THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
As mentioned above, certain broker configuration related to TLS cannot be inherited because keystore and trustore information is dynamically reconfigurable and may end up being stored in ZooKeeper. There are other TLS configuration values that are not dynamically reconfigurable in the broker (protocols and cipher suites, for example), but selectively inheriting these values configs provides little value and would could simply introduce confusion as people could might assume – incorrectly – that keystore ad truststore information could also be inherited. We therefore inherit nothing from the broker related to TLS configuration.
zookeeper.ssl.hostname.verifiction.enable
We could opt to use a true/false config to enable/disable ZooKeeper hostame verification. The ZooKeeper system property zookeeper.ssl.hostnameVerification works that way (and cannot be changed). However, Kafka uses a different convention: it clears the endpoint identification algorithm from its default value of https to disable hostname verification. Since we are explicitly deviating from the ZooKeeper system properties everywhere else, and since this config is rarely used, we will stay consistent with the Kafka config here as well.