At a first glance this seems to be an api written in Java using Spring Boot in a reactive style with Webflux. The api wraps the official Java Kafka client and some other libraries.
You should have mentioned that you work at Provectus in this article. Feels pretty sneaky to claim to do an impartial review, but provide no negative critique of the one made by your company…
This is indeed a very biased comparision where some features in the comparision table are just claimed to be not supported by other (open source) solutions. Even after reaching out multiple times the article is not updated accordingly. So this has to be considered a sneaky marketing page to be honest.
I might be biased as I'm one of the Kowl authors but I can definetely tell that Lenses is affected negatively the most. Imo it is one of the most complete paid solutions and got the worst marks basically.
There are several alternatives posted here already, but after comparing several ones maybe a year ago I found Kowl very nice: Nice UI, backend written in Go (quick startup, low memory usage), viewing and filtering of messages, support for schema registry, comes with a Docker image, usable locally and Helm chart for Kubernetes.
Neat! Just be wary around licensing, we’ve been using a similar management tool for a couple years https://github.com/yahoo/CMAK which was originally Kafka manager but they were forced to rename it.
We had a discussion with Apache team member according the name. Their main concern was that name should contain not Kafka but Apache Kafka. So they are ok with our current product name "UI for Apache Kafka"
Where I work we use Confluent Cloud who has their own proprietary UI. I've always found it to be lacking, hard to use and not very good.
We substituted it with AKHQ https://akhq.io/ , which is miles ahead of anything I've seen. The main issue with it are the interesting UX decisions that requires learning. For example, a lot of links require a double click, which isn't a common behavior in Web Apps. Besides that, it's absolutely wonderful and goes beyond just Kafka. We use Kafka Connect very heavily and AKHQ seems to implement the full CRUD for Connect.
I rolled out kPow initially for my team of 10 to help us manage and monitor our clusters.
We’ve now rolled it out to our 400+ engineers who use it every day to help them gain visibility and insight to their data and topics, manage offsets, amount other things. It handles HUGE clusters with no issue, and the RBAC features are great.
I’ve tried them all. While there are some ok alternatives, I honestly find them toys compared to kPow. Do yourself a favor and check it out!
We use Kafdrop for viewing topics/messages/info and it's really nice. It's read-only though, so if you need to configure a topic or push a message you have to use something else.
Kafdrop is great, especially if you're already running everything else in Docker, just add a few lines to your docker-compose and get a free web UI for troubleshooting/introspecting.
There's a lot great and developing tools for Kafka right now. CMAK doesn't seem that active, and I believe it was one of the tools we quickly gave up on, because it was a little difficult to get going.
Currently we're using Kowl, and we're looking into Cruise Control.
One limiting factor is that many of these tools doesn't support authentication and RBAC, Kowl does, and that has been a requirement for at least some of our projects, where not everyone is allowed to view certain topics.
I'm curious what makes you look into other solutions than Kowl then? :). We are happy to add anything that is desired in the community. Now that Kafka connect support is also there we will most likely just expand the existing features (e.g. adding, editing schemas etc.).
Disclaimer: I'm one of the Kowl authors. I do not intend to hijack that post for Kowl content though!
For ourselves, nothing really. For a customer: They really don't want to pay the licens once it is required, and they need ActiveDirectory authentication or KeyCloak. I've already been in contact with someone working on Kowl, and we're just waiting on OIDC support.
Really we just want an alternative to Kowl, if a customer asks for suggestions. For our own use, we plan on keeping Kowl.
I'm using kafdrop but modify it a bit. Reasons:
- the front page is very slow if there are a lot of topics (the kafka cluster I'm using has 6k topics). It's because kafdrop tries to get a lot of information of every topic even though it doesn't display them on the screen. I modified it like this: after display 6k topic names, I send ajax requests to get info (# of partitions, start & end offsets of each partition, number of messages in each partition) of 20 topics each.
- kafdrop doesn't have the feature to send a message to a topic. I added a text area below each topic name so that I can type the mesaage there and send.
- If there's a new message, kafdrop cannot tell me which partition that new message goes to. So I added this feature: suppose that a topic has 3 partitions with 3, 4 and 5 messages. If there are some new messages coming to that topic, I can refresh that topic in the UI and the UI will show something like partition 2: 3 -> 4 messages. So I know that 1 new message goes to partition 2.
I like the multi-cluster management feature of this project. Unfortunately I don't know react (angular + typescript is ok with me), so I'm wondering if I should try this one knowing that I cannot modify it.
The reasons I modified kafdrop are also the features I like to see in a new Kafka UI.
See https://kpow.io - if you would like a trial license let me know. 6k topics is fine, might need slight tuning which is easily done (6k groups slightly more complicated).
- Multi-cluster support is a great feature! That's the main thing missing from Kowl, in my opinion
- The UI feels clean
- Message streaming feels smooth, and the search feature is a great addition. Also love the ability to see a message for a given partition/offset, and that JSON messages are nicely rendered as JSON!
Negative/Feature Requests:
- The CleanupPolicy logic doesn't handle "delete,compact" (I see bug number 829 addressed a slightly related issue, maybe that logic could be expanded [1])
- When viewing Cluster -> Topic -> Consumers, it seems like far more is being loaded than just consumer groups for that particular topic. It takes much longer to load than, e.g., Kowl does for pulling the same information
- Similar feedback for when clicking on an individual consumer group (example URL path: "/ui/clusters/dev/consumer-groups/my-group"). It takes a very long time to load
- If any permissions issues are encountered while loading the individual consumer group, the entire request fails. That wouldn't necessarily be an issue, but it is when you're loading all consumer groups, and not just the one requested
- I don't see any docs on how to access a topic that is secured with certificates (Kowl's relevant config [2])
- If a schema registry uses a self-signed certificate (or one signed by a corporation's CA), there's no way to pass the certificate through a config or skip validation (Kowl's relevant config [3]). As it is, you get a 500 error in the API call, but the UI doesn't show an error
Overall, it seems like a fair bit of thought went into this! But there are a few quirks that make it very tough to use in a corporate environment with (perhaps excessively) large Kafka clusters with hundreds/thousands of topics, or secured with internal certificates
Hi, db3pt0
Thanks for detailed feedback!
- The CleanupPolicy
fixed issue 925 (https://github.com/provectus/kafka-ui/issues/925)
- When viewing Cluster -> Topic -> Consumers, it seems like far more is being loaded than just consumer groups for that particular topic.
It takes much longer to load than, e.g., Kowl does for pulling the same information
There is only one way to filter consumer groups by topic, get all consumer groups, enrich it with current members, committed offsets, and then filter them by topic.
If you have a lot of consumer groups, this might take time to do it. We are thinking on this issue, and will try to improve it in the next versions.
(https://github.com/provectus/kafka-ui/issues/927)
- Similar feedback for when clicking on an individual consumer group (example URL path: "/ui/clusters/dev/consumer-groups/my-group"). It takes a very long time to load
This looks rather strange. For single consumer we are getting consumer group description and then enrich it with topic info (end offsets). This works fast enough.
- If any permissions issues are encountered while loading the individual consumer group, the entire request fails. That wouldn't necessarily be an issue, but it is when you're loading all consumer groups, and not just the one requested
Thx for describing this. We created issue for this. (https://github.com/provectus/kafka-ui/issues/928)
- I don't see any docs on how to access a topic that is secured with certificates (Kowl's relevant config [2])
You have to pass ssl config stores to kafka client (we'll add docs. in the next versions https://github.com/provectus/kafka-ui/issues/929)
KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEYSTORE_LOCATION = /var/private/ssl/kafka.server.keystore.jks
KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEYSTORE_PASSWORD = test1234
KAFKA_CLUSTERS_0_PROPERTIES_SSL_KEY_PASSWORD = test1234
KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION = /var/private/ssl/kafka.server.truststore.jks
KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD = test1234
- If a schema registry uses a self-signed certificate (or one signed by a corporation's CA), there's no way to pass the certificate through a config or skip validation (Kowl's relevant config [3]). As it is, you get a 500 error in the API call, but the UI doesn't show an error
Same as above (https://github.com/provectus/kafka-ui/issues/930)
KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION = /var/private/ssl/kafka.server.truststore.jks
KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD = test1234
kPow gives you the ability to restrict visibility of Kafka resources down to a group or topic level by user-role, then builds completely internally consistent synthetic cluster views for each tenant.
We have a number of large enterprise customers who requested multi-tenancy support, it sounded tough at first but due to how kPow is built (we compute our own metrics / no JMX) and the fact that we use Clojure in both the front/back end it turned out to be fairly straight forward to implement.
Is the monitoring functionality independent off the cluster it is monitoring being up to see monitoring?
Control centre eats its own dog food. All its data is on topics. That means if your cluster is unhealthy you can see healthy stats until the control centre consumers have caught up. Which means if you have a lot of data and load, control centre can start lagging and in one case I had some very hard debugging wondering why control centre saying the cluster was unhealthy but the cluster was up. It turned out control centre was lagging by 24 hrs so I was seeing the previous days outage.
Confluent recommended putting control centre on its own cluster for this very reason. One that isn’t cheap, a minimal prod cluster is 3 brokers+zookeepers and secondly what then monitors your monitoring cluster.
First - kPow also stores all telemetry in internal topics (and also keeps an audit-log in another topic for data governance). Setting up multi-cluster is fairly easy and kPow stores data in the first configured cluster - so like Confluent's suggestion you could have a dedicated kPow cluster. We really only recommend this if/when you get up to a large number of connected Kafka resources (Cluster, Schema, or Connect) and/or you have cluster/s that are very busy with other work.
Second - from v85 (next week) our v3 compute engine make kPow monitoring functionally independent of topic load / performance of the underlying cluster. We do still persist to internal topics for recovery, etc, but live stats and control are only dependent on your Kafka cluster responding to AdminClient requests (a handful every minute).
If you would like a trial license or guided tour, just say.
Another question: how might this compare to the Confluent web GUI? Obviously this is open source which is great.