trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

website/blog: fix missing link in m2m post (#6994) 

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-09-26 21:41:55 +02:00 committed by GitHub
parent 8e39ad2cda
commit 4bb53fc3e8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
website/blog/2023-09-26-machine-to-machine-communication-in-authentik/item.md
View File

@ -97,7 +97,7 @@ In this use case, you will create an expression policy, in which you define serv
return jwt["sub"] in allowed_sa return jwt["sub"] in allowed_sa
``` ```
Then the rest is same as in the first use case; obtain a JWT from the K8s cluster, send the token to authentik, get back a diff token, then send that token to Thanos, Mimir, or where ever you want to store the metrics. Prometheus then uses that token to authenticate incoming requests from the other clusters. Actually, you can configure Promethesus to do the token exchange work, by using their `remote_write` feature. For an example of how this can be set up, refer to this YAML file, where I configured `remote_write`. Then the rest is same as in the first use case; obtain a JWT from the K8s cluster, send the token to authentik, get back a diff token, then send that token to Thanos, Mimir, or where ever you want to store the metrics. Prometheus then uses that token to authenticate incoming requests from the other clusters. Actually, you can configure Promethesus to do the token exchange work, by using the `oauth2` configuration option. For an example of how this can be set up, refer to [this YAML file](https://github.com/BeryJu/k8s/blob/b4b26e5/common-monitoring/monitoring-system/prom-agent.yaml#L24-L39), where I configured `remote_write`.
**3. GitOps with M2M and Loki** **3. GitOps with M2M and Loki**