Skip to content

Commit 63e7118

Browse files
authored
Merge pull request #92448 from vrapolinario/patch-1
Update use-group-managed-service-accounts.md
2 parents 91f988a + 9fbad96 commit 63e7118

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed

articles/aks/use-group-managed-service-accounts.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,9 @@ Enabling GMSA with Windows Server nodes on AKS requires:
2222
* Permissions to configure GMSA on Active Directory Domain Service or on-prem Active Directory.
2323
* The domain controller must have Active Directory Web Services enabled and must be reachable on port 9389 by the AKS cluster.
2424

25+
> [!NOTE]
26+
> Microsoft also provides a purpose-built PowerShell module to configure gMSA on AKS. You can find more information on the module and how to use it in the article [gMSA on Azure Kubernetes Service](/virtualization/windowscontainers/manage-containers/gmsa-aks-ps-module).
27+
2528
## Configure GMSA on Active Directory domain controller
2629

2730
To use GMSA with AKS, you need both GMSA and a standard domain user credential to access the GMSA credential configured on your domain controller. To configure GMSA on your domain controller, see [Getting Started with Group Managed Service Accounts][gmsa-getting-started]. For the standard domain user credential, you can use an existing user or create a new one, as long as it has access to the GMSA credential.
@@ -337,7 +340,10 @@ To verify GMSA is working and configured correctly, open a web browser to the ex
337340

338341
### No authentication is prompted when loading the page
339342

340-
If the page loads, but you are not prompted to authenticate, use `kubelet logs POD_NAME` to display the logs of your pod and verify you see *IIS with authentication is ready*.
343+
If the page loads, but you are not prompted to authenticate, use `kubectl logs POD_NAME` to display the logs of your pod and verify you see *IIS with authentication is ready*.
344+
345+
> [!NOTE]
346+
> Windows containers won't show logs on kubectl by default. To enable Windows containers to show logs, you need to embed the Log Monitor tool on your Windows image. More information is available [here](https://github.com/microsoft/windows-container-tools).
341347

342348
### Connection timeout when trying to load the page
343349

0 commit comments

Comments
 (0)