JSON Web Token (JWT) Authentication
Many 3rd party integrations available for Kubernetes, such as GitLab and HashiCorp Vault, involve giving an external process access to the Kubernetes API using a native Kubernetes Service Account token for authentication.
In Rancher v2.9.0 and later, service accounts on downstream clusters can now authenticate through a JSON web token (JWT) using the Rancher authentication proxy. In Rancher versions earlier than v2.9.0, only Rancher-issued tokens were supported.
To enable this feature, follow these steps:
- In the upper left corner, click ☰ > Cluster Management.
- Click Advanced to open the dropdown menu.
- Select JWT Authentication.
- Click the checkbox for the cluster you want to enable JWT authentication for, and click Enable. Alternatively, you can click ⋮ > Enable.