Add Kafka Gateway example

Author: everesio

README.md

@@ -169,6 +169,41 @@ See:
                              --auth-local-param "--user-attr=uid" \
                              --bootstrap-server-mapping "192.168.99.100:32400,127.0.0.1:32400"
 
+### Kafka Gateway example
+
+Authentication between Kafka Proxy Client and Kafka Proxy Server with Google-ID (service account JWT)
+
+    build/kafka-proxy server --bootstrap-server-mapping "kafka-0.grepplabs.com:9092,127.0.0.1:32500" \
+                             --bootstrap-server-mapping "kafka-1.grepplabs.com:9092,127.0.0.1:32501" \
+                             --bootstrap-server-mapping "kafka-2.grepplabs.com:9092,127.0.0.1:32502" \
+                             --dynamic-listeners-disable \
+                             --http-disable \
+                             --proxy-listener-tls-enable \
+                             --proxy-listener-cert-file=/var/run/secret/server.cert.pem \
+                             --proxy-listener-key-file=/var/run/secret/server.key.pem \
+                             --auth-gateway-server-enable \
+                             --auth-gateway-server-method google-id \
+                             --auth-gateway-server-magic 3285573610483682037 \
+                             --auth-gateway-server-command google-id-info \
+                             --auth-gateway-server-param  "--timeout=10" \
+                             --auth-gateway-server-param  "--audience=tcp://kafka-gateway.grepplabs.com" \
+                             --auth-gateway-server-param  "--email-regex=^[email protected]$"
+
+    build/kafka-proxy server --bootstrap-server-mapping "127.0.0.1:32500,127.0.0.1:32400" \
+                             --bootstrap-server-mapping "127.0.0.1:32501,127.0.0.1:32401" \
+                             --bootstrap-server-mapping "127.0.0.1:32502,127.0.0.1:32402" \
+                             --dynamic-listeners-disable \
+                             --http-disable \
+                             --tls-enable \
+                             --tls-ca-chain-cert-file /var/run/secret/client/ca-chain.cert.pem \
+                             --auth-gateway-client-enable \
+                             --auth-gateway-client-method google-id \
+                             --auth-gateway-client-magic 3285573610483682037 \
+                             --auth-gateway-client-command google-id-provider \
+                             --auth-gateway-client-param  "--credentials-file=/var/run/secret/client/service-account.json" \
+                             --auth-gateway-client-param  "--target-audience=tcp://kafka-gateway.grepplabs.com" \
+                             --auth-gateway-client-param  "--timeout=10"
+
 
 ### Kubernetes sidecar container example