Quickstart: Create Apache Kafka cluster in Azure HDInsight using Bicep
In this quickstart, you use a Bicep to create an Apache Kafka cluster in Azure HDInsight. Kafka is an open-source, distributed streaming platform. It's often used as a message broker, as it provides functionality similar to a publish-subscribe message queue.
Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse. Bicep offers the best authoring experience for your infrastructure-as-code solutions in Azure.
The Kafka API can only be accessed by resources inside the same virtual network. In this quickstart, you access the cluster directly using SSH. To connect other services, networks, or virtual machines to Kafka, you must first create a virtual network and then create the resources within the network. For more information, see the Connect to Apache Kafka using a virtual network document.
Prerequisites
If you don't have an Azure subscription, create a free account before you begin.
Review the Bicep file
The Bicep file used in this quickstart is from Azure Quickstart Templates.
@description('The name of the Kafka cluster to create. This must be a unique name.')
param clusterName string
@description('These credentials can be used to submit jobs to the cluster and to log into cluster dashboards.')
param clusterLoginUserName string
@description('The password must be at least 10 characters in length and must contain at least one digit, one upper case letter, one lower case letter, and one non-alphanumeric character except (single-quote, double-quote, backslash, right-bracket, full-stop). Also, the password must not contain 3 consecutive characters from the cluster username or SSH username.')
@minLength(10)
@secure()
param clusterLoginPassword string
@description('These credentials can be used to remotely access the cluster.')
param sshUserName string
@description('SSH password must be 6-72 characters long and must contain at least one digit, one upper case letter, and one lower case letter. It must not contain any 3 consecutive characters from the cluster login name')
@minLength(6)
@maxLength(72)
@secure()
param sshPassword string
@description('Location for all resources.')
param location string = resourceGroup().location
@description('This is the headnode Azure Virtual Machine size, and will affect the cost. If you don\'t know, just leave the default value.')
@allowed([
'Standard_A4_v2'
'Standard_A8_v2'
'Standard_E2_v3'
'Standard_E4_v3'
'Standard_E8_v3'
'Standard_E16_v3'
'Standard_E20_v3'
'Standard_E32_v3'
'Standard_E48_v3'
])
param HeadNodeVirtualMachineSize string = 'Standard_E4_v3'
@description('This is the worerdnode Azure Virtual Machine size, and will affect the cost. If you don\'t know, just leave the default value.')
@allowed([
'Standard_A4_v2'
'Standard_A8_v2'
'Standard_E2_v3'
'Standard_E4_v3'
'Standard_E8_v3'
'Standard_E16_v3'
'Standard_E20_v3'
'Standard_E32_v3'
'Standard_E48_v3'
])
param WorkerNodeVirtualMachineSize string = 'Standard_E4_v3'
@description('This is the Zookeepernode Azure Virtual Machine size, and will affect the cost. If you don\'t know, just leave the default value.')
@allowed([
'Standard_A4_v2'
'Standard_A8_v2'
'Standard_E2_v3'
'Standard_E4_v3'
'Standard_E8_v3'
'Standard_E16_v3'
'Standard_E20_v3'
'Standard_E32_v3'
'Standard_E48_v3'
])
param ZookeeperNodeVirtualMachineSize string = 'Standard_E4_v3'
var defaultStorageAccount = {
name: uniqueString(resourceGroup().id)
type: 'Standard_LRS'
}
resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = {
name: defaultStorageAccount.name
location: location
sku: {
name: defaultStorageAccount.type
}
kind: 'StorageV2'
properties: {
minimumTlsVersion: 'TLS1_2'
supportsHttpsTrafficOnly: true
allowBlobPublicAccess: false
}
}
resource cluster 'Microsoft.HDInsight/clusters@2023-08-15-preview' = {
name: clusterName
location: location
properties: {
clusterVersion: '4.0'
osType: 'Linux'
clusterDefinition: {
kind: 'kafka'
configurations: {
gateway: {
'restAuthCredential.isEnabled': true
'restAuthCredential.username': clusterLoginUserName
'restAuthCredential.password': clusterLoginPassword
}
}
}
storageProfile: {
storageaccounts: [
{
name: replace(replace(concat(reference(storageAccount.id, '2021-08-01').primaryEndpoints.blob), 'https:', ''), '/', '')
isDefault: true
container: clusterName
key: listKeys(storageAccount.id, '2021-08-01').keys[0].value
}
]
}
computeProfile: {
roles: [
{
name: 'headnode'
targetInstanceCount: 2
hardwareProfile: {
vmSize: HeadNodeVirtualMachineSize
}
osProfile: {
linuxOperatingSystemProfile: {
username: sshUserName
password: sshPassword
}
}
}
{
name: 'workernode'
targetInstanceCount: 4
hardwareProfile: {
vmSize: WorkerNodeVirtualMachineSize
}
dataDisksGroups: [
{
disksPerNode: 2
}
]
osProfile: {
linuxOperatingSystemProfile: {
username: sshUserName
password: sshPassword
}
}
}
{
name: 'zookeepernode'
targetInstanceCount: 3
hardwareProfile: {
vmSize: ZookeeperNodeVirtualMachineSize
}
osProfile: {
linuxOperatingSystemProfile: {
username: sshUserName
password: sshPassword
}
}
}
]
}
}
}
output name string = cluster.name
output resourceId string = cluster.id
output cluster object = cluster.properties
output resourceGroupName string = resourceGroup().name
output location string = location
Two Azure resources are defined in the Bicep file:
- Microsoft.Storage/storageAccounts: create an Azure Storage Account.
- Microsoft.HDInsight/cluster: create an HDInsight cluster.
Deploy the Bicep file
Save the Bicep file as main.bicep to your local computer.
Deploy the Bicep file using either Azure CLI or Azure PowerShell.
az group create --name exampleRG --location eastus az deployment group create --resource-group exampleRG --template-file main.bicep --parameters clusterName=<cluster-name> clusterLoginUserName=<cluster-username> sshUserName=<ssh-username>You need to provide values for the parameters:
- Replace <cluster-name> with the name of the HDInsight cluster to create. The cluster name needs to start with a letter and can contain only lowercase letters, numbers, and dashes.
- Replace <cluster-username> with the credentials used to submit jobs to the cluster and to log in to cluster dashboards. Uppercase letters aren't allowed in the cluster username.
- Replace <ssh-username> with the credentials used to remotely access the cluster.
You'll be prompted to enter the following:
- clusterLoginPassword, which must be at least 10 characters long and contain at least one digit, one uppercase letter, one lowercase letter, and one non-alphanumeric character except single-quote, double-quote, backslash, right-bracket, full-stop. It also must not contain three consecutive characters from the cluster username of SSH username.
- sshPassword, which must be 6-72 characters long and must contain at least one digit, one uppercase letter, and one lowercase letter. It must not contain any three consecutive characters from the cluster login name.
Note
When the deployment finishes, you should see a message indicating the deployment succeeded.
Review deployed resources
Use the Azure portal, Azure CLI, or Azure PowerShell to list the deployed resources in the resource group.
az resource list --resource-group exampleRG
Get the Apache Zookeeper and Broker host information
When working with Kafka, you must know the Apache Zookeeper and Broker hosts. These hosts are used with the Kafka API and many of the utilities that ship with Kafka.
In this section, you get the host information from the Ambari REST API on the cluster.
Use ssh command to connect to your cluster. Edit the command below by replacing CLUSTERNAME with the name of your cluster, and then enter the command:
ssh sshuser@CLUSTERNAME-ssh.azurehdinsight.netFrom the SSH connection, use the following command to install the
jqutility. This utility is used to parse JSON documents, and is useful in retrieving the host information:sudo apt -y install jqTo set an environment variable to the cluster name, use the following command:
read -p "Enter the Kafka on HDInsight cluster name: " CLUSTERNAMEWhen prompted, enter the name of the Kafka cluster.
To set an environment variable with Zookeeper host information, use the command below. The command retrieves all Zookeeper hosts, then returns only the first two entries. This is because you want some redundancy in case one host is unreachable.
export KAFKAZKHOSTS=`curl -sS -u admin -G https://$CLUSTERNAME.azurehdinsight.net/api/v1/clusters/$CLUSTERNAME/services/ZOOKEEPER/components/ZOOKEEPER_SERVER | jq -r '["\(.host_components[].HostRoles.host_name):2181"] | join(",")' | cut -d',' -f1,2`When prompted, enter the password for the cluster login account (not the SSH account).
To verify that the environment variable is set correctly, use the following command:
echo '$KAFKAZKHOSTS='$KAFKAZKHOSTSThis command returns information similar to the following text:
<zookeepername1>.eahjefxxp1netdbyklgqj5y1ud.ex.internal.cloudapp.net:2181,<zookeepername2>.eahjefxxp1netdbyklgqj5y1ud.ex.internal.cloudapp.net:2181To set an environment variable with Kafka broker host information, use the following command:
export KAFKABROKERS=`curl -sS -u admin -G https://$CLUSTERNAME.azurehdinsight.net/api/v1/clusters/$CLUSTERNAME/services/KAFKA/components/KAFKA_BROKER | jq -r '["\(.host_components[].HostRoles.host_name):9092"] | join(",")' | cut -d',' -f1,2`When prompted, enter the password for the cluster login account (not the SSH account).
To verify that the environment variable is set correctly, use the following command:
echo '$KAFKABROKERS='$KAFKABROKERSThis command returns information similar to the following text:
<brokername1>.eahjefxxp1netdbyklgqj5y1ud.cx.internal.cloudapp.net:9092,<brokername2>.eahjefxxp1netdbyklgqj5y1ud.cx.internal.cloudapp.net:9092
Manage Apache Kafka topics
Kafka stores streams of data in topics. You can use the kafka-topics.sh utility to manage topics.
To create a topic, use the following command in the SSH connection:
/usr/hdp/current/kafka-broker/bin/kafka-topics.sh --create --replication-factor 3 --partitions 8 --topic test --zookeeper $KAFKAZKHOSTSThis command connects to Zookeeper using the host information stored in
$KAFKAZKHOSTS. It then creates a Kafka topic named test.Data stored in this topic is partitioned across eight partitions.
Each partition is replicated across three worker nodes in the cluster.
If you created the cluster in an Azure region that provides three fault domains, use a replication factor of 3. Otherwise, use a replication factor of 4.
In regions with three fault domains, a replication factor of 3 allows replicas to be spread across the fault domains. In regions with two fault domains, a replication factor of four spreads the replicas evenly across the domains.
For information on the number of fault domains in a region, see the Availability of Linux virtual machines document.
Kafka isn't aware of Azure fault domains. When creating partition replicas for topics, it may not distribute replicas properly for high availability.
To ensure high availability, use the Apache Kafka partition rebalance tool. This tool must be ran from an SSH connection to the head node of your Kafka cluster.
For the highest availability of your Kafka data, you should rebalance the partition replicas for your topic when:
You create a new topic or partition
You scale up a cluster
To list topics, use the following command:
/usr/hdp/current/kafka-broker/bin/kafka-topics.sh --list --zookeeper $KAFKAZKHOSTSThis command lists the topics available on the Kafka cluster.
To delete a topic, use the following command:
/usr/hdp/current/kafka-broker/bin/kafka-topics.sh --delete --topic topicname --zookeeper $KAFKAZKHOSTSThis command deletes the topic named
topicname.Warning
If you delete the
testtopic created earlier, then you must recreate it. It is used by steps later in this document.
For more information on the commands available with the kafka-topics.sh utility, use the following command:
/usr/hdp/current/kafka-broker/bin/kafka-topics.sh
Produce and consume records
Kafka stores records in topics. Records are produced by producers, and consumed by consumers. Producers and consumers communicate with the Kafka broker service. Each worker node in your HDInsight cluster is a Kafka broker host.
To store records into the test topic you created earlier, and then read them using a consumer, use the following steps:
To write records to the topic, use the
kafka-console-producer.shutility from the SSH connection:/usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh --broker-list $KAFKABROKERS --topic testAfter this command, you arrive at an empty line.
Type a text message on the empty line and hit enter. Enter a few messages this way, and then use Ctrl + C to return to the normal prompt. Each line is sent as a separate record to the Kafka topic.
To read records from the topic, use the
kafka-console-consumer.shutility from the SSH connection:/usr/hdp/current/kafka-broker/bin/kafka-console-consumer.sh --bootstrap-server $KAFKABROKERS --topic test --from-beginningThis command retrieves the records from the topic and displays them. Using
--from-beginningtells the consumer to start from the beginning of the stream, so all records are retrieved.If you're using an older version of Kafka, replace
--bootstrap-server $KAFKABROKERSwith--zookeeper $KAFKAZKHOSTS.Use Ctrl + C to stop the consumer.
You can also programmatically create producers and consumers. For an example of using this API, see the Apache Kafka Producer and Consumer API with HDInsight document.
Clean up resources
When no longer needed, use the Azure portal, Azure CLI, or Azure PowerShell to delete the resource group and its resources.
az group delete --name exampleRG
Next steps
In this quickstart, you learned how to create an Apache Kafka cluster in HDInsight using Bicep. In the next article, you learn how to create an application that uses the Apache Kafka Streams API and run it with Kafka on HDInsight.