Known Issues in Apache Kafka
This topic describes known issues, unsupported features and limitations for using Kafka in this release of Cloudera Runtime.
Known Issues
- OPSAPS-59553: SMM's bootstrap server config should be updated based on Kafka's listeners
-
SMM does not show any metrics for Kafka or Kafka Connect when multiple listeners are set in Kafka.
- Topics created with the
kafka-topics
tool are only accessible by the user who created them when the deprecated--zookeeper
option is used -
By default all created topics are secured. However, when topic creation and deletion is done with the kafka-topics tool using the
--zookeeper
option, the tool talks directly to Zookeeper. Because security is the responsibility of ZooKeeper authorization and authentication, Kafka cannot prevent users from making ZooKeeper changes. As a result, if the--zookeeper
option is used, only the user who created the topic will be able to carry out administrative actions on it. In this scenario Kafka will not have permissions to perform tasks on topics created this way.
- Certain Kafka command line tools require direct access to Zookeeper
-
The following command line tools talk directly to ZooKeeper and therefore are not secured via Kafka:
kafka-configs
kafka-reassign-partitions
- The
offsets.topic.replication.factor
property must be less than or equal to the number of live brokers -
The
offsets.topic.replication.factor
broker configuration is now enforced upon auto topic creation. Internal auto topic creation will fail with aGROUP_COORDINATOR_NOT_AVAILABLE
error until the cluster size meets this replication factor requirement.
- Requests fail when sending to a nonexistent topic with
auto.create.topics.enable
set to true -
The first few
produce
requests fail when sending to a nonexistent topic withauto.create.topics.enable
set to true.
- Custom Kerberos principal names cannot be used for kerberized ZooKeeper and Kafka instances
-
When using ZooKeeper authentication and a custom Kerberos principal, Kerberos-enabled Kafka does not start. You must disable ZooKeeper authentication for Kafka or use the default Kerberos principals for ZooKeeper and Kafka.
- Performance degradation when SSL Is enabled
-
In some configuration scenarios, significant performance degradation can occur when SSL is enabled. The impact varies depending on your CPU, JVM version, Kafka configuration, and message size. Consumers are typically more affected than producers.
- OPSAPS-43236: Kafka garbage collection logs are written to the process directory
-
By default Kafka garbage collection logs are written to the agent process directory. Changing the default path for these log files is currently unsupported.
- OPSAPS-57113: The Kafka Broker Advanced Configuration Snippet (Safety Valve) for ssl.properties does not propagate configurations correctly
-
If the Kafka Broker Advanced Configuration Snippet (Safety Valve) for ssl.properties property contains configuration that has dollar signs, the configuration is not propagated to Kafka brokers correctly.
- OPSAPS-57907: The Kafka metric collector adapter generates high CPU load
-
If a large number of topic partitions are created on a cluster, the Cloudera Manager Agent can generate a high CPU load. This is caused by the Kafka metric collector adapter carrying out excessive regex matching.
- OPSAPS-59031: Kafka cannot start if configuration is added to the Kafka Broker Advanced Configuration Snippet (Safety Valve) for ssl.properties
-
The Kafka Broker Advanced Configuration Snippet (Safety Valve) for ssl.properties configuration snippet does not correctly override configuration. As a result, Kafka may not start if TLS/SSL related configuration overrides are added to the this configuration snippet.
Unsupported Features
-
The following Kafka features are not supported in Cloudera Data Platform:
- Only Java based clients are supported. Clients developed with C, C++, Python, .NET and other languages are currently not supported.
- While Kafka Connect is available as part of Runtime, it is currently not supported in CDP Public Cloud. NiFi is a proven solution for batch and real time data loading that complement Kafka's message broker capability. For more information, see Creating your first Flow Management cluster.
- The Kafka default authorizer is not supported. This includes setting ACLs and all related APIs, broker functionality, and command-line tools.
Limitations
- Collection of Partition Level Metrics May Cause Cloudera Manager’s Performance to Degrade
-
If the Kafka service operates with a large number of partitions, collection of partition level metrics may cause Cloudera Manager's performance to degrade.
If you are observing performance degradation and your cluster is operating with a high number of partitions, you can choose to disable the collection of partition level metrics.Complete the following steps to turn off the collection of partition level metrics:- Obtain the Kafka service name:
- In Cloudera Manager, Select the Kafka service.
- Select any available chart, and select Open in Chart Builder from the configuration icon drop-down.
- Find
$SERVICENAME=
near the top of the display.The Kafka service name is the value of$SERVICENAME
.
- Turn off the collection of partition level metrics:
- Go to .
- Find and configure the Cloudera Manager Agent Monitoring
Advanced Configuration Snippet (Safety Valve) configuration
property.Enter the following to turn off the collection of partition level metrics:
Replace[KAFKA_SERVICE_NAME]_feature_send_broker_topic_partition_entity_update_enabled=false
[KAFKA_SERVICE_NAME]
with the service name of Kafka obtained in step 1. The service name should always be in lower case. - Click Save Changes.
- Obtain the Kafka service name: