Skip to content

Commit 28d95ee

Browse files
committed
Add Kafka Gateway example
1 parent f71e258 commit 28d95ee

File tree

1 file changed

+35
-0
lines changed

1 file changed

+35
-0
lines changed

README.md

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -169,6 +169,41 @@ See:
169169
--auth-local-param "--user-attr=uid" \
170170
--bootstrap-server-mapping "192.168.99.100:32400,127.0.0.1:32400"
171171
172+
### Kafka Gateway example
173+
174+
Authentication between Kafka Proxy Client and Kafka Proxy Server with Google-ID (service account JWT)
175+
176+
build/kafka-proxy server --bootstrap-server-mapping "kafka-0.grepplabs.com:9092,127.0.0.1:32500" \
177+
--bootstrap-server-mapping "kafka-1.grepplabs.com:9092,127.0.0.1:32501" \
178+
--bootstrap-server-mapping "kafka-2.grepplabs.com:9092,127.0.0.1:32502" \
179+
--dynamic-listeners-disable \
180+
--http-disable \
181+
--proxy-listener-tls-enable \
182+
--proxy-listener-cert-file=/var/run/secret/server.cert.pem \
183+
--proxy-listener-key-file=/var/run/secret/server.key.pem \
184+
--auth-gateway-server-enable \
185+
--auth-gateway-server-method google-id \
186+
--auth-gateway-server-magic 3285573610483682037 \
187+
--auth-gateway-server-command google-id-info \
188+
--auth-gateway-server-param "--timeout=10" \
189+
--auth-gateway-server-param "--audience=tcp://kafka-gateway.grepplabs.com" \
190+
--auth-gateway-server-param "--email-regex=^[email protected]$"
191+
192+
build/kafka-proxy server --bootstrap-server-mapping "127.0.0.1:32500,127.0.0.1:32400" \
193+
--bootstrap-server-mapping "127.0.0.1:32501,127.0.0.1:32401" \
194+
--bootstrap-server-mapping "127.0.0.1:32502,127.0.0.1:32402" \
195+
--dynamic-listeners-disable \
196+
--http-disable \
197+
--tls-enable \
198+
--tls-ca-chain-cert-file /var/run/secret/client/ca-chain.cert.pem \
199+
--auth-gateway-client-enable \
200+
--auth-gateway-client-method google-id \
201+
--auth-gateway-client-magic 3285573610483682037 \
202+
--auth-gateway-client-command google-id-provider \
203+
--auth-gateway-client-param "--credentials-file=/var/run/secret/client/service-account.json" \
204+
--auth-gateway-client-param "--target-audience=tcp://kafka-gateway.grepplabs.com" \
205+
--auth-gateway-client-param "--timeout=10"
206+
172207
173208
### Kubernetes sidecar container example
174209

0 commit comments

Comments
 (0)