Dear Rancher 2.x user,
This is an operational advisory from Rancher Support for users of Rancher 2.x to take appropriate action.
Rancher released the following two versions recently:
|Rancher Version||Release Date||Release Notes||Support Matrix||Default k8s version|
|v2.4.7||Sep 01, 2020||Release Notes||Support Matrix||v1.18.6|
|v2.4.6||Aug 27, 2020||Release Notes||Support Matrix||v1.18.6|
New global setting, auth-token-max-ttl-minutes
In Rancher v2.4.6, a new global setting, i.e. auth-token-max-ttl-minutes, was introduced to allow admins to set an expiration on any API tokens created for Rancher. This is the max TTL setting allowed on API keys and kubeconfig tokens. When creating an API key, users have the ability to set their own TTL, but the maximum TTL is now derived from this new global setting.
In v2.4.6, by default, the value of this global setting is 24 hours. Any new API key that is set to “Never Expire” would now expire after 24 hours due to this default value.
In the previous Rancher installs, users could define an API key to never expire and there was no maximum TTL that could override it.
What you need to know about this new setting in v2.4.6
If you have upgraded to v2.4.6 and need to allow users to create new API keys that never expire, take the following action:
- Update the global setting, auth-token-max-ttl-minutes, to 0.
- This will allow all API tokens to exist indefinitely.
And, how it has been changed in v2.4.7
In Rancher v2.4.7, the default value for this new global setting has been changed to 0. After upgrading to this version, admins can configure their max TTL setting for their Rancher setups to match their needs.
- The default value of the auth-token-max-ttl-minutes global setting is the only change between Rancher v2.4.6 and v2.4.7. The change was made to maintain the default behavior of token expiry in Rancher versions 2.4.5 and lower.
- If you are in a Rancher version lower than v2.4.6 and considering an upgrade, it is recommended to upgrade to v2.4.7 instead.
Simply submit a request via this portal referencing this article and we will track and respond to your question as a Support Ticket.
Rancher Support Team