Announcing Windows Container on Azure Kubernetes Service Demos
Today I am very happy to announce the release of Windows Container on Azure Kubernetes Service Demos.This Demos repo is a collection of demos to show how you can modernize Windows Server applications with Windows containers running on Azure Kubernetes Service (AKS).GitHub Repo:Windows Container on Azure Kubernetes Service Demos
Announcing Active Directory Identity Improvement on AKS on Azure Stack HCI
We’re very pleased to announce that Group Managed Service Account (gMSA) for Containers with non-domain joined host solution is now available in the recently announced AKS on Azure Stack HCI Release Candidate! “gMSA with non-domain joined host” vs. “gMSA with domain-joined host” gMSA with non-domain joined host gMSA with domain-joined host Credentials are stored as K8 secret and authenticated parties can retrieve the secret. These creds are used to retrieve the gMSA identity from AD. This eliminates the need for container host to be domain joined and solves challenges with container host updates. Updates to Windows container host can pose considerable challenges. All previous settings need to be reconfigured to domain join the new container host. Simplified end-to-end gMSA configuration process by build-in cmdlets In AKS on Azure Stack HCI, even though you don't need to domain join Windows worker nodes anymore, there are other configuration steps that you can't skip. These steps include installing the webhook, the custom resource definition (CRD), and the credential spec, as well as enabling role-based access control (RBAC). We provide a few PowerShell cmdlets to simply the end-to-end experience. Please refer to Configure group Managed Service Accounts with AKS on Azure Stack HCI - AKS-HCI | Microsoft Docs. Getting started We have provided detailed documentation on how to integrate your gMSA with containers in AKS-HCI with non-domain joined solution. Preparing gMSA in domain controller Configure group Managed Service Accounts with AKS on Azure Stack HCI - AKS-HCI | Microsoft Docs Prepare the gMSA credential spec JSON file (This is a one-time action. Please use the gMSA account in your domain) Install webhook, add Kubernetes secret and add gMSA Credential Spec can be finished by three cmdlets Deploy your application. As always, we love to see you try it out, and give us feedback. You can share your feedback at our GitHub community Issues · microsoft/Windows-Containers (github.com) , or contact us directly at win-containers@microsoft.com. Jing Twitter:https://twitter.com/JingLi00465231
