Active Directory and Kubernetes – everything you need to know about gMSA with Windows Containers

Couldn't agree more re. the concept - we have always preferred gMSAs for Windows-based services, and that seemed to greatly benefit us with Windows-based containers for ASP.NET Core workloads as well. The development and migration was straightforward.

Unfortunately, following the initial successes, when we started migrating some of our busier and mission-critical services, we started running into domain trust issues on these containers, causing authentication failures on a regular basis. The problem has completely halted our plans to scale up these services (and migrate additional services to containers), due to frequent outages.

Over 6 months ago, we reported this problem to the Windows Containers team in https://github.com/microsoft/Windows-Containers/issues/405 (and through official channels to Microsoft Support offline), and also continue to investigate workarounds internally. However, we're yet to receive any fix (or updates to that effect), despite many other customers reporting that they're affected by this as well (see the GitHub issue).

Hopefully there'll be some light at the end of this tunnel soon, because this is otherwise causing us to lose trust (no pun intended) in this platform very quickly.