Using credentials_fetcher in a on-premises docker environment #128
Replies: 2 comments 1 reply
-
Hey @robsoncloud . Thanks for reaching out. We will take a look at the issue and get back to you as soon as possible. |
Beta Was this translation helpful? Give feedback.
-
Hi @smhmhmd First, I'd like to thank you for the latest PR. It has helped me make some progress in my tests. Second, I have a few questions and would appreciate it if you could shed some light on them.
On the first attempt, I got the error ERROR: ldapsearch not found in the service's stdout, which I fixed by installing the ldap-utils package. Then, I encountered another error in credentials-fetcher.log:
However, the credentials-fetcher stdout indicated everything was fine:
To confirm, I ran klist and saw the ticket was in the /tmp folder:
To test if the ticket was valid, I created a new shared folder dedicated to the gMSA user in my test DC01, installed smbclient, and then connected using the Kerberos ticket:
The connection worked, and now I see the following message every 10 minutes:
After the tests, I am trying to find ways to use this in production. For the credspec, I was considering using the environment variable CF_CRED_SPEC_FILE to pass the file path as a mount volume in my container. However, I am unsure how to provide the credentials for the gMSA and who will initiate the initial ticket retrieval. What is your suggestion for providing the credspec.json and passing down the user/password/domain since I have no access to S3/Secret Manager? How my container entrypoint should look like ?
Thanks |
Beta Was this translation helpful? Give feedback.
-
I have created an ubuntu 22.04 image using the docker file available here but when running the ./credentials-fetcherd --aws_sm_secret_name fake-secret-name and using the grpc_cli test I got the following error:
grpc_cli command:
Using gmsa api test:
The scenario below is supported?
I need my container that runs in my local docker server to connect to my domain controller, retrieve the gMSA token make it available to be used by my app.
Beta Was this translation helpful? Give feedback.
All reactions