Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs(identity): add user guide for generating M2M tokens #973

Merged
merged 5 commits into from
Jul 6, 2022
Merged

docs(identity): add user guide for generating M2M tokens #973

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
2d44865
docs(identity): add user guide for generating M2M tokens
Ben-Sheppard Jun 15, 2022
74be0cc
docs(identity): fix formatting
Ben-Sheppard Jun 21, 2022
62c7428
style(formatting): technical review
christinaausley Jul 5, 2022
6eaabe9
Merge branch 'main' into add-m2m-token-guide
christinaausley Jul 5, 2022
6b99db5
adjust formatting
christinaausley Jul 5, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
90 changes: 45 additions & 45 deletions docs/components/best-practices/architecture/sizing-your-environment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -144,52 +144,52 @@ Provisioning Camunda Platform 8 onto your self-managed Kubernetes cluster might

However, the following example shows the current configuration of a cluster of size S in Camunda Platform 8 SaaS, which can serve as a starting point for your own sizing. As you can see in the table above, such a cluster can serve 500,000 process instances / day and store up to 5.4 million process instances (in-flight and history).

| | | request | limit |
| ------------------------------ | ------------------- | ------- | ----- |
| **Zeebe** | | | |
| \# brokers | 3 | | |
| \# partitions | 3 | | |
| replication factor | 3 | | |
| | vCPU \[cores\] | 0.8 | 0.96 |
| | Mem \[GB\] | 2 | 4 |
| | Disk \[GB\] | 32 | 192 |
| #gateway | 2 | | |
| | vCPU \[cores\] | 0.4 | 0.4 |
| | Mem \[GB\] limit | 0.45 | 0.45 |
| **Operate** | | | |
| #importer | 1 | | |
| | vCPU \[cores\] | 0.4 | 1 |
| | Mem \[GB\] limit | 1 | 1 |
| #webapp | 2 | | |
| | vCPU \[cores\] | 0.4 | 1 |
| | Mem \[GB\] limit | 1 | 1 |
| **Tasklist** | | | |
| #importer | 1 | | |
| | vCPU \[cores\] | 0.4 | 1 |
| | Mem \[GB\] limit | 1 | 2 |
| #webapp | 2 | | |
| | vCPU \[cores\] | 0.4 | 1 |
| | Mem \[GB\] limit | 1 | 2 |
| **Optimize** | | | |
| #importer | 1 | | |
| | vCPU \[cores\] | 0.4 | 1 |
| | Mem \[GB\] limit | 1 | 1 |
| #webapp | 2 | | |
| | vCPU \[cores\] | 0.4 | 1 |
| | Mem \[GB\] limit | 1 | 1 |
| **Elastic** | | | |
| #statefulset | 1 | | |
| | vCPU \[cores\] | 1 | 2 |
| | Mem \[GB\] limit | 1 | 6 |
| | Disk \[GB\] request | 64 | 64 |
| | | request | limit |
| ---------------------------------- | ------------------- | ------- | ----- |
| **Zeebe** | | | |
| \# brokers | 3 | | |
| \# partitions | 3 | | |
| replication factor | 3 | | |
| | vCPU \[cores\] | 0.8 | 0.96 |
| | Mem \[GB\] | 2 | 4 |
| | Disk \[GB\] | 32 | 192 |
| #gateway | 2 | | |
| | vCPU \[cores\] | 0.4 | 0.4 |
| | Mem \[GB\] limit | 0.45 | 0.45 |
| **Operate** | | | |
| #importer | 1 | | |
| | vCPU \[cores\] | 0.4 | 1 |
| | Mem \[GB\] limit | 1 | 1 |
| #webapp | 2 | | |
| | vCPU \[cores\] | 0.4 | 1 |
| | Mem \[GB\] limit | 1 | 1 |
| **Tasklist** | | | |
| #importer | 1 | | |
| | vCPU \[cores\] | 0.4 | 1 |
| | Mem \[GB\] limit | 1 | 2 |
| #webapp | 2 | | |
| | vCPU \[cores\] | 0.4 | 1 |
| | Mem \[GB\] limit | 1 | 2 |
| **Optimize** | | | |
| #importer | 1 | | |
| | vCPU \[cores\] | 0.4 | 1 |
| | Mem \[GB\] limit | 1 | 1 |
| #webapp | 2 | | |
| | vCPU \[cores\] | 0.4 | 1 |
| | Mem \[GB\] limit | 1 | 1 |
| **Elastic** | | | |
| #statefulset | 1 | | |
| | vCPU \[cores\] | 1 | 2 |
| | Mem \[GB\] limit | 1 | 6 |
| | Disk \[GB\] request | 64 | 64 |
| **Other** (Worker, Analytics, ...) | | | |
| # | 1 | | |
| | vCPU \[cores\] | 0.4 | 0.4 |
| | Mem \[GB\] limit | 0.45 | 0.45 |
| **Total resources** | | | |
| | vCPU \[cores\] | 5 | 9.76 |
| | Mem \[GB\] | 9.9 | 18.9 |
| | Disk \[GB\] | 96 | 256 |
| # | 1 | | |
| | vCPU \[cores\] | 0.4 | 0.4 |
| | Mem \[GB\] limit | 0.45 | 0.45 |
| **Total resources** | | | |
| | vCPU \[cores\] | 5 | 9.76 |
| | Mem \[GB\] | 9.9 | 18.9 |
| | Disk \[GB\] | 96 | 256 |

## Planning non-production environments

Expand Down
20 changes: 20 additions & 0 deletions docs/self-managed/concepts/authentication/m2m-tokens.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
---
id: m2m-tokens
title: "Machine-to-machine (M2M) tokens"
sidebar_label: "Machine-to-machine (M2M) tokens"
---

A **machine-to-machine (M2M)** token is a token requested by one service so it can
communicate with another service acting as itself.

In [Identity](/self-managed/identity/what-is-identity.md), we provide the ability to assign permissions to
an application. This functionality allows an application to perform the `client_credentials` flow to
retrieve a JWT token with permissions.

The token generated can then be used to communicate with other applications in the Camunda Platform without
the need for user intervention.

:::tip Want to learn how to generate an M2M token?
Head to our guide, [generating M2M tokens](/self-managed/identity/user-guide/generating-m2m-tokens.md)
to find out more!
:::
35 changes: 35 additions & 0 deletions docs/self-managed/identity/user-guide/generating-m2m-tokens.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
id: generating-m2m-tokens
title: "Generating machine-to-machine tokens"
sidebar_label: "Generating machine-to-machine (M2M) tokens"
---

In this guide, we'll show you how to generate your own **machine-to-machine (M2M)** tokens.

:::tip Want to learn more about M2M tokens?
Head over to our documentation on [M2M tokens](/self-managed/concepts/authentication/m2m-tokens.md) to find out more.
:::

### Prerequisites

- A running [Identity](/self-managed/identity/what-is-identity.md) service
- An [application](/self-managed/concepts/access-control/applications.md) for your service
- The client ID of your application
- The client secret of your application
- A REST client of your choice

### Generate token

In our example, the Keycloak instance that supports Identity can be found via `http://localhost:18080`.
This may be different for you, so adjust the host name (and port if required) as appropriate.

To request a token, use the following cURL command replacing the placeholders with your applications
details:

```
curl --location --request POST 'http://localhost:18080/auth/realms/camunda-platform/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=[CLIENT_ID]' \
--data-urlencode 'client_secret=[CLIENT_SECRET]' \
--data-urlencode 'grant_type=client_credentials'
```
2 changes: 2 additions & 0 deletions sidebars.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -427,6 +427,7 @@ module.exports = {
"self-managed/concepts/access-control/roles",
"self-managed/concepts/access-control/users",
],
Authentication: ["self-managed/concepts/authentication/m2m-tokens"],
},
"self-managed/concepts/exporters",
],
Expand Down Expand Up @@ -590,6 +591,7 @@ module.exports = {
"self-managed/identity/user-guide/assigning-a-role-to-a-user",
"self-managed/identity/user-guide/configure-external-identity-provider",
"self-managed/identity/user-guide/making-identity-production-ready",
"self-managed/identity/user-guide/generating-m2m-tokens",
],
},
{
Expand Down