In order for the Kafka ACL and Topic management services to work successfully with Vault,

the external Kafka cluster, whether self-hosted or managed, will need to fully support the

Apache Kafka Admin API. In cases where there is limited access to the Admin API or it is not

accessible at all, which might happen if external Kafka providers wish to provide their own

custom API, the management services we offer will not be able to create/delete ACLs and/or

Topics and you will need to do this manually.

In addition, if the external Kafka cluster hides internal Kafka topics, e.g. the

_consumer_offsets topic, the burrow service that depends on such internal topics to

generate and export metrics to Vault will not be able to operate either, therefore Vault

services will be unable to perform consumer lag based HPA scaling as the metric that they

depend on, which should have been populated by burrow, will not have any data.