We don't have our Kube API exposed and all of mana...
# generall
limited-engine-76466
02/19/2025, 2:24 PMWe don't have our Kube API exposed and all of management traffic is proxied through Rancher. I thought there was a URL that allowed serviceaccount tokens through, but can't find it. Is my only option to create a service account in Rancher and replace the API key every 90 days?
h
hundreds-evening-84071
02/19/2025, 2:45 PMIn global settings you can change
auth-token-max-ttl-minutesm
mammoth-postman-10874
02/19/2025, 4:00 PM@limited-engine-76466 I believe this is what you're looking for https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/jwt-authentication
l
limited-engine-76466
02/19/2025, 6:46 PMThank you!
limited-engine-76466
02/19/2025, 6:47 PMI was starting to set up ingress and nginx to proxy to kube-api. I failed when nginx failed to load haproxy.cfg and that's when I realized I was way off track.
f
faint-table-99785
04/10/2025, 10:09 PMis this code documentation up-to-date and accurate ? I tried setting token to <0 and it instantly expires. What am i doing wrong.
✅ 1
faint-table-99785
04/10/2025, 10:10 PMperhaps i have been reading it wrong. is it stating that
auth-token-max-ttl-minutes<0c
creamy-pencil-82913
04/10/2025, 10:30 PMhttps://github.com/rancher/rancher/blob/main/pkg/apis/ext.cattle.io/v1/types.go#L66-L69
``` // This default is provided by thesetting.auth-token-max-ttl-minutes
// Note that this default is also the maximum specifiable TTL.
// A value <= 0 there enables non-expiring tokens.```
👍 1
🙏 1
f
faint-table-99785
04/10/2025, 10:43 PMyup. just confirmed testing on local rancher instance.
5 Views