From 4bb53fc3e8b0c90568b9a48587d5a06067e7d53a Mon Sep 17 00:00:00 2001 From: Jens L Date: Tue, 26 Sep 2023 21:41:55 +0200 Subject: [PATCH] website/blog: fix missing link in m2m post (#6994) Signed-off-by: Jens Langhammer --- .../item.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/blog/2023-09-26-machine-to-machine-communication-in-authentik/item.md b/website/blog/2023-09-26-machine-to-machine-communication-in-authentik/item.md index 0a3b24d78..7d0ed592d 100644 --- a/website/blog/2023-09-26-machine-to-machine-communication-in-authentik/item.md +++ b/website/blog/2023-09-26-machine-to-machine-communication-in-authentik/item.md @@ -97,7 +97,7 @@ In this use case, you will create an expression policy, in which you define serv return jwt["sub"] in allowed_sa ``` - Then the rest is same as in the first use case; obtain a JWT from the K8s cluster, send the token to authentik, get back a diff token, then send that token to Thanos, Mimir, or where ever you want to store the metrics. Prometheus then uses that token to authenticate incoming requests from the other clusters. Actually, you can configure Promethesus to do the token exchange work, by using their `remote_write` feature. For an example of how this can be set up, refer to this YAML file, where I configured `remote_write`. + Then the rest is same as in the first use case; obtain a JWT from the K8s cluster, send the token to authentik, get back a diff token, then send that token to Thanos, Mimir, or where ever you want to store the metrics. Prometheus then uses that token to authenticate incoming requests from the other clusters. Actually, you can configure Promethesus to do the token exchange work, by using the `oauth2` configuration option. For an example of how this can be set up, refer to [this YAML file](https://github.com/BeryJu/k8s/blob/b4b26e5/common-monitoring/monitoring-system/prom-agent.yaml#L24-L39), where I configured `remote_write`. **3. GitOps with M2M and Loki**