本文档采用自动化机器翻译技术翻译。 尽管我们力求提供准确的译文,但不对翻译内容的完整性、准确性或可靠性作出任何保证。 若出现任何内容不一致情况,请以原始 英文 版本为准,且原始英文版本为权威文本。

JSON Web Token (JWT) Authentication

Many 3rd party integrations available for Kubernetes, such as GitLab and HashiCorp Vault, involve giving an external process access to the Kubernetes API using a native Kubernetes Service Account token for authentication.

In Rancher v2.9.0 and later, service accounts on downstream clusters can now authenticate through a JSON web token (JWT) using the Rancher authentication proxy. In Rancher versions earlier than v2.9.0, only Rancher-issued tokens were supported.

To enable this feature, follow these steps:

  1. In the upper left corner, click ☰ > Cluster Management.

  2. Click Advanced to open the dropdown menu.

  3. Select JWT Authentication.

  4. Click the checkbox for the cluster you want to enable JWT authentication for, and click Enable. Alternatively, you can click > Enable.