Skip to content

Commit 67934b3

Browse files
authored
Update use-group-managed-service-accounts.md
Suggestion to add a reference for the official Microsoft gMSA on AKS module details and correcting an information on the troubleshooting section.
1 parent d30ec60 commit 67934b3

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed

articles/aks/use-group-managed-service-accounts.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,9 @@ Enabling GMSA with Windows Server nodes on AKS requires:
2222
* Permissions to configure GMSA on Active Directory Domain Service or on-prem Active Directory.
2323
* The domain controller must have Active Directory Web Services enabled and must be reachable on port 9389 by the AKS cluster.
2424

25+
> [!NOTE]
26+
> Microsoft also provides a purpose built PowerShell module to configure gMSA on AKS. You can find more information on the module and how to use [here](https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/gmsa-aks-ps-module).
27+
2528
## Configure GMSA on Active Directory domain controller
2629

2730
To use GMSA with AKS, you need both GMSA and a standard domain user credential to access the GMSA credential configured on your domain controller. To configure GMSA on your domain controller, see [Getting Started with Group Managed Service Accounts][gmsa-getting-started]. For the standard domain user credential, you can use an existing user or create a new one, as long as it has access to the GMSA credential.
@@ -335,7 +338,10 @@ To verify GMSA is working and configured correctly, open a web browser to the ex
335338

336339
### No authentication is prompted when loading the page
337340

338-
If the page loads, but you are not prompted to authenticate, use `kubelet logs POD_NAME` to display the logs of your pod and verify you see *IIS with authentication is ready*.
341+
If the page loads, but you are not prompted to authenticate, use `kubectl logs POD_NAME` to display the logs of your pod and verify you see *IIS with authentication is ready*.
342+
343+
> [!NOTE]
344+
> Windows containers won't show logs on kubectl by default. To enable Windows containers to show logs, you need to embed the Log Monitor tool on your Windows image. More information available [here](https://github.com/microsoft/windows-container-tools)
339345

340346
### Connection timeout when trying to load the page
341347

0 commit comments

Comments
 (0)