- Node information is now embedded into Pod-bound service account tokens as additional metadata. The 'JTI' field is set in issued service account tokens, and this information is embedded as `authentication.kubernetes.io/credential-id` in the user's ExtraInfo. ([#123135](https://github.com/kubernetes/kubernetes/pull/123135), [@munnerz](https://github.com/munnerz))...

Mais cela n’autorisera que certains types de communication, en excluant tout ce qui implique des informations d’identification : cookies, en-têtes Authorization comme ceux utilisés avec les Bearer Tokens, etc.

Ainsi, pour que tout fonctionne correctement, il est préférable d’indiquer explicitement les origines autorisées.

## Utiliser `CORSMiddleware` { #use-corsmiddleware }

 - The default Bootstrap Token created with `kubeadm init` v1.8 expires
 and is deleted after 24 hours by default to limit the exposure of the
 valuable credential. You can create a new Bootstrap Token with
 `kubeadm token create` or make the default token permanently valid by specifying
 `--token-ttl 0` to `kubeadm init`. The default token can later be deleted with
 `kubeadm token delete`.

Mas isso só permitirá certos tipos de comunicação, excluindo tudo que envolva credenciais: cookies, cabeçalhos de autorização como aqueles usados ​​com Bearer Tokens, etc.

Então, para que tudo funcione corretamente, é melhor especificar explicitamente as origens permitidas.

## Usar `CORSMiddleware` { #use-corsmiddleware }

</p>

<h3 id="Tokens">Tokens</h3>

<p>
Tokens form the vocabulary of the Go language.
There are four classes: <i>identifiers</i>, <i>keywords</i>, <i>operators
and punctuation</i>, and <i>literals</i>.  <i>White space</i>, formed from
spaces (U+0020), horizontal tabs (U+0009),
carriage returns (U+000D), and newlines (U+000A),
is ignored except as it separates tokens

Інтегровані безпека та автентифікація. Без жодних компромісів із базами даних чи моделями даних.

Підтримуються всі схеми безпеки, визначені в OpenAPI, включно з:

* HTTP Basic.
* **OAuth2** (також із підтримкою **JWT tokens**). Перегляньте підручник: [OAuth2 із JWT](tutorial/security/oauth2-jwt.md).
* Ключі API в:
    * Заголовках.
    * Параметрах запиту.
    * Cookies тощо.

## Changelog since v1.5.5

### Other notable changes

* kube-up (with gce/gci and gce/coreos providers) now ensures the authentication token file contains correct tokens for the control plane components, even if the file already exists (ensures upgrades and downgrades work successfully) ([#43676](https://github.com/kubernetes/kubernetes/pull/43676), [@liggitt](https://github.com/liggitt))

enabled by default. When enabled, Secret API objects containing service account tokens are no longer auto-generated for every ServiceAccount. Use the [TokenRequest](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-request-v1/) API to acquire service account tokens, or if a non-expiring token is required, create a Secret API object for the token controller to populate with a service account token by following this [guide](https://kubernetes.io/docs/concepts/configurati...

* Die API überprüft den `username` und das `password` und antwortet mit einem „Token“ (wir haben davon noch nichts implementiert).
    * Ein „Token“ ist lediglich ein String mit einem Inhalt, den wir später verwenden können, um diesen Benutzer zu verifizieren.
    * Normalerweise läuft ein Token nach einiger Zeit ab.

Seguridad y autenticación integradas. Sin ningún compromiso con bases de datos o modelos de datos.

Todos los esquemas de seguridad definidos en OpenAPI, incluyendo:

* HTTP Básico.
* **OAuth2** (también con **tokens JWT**). Revisa el tutorial sobre [OAuth2 con JWT](tutorial/security/oauth2-jwt.md).
* API keys en:
    * Headers.
    * Parámetros de query.
    * Cookies, etc.