I'm working on getting an aspnet core app running in docker using gMSA. I've created a security group, created a gMSA, and created a credentials spec file using this article - https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/gmsa-run-container
I'm using Integrated Security for SQL Server. Don't have a choice on this.
I'm starting my container with this command:
docker run --security-opt "credentialspec=file://mydomain_mygmsa.json" --hostname mygmsa -e ASPNETCORE_ENVIRONMENT=Development -p 5000:80 -d --user "NT AUTHORITY\NETWORK SERVICE" my-image
This is my docker build file:
WORKDIR /app
WORKDIR /src
COPY . .
WORKDIR /src/MyProject/
RUN dotnet publish -c Release -o /app
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 as final
WORKDIR /app
COPY --from=base /app .
ENTRYPOINT ["dotnet", "MyProject.dll"]
When I try to hit sql server, I get this error:
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
Any ideas?