource in Ranger. If permission
is not given, the client fails to initialize and an error similar to the following is
thrown:
Idempotence is enabled by default for clients in Kafka 3.0.1, 3.1.1, and any version after 3.1.1. This means that any client updated to 3.0.1, 3.1.1, or any version after 3.1.1 is affected by this issue.org.apache.kafka.common.KafkaException: Cannot execute transactional method because we are in an error state at org.apache.kafka.clients.producer.internals.TransactionManager.maybeFailWithError(TransactionManager.java:1125) at org.apache.kafka.clients.producer.internals.TransactionManager.maybeAddPartition(TransactionManager.java:442) at org.apache.kafka.clients.producer.KafkaProducer.doSend(KafkaProducer.java:1000) at org.apache.kafka.clients.producer.KafkaProducer.send(KafkaProducer.java:914) at org.apache.kafka.clients.producer.KafkaProducer.send(KafkaProducer.java:800) . . . Caused by: org.apache.kafka.common.errors.ClusterAuthorizationException: Cluster authorization failed.
- CDPD-45183: Kafka Connect active topics might be visible to unauthorised users
- The Kafka Connect active topics endpoint
(
/connectors/[***CONNECTOR NAME***]/topics
) and the Connect Cluster page on the SMM UI disregard the user permissions configured for the Kafka service in Ranger. As a result, all active topics of connectors might become visible to users who do not have permissions to view them. Note that user permission configured for Kafka Connect in Ranger are not affected by this issue and are correctly applied. - CFM-2966: Stateless NiFi connectors do not work with Java Runtime Environment 9 or later
-
Stateless NiFi connectors cannot be deployed if you are using Java Runtime Environment (JRE) 9 or later. This issue affects the Stateless NiFi Source (StatelessNiFiSinkConnector) and Stateless NiFi Sink (StatelessNiFiSourceConnector) connectors as well as all Cloudera developed connectors based on Stateless NiFi Source and Sink connectors. Click Show to view the full list of affected connectors.
- HTTP Source
- JDBC Source
- JMS Source
- MQTT Source
- SFTP Source
- Stateless NiFi Source
- Syslog TCP Source
- Syslog UDP Source
- ADLS Sink
- HDFS Stateless Sink
- HTTP Sink
- InfluxDB Sink
- JDBC Sink
- Kudu Sink
- S3 Sink
- Stateless NiFi Sink
This issue does not affect clusters that have a supported version of Java Development Kit (JDK) installed. For more information on supported versions, see Java Requirements or the Cloudera Support Matrix.
- CDPD-29307: Kafka producer entity stays in incomplete state in Atlas
- Atlas creates incomplete Kafka client entities that are postfixed with the metadata namespace.
- CDPD-49304: AvroConverter does not support composite default values
- AvroConverter cannot handle schemas containing a
STRUCT
type default value. - CDPD-53179: Amazon S3 sink connector fails when buffer size is reached
- If there is more than 5 MB (buffer size) of data available in a Kafka source topic and the connector receives more than 5 MB of data in a single poll, the connector tries to upload all the data as a multipart upload to S3. The upload, however, fails.
- OPSAPS-64606: Authorization issues if Kafka Connect is not installed
- A Ranger policy (
connect internal - topic
) is generated by default on fresh installations. If a Kafka Connect role is not present on the cluster, a the policy is created with an empty topic include list. This policy could cause problems with Kafka topics. - CDPD-45958: Kafka client JAAS override policy validation is incorrect
- The JAAS override filter policy refuses configurations if the configuration contains an unknown field instead of only refusing based on known fields with invalid values.
- CDPD-48822: AvroConverter ignores default values when converting from Avro to Connect schema
- AvroConverter does not propagate field default values when converting Avro schemas to Connect schemas.
- OPSAPS-68138: Schema Registry and Kafka cannot download policies from Ranger when using custom Kerberos principals
- Ranger repositories created by the scripts that start Kafka, Kafka Connect and Schema Registry only add the principal name of related services to the repository users and the policies. In deployments where custom Kerberos principals are used, this can cause repository and policy download issues for Kafka, Kafka Connect and Schema Registry. Additionally, this can result in permission issues for related services.
Unsupported Features
-
The following Kafka features are not supported in Cloudera Data Platform:
- Only Java and .Net based clients are supported. Clients developed with C, C++, Python, and other languages are currently not supported.
- The Kafka default authorizer is not supported. This includes setting ACLs and all related APIs, broker functionality, and command-line tools.
- SASL/SCRAM is only supported for delegation token based authentication. It is not supported as a standalone authentication mechanism.
- The Cloudera AvroConverter (com.cloudera.dim.kafka.connect.converts.AvroConverter) is not supported with the Debezium Kafka Connect connectors shipped in Cloudera Runtime.
Limitations
- Collection of Partition Level Metrics May Cause Cloudera Manager’s Performance to Degrade
-
If the Kafka service operates with a large number of partitions, collection of partition level metrics may cause Cloudera Manager's performance to degrade.
If you are observing performance degradation and your cluster is operating with a high number of partitions, you can choose to disable the collection of partition level metrics.Complete the following steps to turn off the collection of partition level metrics:- Obtain the Kafka service name:
- In Cloudera Manager, Select the Kafka service.
- Select any available chart, and select Open in Chart Builder from the configuration icon drop-down.
- Find
$SERVICENAME=
near the top of the display.The Kafka service name is the value of$SERVICENAME
.
- Turn off the collection of partition level metrics:
- Go to .
- Find and configure the Cloudera Manager Agent Monitoring
Advanced Configuration Snippet (Safety Valve) configuration
property.Enter the following to turn off the collection of partition level metrics:
Replace[KAFKA_SERVICE_NAME]_feature_send_broker_topic_partition_entity_update_enabled=false
[KAFKA_SERVICE_NAME]
with the service name of Kafka obtained in step 1. The service name should always be in lower case. - Click Save Changes.
- Obtain the Kafka service name: