docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1275 from docker/gmsa-addition 

Gmsa addition
This commit is contained in:
Usha Mandya 2019-07-22 11:49:47 +01:00 committed by GitHub
parent 093ecd1d7a 520d0fc24a
commit 6da238b137
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ee/release-notes.md
View File

@ -12,7 +12,7 @@ pages listed in the following **Docker Enterprise components install and upgrade
| Feature | Component | Component version | | Feature | Component | Component version |
|---------|-----------|-------------------| |---------|-----------|-------------------|
| [Group Managed Service Accounts (gMSA)](/engine/swarm/services/) | UCP | 3.2.0 | | [Group Managed Service Accounts (gMSA)](/engine/swarm/services.md#gmsa-for-swarm) | UCP | 3.2.0 |
| [Open Security Controls Assessment Language (OSCAL)](/compliance/oscal/) | UCP | 3.2.0 | | [Open Security Controls Assessment Language (OSCAL)](/compliance/oscal/) | UCP | 3.2.0 |
| [Container storage interface (CSI)](/ee/ucp/kubernetes/storage/use-csi/) | UCP | 3.2.0 | | [Container storage interface (CSI)](/ee/ucp/kubernetes/storage/use-csi/) | UCP | 3.2.0 |
| [Internet Small Computer System Interface (iSCSI)](/ee/ucp/kubernetes/storage/use-iscsi/) | UCP | 3.2.0 | | [Internet Small Computer System Interface (iSCSI)](/ee/ucp/kubernetes/storage/use-iscsi/) | UCP | 3.2.0 |

21
engine/swarm/services.md
View File

@ -74,6 +74,27 @@ $ docker service create --name helloworld alpine:3.6 ping docker.com
For more details about image tag resolution, see For more details about image tag resolution, see
[Specify the image version the service should use](#specify-the-image-version-the-service-should-use). [Specify the image version the service should use](#specify-the-image-version-the-service-should-use).
### gMSA for Swarm
Swarm now allows using a Docker Config as a gMSA credential spec - a requirement for Active Directory-authenticated applications. This reduces the burden of distributing credential specs to the nodes they're used on.
The following example assumes a gMSA and its credential spec (called credspec.json) already exists, and that the nodes being deployed to are correctly configured for the gMSA.
To use a Config as a credential spec, first create the Docker Config containing the credential spec:
```bash
docker config create credspec credspec.json
```
Now, you should have a Docker Config named credspec, and you can create a service using this credential spec. To do so, use the --credential-spec flag with the config name, like this:
```bash
docker service create --credential-spec="config://credspec" <your image>
```
Your service will use the gMSA credential spec when it starts, but unlike a typical Docker Config (used by passing the --config flag), the credential spec will not be mounted into the container.
### Create a service using an image on a private registry ### Create a service using an image on a private registry
If your image is available on a private registry which requires login, use the If your image is available on a private registry which requires login, use the