Set up gMSA for Windows containers running on Service Fabric
To set up gMSA (group Managed Service Accounts), a credential specification file (credspec
) is placed on all nodes in the cluster. The file can be copied on all nodes using a VM extension. The credspec
file must contain the gMSA account information. For more information on the credspec
file, see Create a Credential Spec. The credential specification and the Hostname
tag are specified in the application manifest. The Hostname
tag must match the gMSA account name that the container runs under. The Hostname
tag allows the container to authenticate itself to other services in the domain using Kerberos authentication. A sample for specifying the Hostname
and the credspec
in the application manifest is shown in the following snippet:
<Policies>
<ContainerHostPolicies CodePackageRef="NodeService.Code" Isolation="process" Hostname="gMSAAccountName">
<SecurityOption Value="credentialspec=file://WebApplication1.json"/>
</ContainerHostPolicies>
</Policies>
As a next step, read the following articles:
Palaute
https://aka.ms/ContentUserFeedback.
Tulossa pian: Vuoden 2024 aikana poistamme asteittain GitHub Issuesin käytöstä sisällön palautemekanismina ja korvaamme sen uudella palautejärjestelmällä. Lisätietoja on täällä:Lähetä ja näytä palaute kohteelle