Update configure-gmsa.md
yanrong.shi
parent
7b6094017d
commit
9ab6ab2150
|
|
@ -102,7 +102,7 @@ The [YAML template](https://github.com/kubernetes-sigs/windows-gmsa/blob/master/
|
|||
来部署和配置上述 GMSA Webhook 及相关联的对象。你还可以在运行脚本时设置 `--dry-run=server`
|
||||
选项以便审查脚本将会对集群做出的变更。
|
||||
|
||||
脚本所使用的[YAML 模板](https://github.com/kubernetes-sigs/windows-gmsa/blob/master/admission-webhook/deploy/gmsa-webhook.yml.tpl)
|
||||
脚本所使用的 [YAML 模板](https://github.com/kubernetes-sigs/windows-gmsa/blob/master/admission-webhook/deploy/gmsa-webhook.yml.tpl)
|
||||
也可用于手动部署 Webhook 及相关联的对象,不过需要对其中的参数作适当替换。
|
||||
|
||||
<!-- steps -->
|
||||
|
|
@ -164,7 +164,7 @@ Following are the steps for generating a GMSA credential spec YAML manually in J
|
|||
The following YAML configuration describes a GMSA credential spec named `gmsa-WebApp1`:
|
||||
|
||||
```yaml
|
||||
apiVersion: windows.k8s.io/v1alpha1
|
||||
apiVersion: windows.k8s.io/v1
|
||||
kind: GMSACredentialSpec
|
||||
metadata:
|
||||
name: gmsa-WebApp1 #This is an arbitrary name but it will be used as a reference
|
||||
|
|
@ -410,7 +410,12 @@ If you are having difficulties getting GMSA to work in your environment, there a
|
|||
<!--
|
||||
First, make sure the credspec has been passed to the Pod. To do this you will need to `exec` into one of your Pods and check the output of the `nltest.exe /parentdomain` command.
|
||||
-->
|
||||
首先,确保 credspec 已传递给 Pod。为此,你需要先运行 `exec` 进入到你的一个 Pod 中并检查 `nltest.exe /parentdomain` 命令的输出。
|
||||
首先,确保 credspec 已传递给 Pod。为此,你需要先运行 `exec`
|
||||
进入到你的一个 Pod 中并检查 `nltest.exe /parentdomain` 命令的输出。
|
||||
|
||||
<!--
|
||||
In the example below the Pod did not get the credspec correctly:
|
||||
-->
|
||||
在下面的例子中,Pod 未能正确地获得凭据规约:
|
||||
|
||||
```PowerShell
|
||||
|
|
@ -421,6 +426,7 @@ kubectl exec -it iis-auth-7776966999-n5nzr powershell.exe
|
|||
`nltest.exe /parentdomain` results in the following error:
|
||||
-->
|
||||
`nltest.exe /parentdomain` 导致以下错误:
|
||||
|
||||
```output
|
||||
Getting parent domain failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE
|
||||
```
|
||||
|
|
@ -454,6 +460,15 @@ If the DNS and communication test passes, next you will need to check if the Pod
|
|||
nltest.exe /query
|
||||
```
|
||||
|
||||
<!--
|
||||
Results in the following output:
|
||||
-->
|
||||
结果输出如下:
|
||||
|
||||
```output
|
||||
I_NetLogonControl failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE
|
||||
```
|
||||
|
||||
<!--
|
||||
This tells us that for some reason, the Pod was unable to logon to the domain using the account specified in the credspec. You can try to repair the secure channel by running the following:
|
||||
-->
|
||||
|
|
|
|||
Loading…
Reference in New Issue