search

jenkinsci / docker-swarm-plugin

Jenkins plugin which allows to add a Docker Swarm as a cloud agent provider
https://plugins.jenkins.io/docker-swarm/
MIT License
55 stars 47 forks source link

gMSA credentials not getting used by worker nodes #64

Open Heneman opened 4 years ago

Heneman commented 4 years ago

I'm trying to get a gMSA credential spec to work with this plugin but so far nothing seems to do the trick.

In the Command field I've tried:

docker run -d repo/image:tag --security-opt 'credentialspec=file://domain_gmsa-cred.json' -jnlpUrl $DOCKER_SWARM_PLUGIN_JENKINS_AGENT_JNLP_URL -secret $DOCKER_SWARM_PLUGIN_JENKINS_AGENT_SECRET -noReconnect

I've also attempted to create a Docker config to be used in the Configs field in the agent template by creating the config from the credential spec above, and entering the following into the Configs field:

UAT:C:\ProgramData\docker\credentialspecs\domain_gmsa-cred.json

I'm testing the functionality of the gMSA cred spec by running nltest /sc_verify:domain.com and klist get krbtgt and both fail.

I am able to add workers to the swarm and this plugin works great for automating agent and container creation, it's just the gMSA that isn't getting forwarded to the worker nodes.