Cheat Sheets

Three dense quick references by persona—producer/consumer/Spring for developers, Streams/Connect/schemas for data engineers, and ops/metrics/security for platform. Use Copy sheet for plain text, persona filters to focus one role, or print (Cmd/Ctrl+P).

developer senior platform

Developer Cheat Sheet

Producer/consumer config, delivery semantics, Spring Kafka. Chapters: Producers, Consumers, Spring Kafka.

developer

Delivery semantics

Semantic	Producer	Consumer	When
At-most-once	`acks=0`, no retry	Commit before process	Metrics, loss OK
At-least-once	`acks=all`, retries	Process then commit	Default production
Exactly-once (Kafka)	Idempotent + transactions	`read_committed`	Streams, txn listeners

# Durable producer (at-least-once on wire)
acks=all
enable.idempotence=true
retries=2147483647
max.in.flight.requests.per.connection=5

Producer config

Property	Safe prod	Throughput	Low latency
`acks`	`all`	`1`	`1`
`linger.ms`	`5`	`20`	`0`
`batch.size`	`16384`	`131072`	`16384`
`compression.type`	`lz4`	`lz4`	`none`
`buffer.memory`	`33554432`	`134217728`	—
`enable.idempotence`	`true`	`true`	`true`

// Async — never .get() per record in hot loop
kafkaTemplate.send("orders", key, event);  // CompletableFuture in Spring Kafka 3.x

Consumer config

Property	Typical	Notes
`group.id`	`order-service`	One per logical app
`auto.offset.reset`	`earliest`	New group only
`enable.auto.commit`	`false`	Manual ack after process
`max.poll.records`	`500`	× process time < max.poll.interval.ms
`max.poll.interval.ms`	`300000`+	Rebalance if exceeded
`isolation.level`	`read_committed`	Transactional producers
`fetch.min.bytes`	`1` / `100000`	Latency / throughput

Spring Kafka

API	Purpose
`KafkaTemplate.send(...)`	Async produce; returns `CompletableFuture`
`@KafkaListener`	Declarative consumer; `containerFactory` for custom ack/error
`Acknowledgment`	Manual commit — needs MANUAL ackMode
`@SendTo`	Request-reply reply routing
`DefaultErrorHandler`	Retry + DLT via `DeadLetterPublishingRecoverer`
`@RetryableTopic`	Non-blocking retry topics + DLT
`ReplyingKafkaTemplate`	RPC-style request-reply client

@KafkaListener(topics = "orders", groupId = "processor")
public void onOrder(@Payload OrderEvent o, Acknowledgment ack) {
  process(o);
  ack.acknowledge();
}

spring.kafka.listener.ack-mode: record
spring.kafka.listener.concurrency: 3

Partitioning & keys

Strategy	Behavior
Key provided	`murmur2(key) % partitions` — same key → same partition
No key, partition set	Explicit partition
No key, no partition	Sticky partition batching (producer)
Custom	`Partitioner` implementation

CLI quick ref

kafka-console-producer.sh --bootstrap-server kafka:9092 --topic orders
kafka-console-consumer.sh --bootstrap-server kafka:9092 --topic orders --from-beginning --group debug

kafka-topics.sh --describe --topic orders --bootstrap-server kafka:9092
kafka-consumer-groups.sh --describe --group order-processor --bootstrap-server kafka:9092

Data Engineer Cheat Sheet

Streams, Connect/CDC, Schema Registry, patterns, performance. Chapters: Streams, Connect, Schemas, Patterns.

senior

Kafka Streams DSL

Type	Semantics	Backing topic
`KStream`	Event stream (every record)	`delete` retention
`KTable`	Changelog per key (latest)	`compact`
`GlobalKTable`	Full copy on every instance	Compacted, small catalog

streams.builder()
  .stream("orders")
  .groupByKey()
  .windowedBy(TimeWindows.ofSizeWithNoGrace(Duration.ofMinutes(5)))
  .count()
  .toStream()
  .to("order-counts");

# EOS
processing.guarantee=exactly_once_v2
isolation.level=read_committed

Connect & Debezium

Component	Role
Connector	Plugin + config (JdbcSource, Debezium, S3Sink)
Task	Unit of parallelism (`tasks.max`)
Worker	JVM running tasks; REST :8083
SMT	Single Message Transform in-flight

DB	CDC mechanism
PostgreSQL	Logical replication (`pgoutput`)
MySQL	Binlog ROW format
MongoDB	Change streams / oplog
Oracle	LogMiner

# Debezium envelope fields
op: c|u|d|r   before / after   source.ts_ms   ts_ms

# Outbox SMT
transforms=outbox
transforms.outbox.type=io.debezium.transforms.outbox.EventRouter

# Error handling
errors.tolerance=all
errors.deadletterqueue.topic.name=connect.dlq

Schema Registry

Compatibility	Rule (intuition)
`BACKWARD`	New consumer reads old data — add fields with default
`FORWARD`	Old consumer reads new data — remove with default
`FULL`	Both directions vs latest version
`FULL_TRANSITIVE`	Both vs all history — prod default
`NONE`	No checks — avoid shared topics

Wire: 0x00 + schema_id (4 bytes BE) + payload

Subject: orders-value  (TopicNameStrategy)
auto.register.schemas=false   # CI registers schemas

Architecture patterns

Pattern	Use when	Gotcha
Outbox + CDC	DB + Kafka atomic publish	At-least-once; idempotent consumers
CQRS	Separate read/write models	Eventual consistency in UX
Event sourcing	Replayable audit log	Snapshot for long aggregates
Saga orchestration	Multi-service txn	Compensations must be idempotent
DLT	Poison messages	`{topic}.DLT` + metadata headers
Fan-out	Multiple independent consumers	Separate consumer groups
MirrorMaker 2	DR / multi-region	Active-active needs conflict rules

Performance tuning matrix

Knob	Throughput	Low latency
`linger.ms`	20	0
`compression.type`	lz4	none
`fetch.min.bytes`	100000	1
`fetch.max.wait.ms`	500	0
`acks`	1 (unsafe)	1 or all

partitions ≈ target_MB/s ÷ per_partition_MB/s  (measure!)
Per partition: ~10-100 MB/s depending on disk/NIC

kafka-producer-perf-test.sh --topic perf --record-size 1024 --throughput -1 ...
kafka-consumer-perf-test.sh --topic perf --messages 5000000 ...

Reliability checklist

Layer	Must have
Topic	RF=3, `min.insync.replicas=2`
Producer	`acks=all`, idempotence
Consumer	Idempotent handler or dedup store
Broker	`unclean.leader.election.enable=false`
Schema	`FULL_TRANSITIVE`, no auto-register in prod

Platform / Infra Cheat Sheet

Topic admin, monitoring alerts, security, broker/OS tuning, capacity. Chapters: Operations, Performance, Architecture.

platform

Topic administration

# Create (size partitions up-front — cannot reduce)
kafka-topics.sh --create --topic orders --partitions 24 --replication-factor 3 \
  --config min.insync.replicas=2 --config retention.ms=604800000

kafka-topics.sh --alter --topic orders --partitions 36   # increase only
kafka-configs.sh --alter --entity-type topics --entity-name orders \
  --add-config retention.ms=1209600000

kafka-topics.sh --delete --topic orders-staging   # needs delete.topic.enable

Config	Typical prod
`replication.factor`	3
`min.insync.replicas`	2
`retention.ms`	7d–30d tiered
`cleanup.policy`	`delete` / `compact` / both
`segment.bytes`	1 GB

Consumer group ops

kafka-consumer-groups.sh --list --bootstrap-server kafka:9092
kafka-consumer-groups.sh --describe --group order-processor

# Reset (stop consumers first; dry-run then --execute)
kafka-consumer-groups.sh --group order-processor --topic orders \
  --reset-offsets --to-datetime 2026-06-01T00:00:00.000 --dry-run
# --to-earliest | --to-latest | --to-offset | --by-duration PT2H

Critical metrics — page these

Metric	Target	Component
`UnderReplicatedPartitions`	0	Broker
`OfflinePartitionsCount`	0	Broker
`ActiveControllerCount`	1 cluster-wide	Controller
`RequestHandlerAvgIdlePercent`	> 0.2	Broker
`records-lag-max`	Flat / bounded	Consumer
`record-error-rate`	0	Producer

Stack: JMX → Prometheus JMX Exporter → Grafana (Confluent dashboards)
Lag SLA: Burrow (OK/WARN/ERR) or records-lag-max growth rate

Security

Layer	Mechanism
Encrypt transit	SSL/TLS, `SASL_SSL` listeners
Auth	SCRAM-SHA-512 (internal), OAuth/Kerberos (enterprise)
Authz	ACLs — `StandardAuthorizer` (KRaft)
At rest	OS/disk encryption — not built into Kafka

kafka-acls.sh --add --allow-principal User:order-service \
  --operation Write --topic orders

kafka-acls.sh --add --allow-principal User:processor \
  --operation Read --topic orders
kafka-acls.sh --add --allow-principal User:processor \
  --operation Read --group order-processor

Broker & OS tuning

Setting	Value
JVM heap	`-Xms6g -Xmx6g` — rest to page cache
GC	G1GC, `MaxGCPauseMillis=20`
`vm.swappiness`	1
`vm.dirty_ratio`	80
Mount	XFS/ext4, `noatime`
`num.io.threads`	2 × data disks
`num.network.threads`	8
`unclean.leader.election.enable`	false

Partition reassignment

kafka-reassign-partitions.sh --broker-list 3 --generate
kafka-reassign-partitions.sh --reassignment-json-file plan.json --execute
kafka-reassign-partitions.sh --reassignment-json-file plan.json --verify

# Throttle before execute; remove throttle after verify
leader.replication.throttled.rate=52428800

Capacity formulas

disk ≈ retention_sec × peak_bytes_in × RF × 1.2

network ≈ peak_bytes_in × (RF - 1 + consumer_fan_out)

partitions/broker ceiling: ~2000–4000 (rebalance + metadata cost)

KRaft: dedicated controller quorum; monitor metadata apply latency

KRaft vs ZooKeeper (legacy)

Item	KRaft
Metadata	`__cluster_metadata` quorum
Controllers	Combined or dedicated broker role
Ops win	No ZK ensemble to operate
Migration	ZK → KRaft one-way (plan maintenance)