Skip to content

GMSA with Windows Containers doesnt work with ContainerD #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
immuzz opened this issue Jul 14, 2020 · 20 comments
Closed

GMSA with Windows Containers doesnt work with ContainerD #44

immuzz opened this issue Jul 14, 2020 · 20 comments
Assignees
@immuzz
Labels
Windows on Kubernetes Windows Containers using Kubernetes

Comments

@immuzz
Copy link

immuzz commented Jul 14, 2020
edited
Loading

When using the ContainerD runtime (Feature State: Kubernetes v1.19 [beta]) accessing restricted network shares via the GMSA domain identity fails. The container will receive the identity of and calls from nltest.exe /query will work. It is recommended to use the Docker EE runtime if access to network shares is required.
@immuzz immuzz added the Windows on Kubernetes Windows Containers using Kubernetes label Jul 14, 2020
@immuzz immuzz self-assigned this Jul 14, 2020
@immuzz
Copy link
Author

immuzz commented Jul 15, 2020

We are working to fix this issue. Currently this affects Windows Server 2019, 1903, 1909 and 2004. We are planning to fix it in 2004 first and then backport to 2019, 1903 and 1909. Current rough ETA for backporting is 2-3 months

@immuzz immuzz changed the title GMSA with Windows Containers using GMSA doesnt work with ContainerD GMSA with Windows Containers doesnt work with ContainerD Jul 15, 2020
@ghost
Copy link

ghost commented Sep 17, 2020

This issue has been open for 30 days with no updates.
@immuzz, please provide an update or close this issue.

1 similar comment
@ghost
Copy link

ghost commented Oct 18, 2020

This issue has been open for 30 days with no updates.
@immuzz, please provide an update or close this issue.

@immuzz
Copy link
Author

immuzz commented Oct 22, 2020

This has been resolved and will be released for Windows Server 2004 in 11C Windows Patch

@immuzz immuzz closed this as completed Oct 22, 2020
@vitaliy-leschenko
Copy link

Hi @immuzz, as I understand from your comments in 11C Windows Patch fix will be available only for WS2004. So we need to wait 2-3 months for patch for WS2019. Is it correct?

@jayunit100
Copy link

also wondering the same thing.... when will this be available in 2019?

@unacceptable
Copy link

@vitaliy-leschenko @jayunit100 I reckon when saying Windows Server 2004 they are referring to the Windows Server SAC releases for Server 2019. Not 100% sure though since I am not a Windows guy.

@marosset
Copy link
Member

I spoke with @immuzz and confirmed this will not be available for Windows Server 2019 until Feb 2021.

@immuzz
Copy link
Author

immuzz commented Nov 19, 2020

Re-opening the issue as it will be available in Feb 2021 for Windows 2019. Will close it then

@immuzz immuzz reopened this Nov 19, 2020
@immuzz
Copy link
Author

immuzz commented Nov 19, 2020

Just to be clear. This fix is available today on Windows Server 2004 (SAC release)

@ghost
Copy link

ghost commented Dec 20, 2020

This issue has been open for 30 days with no updates.
@immuzz, please provide an update or close this issue.

1 similar comment
@ghost
Copy link

ghost commented Jan 20, 2021

This issue has been open for 30 days with no updates.
@immuzz, please provide an update or close this issue.

@ericsmalling
Copy link

Just curious, @immuzz, is Win 2019 still on track for Feb 2021 release?

@immuzz
Copy link
Author

immuzz commented Feb 17, 2021

Closing this issue as this should be part of Feb Patch Tuesday. Please let me know if someone is still running into issues and I will try to investigate.

@immuzz immuzz closed this as completed Feb 17, 2021
@jsturtevant jsturtevant mentioned this issue Mar 18, 2021
Closed
@jsturtevant
Copy link

/reopen

@immuzz
Copy link
Author

immuzz commented Mar 18, 2021

Befor re-opening i am waiting for gMSA team to confirm its the same issue

@marosset
Copy link
Member

marosset commented Mar 18, 2021
edited
Loading

Closing this issue as this should be part of Feb Patch Tuesday. Please let me know if someone is still running into issues and I will try to investigate.

@immuzz were these fixes in 2B or 2C?

@jsturtevant
Copy link

should be in 2c or 3b

@dcantah
Copy link

dcantah commented Mar 19, 2021
edited
Loading

The fix is in, you just need to enable the registry key it's gated behind: reg add "HKLM\SYSTEM\CurrentControlSet\Services\hns\State" /v EnableCompartmentNamespace /t REG_DWORD /d 1. We'll work to get this documented publicly

@perithompson
Copy link

Great work to everyone involved!

@jsturtevant jsturtevant mentioned this issue Apr 26, 2021
Merged
@jsturtevant jsturtevant mentioned this issue Jan 19, 2022
Merged
@marosset marosset mentioned this issue Apr 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@immuzz immuzz

Labels
Windows on Kubernetes Windows Containers using Kubernetes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@ericsmalling @jsturtevant @jayunit100 @perithompson @vitaliy-leschenko @unacceptable @marosset @dcantah @immuzz