docs: adding note on azure msi for server join (#26141)

2026-01-06 10:25:42 +03:00 · 2025-06-26 10:29:06 +02:00
parent f76d9e0cec
commit 8e6b2e1b63
1 changed files with 14 additions and 2 deletions
--- a/website/content/docs/configuration/server_join.mdx
+++ b/website/content/docs/configuration/server_join.mdx
@@ -236,8 +236,20 @@ Use these configuration parameters when using Virtual Machine Scale Sets (Consul
 - `resource_group` - the name of the resource group to filter on.
 - `vm_scale_set` - the name of the virtual machine scale set to filter on.

-  When using tags the only permission needed is the `ListAll` method for `NetworkInterfaces`. When using
-  Virtual Machine Scale Sets the only role action needed is `Microsoft.Compute/virtualMachineScaleSets/*/read`.
+When using tags the only permission needed is the `ListAll` method for `NetworkInterfaces`. When using
+Virtual Machine Scale Sets the only role action needed is `Microsoft.Compute/virtualMachineScaleSets/*/read`.
+
+<Note>
+
+If the Nomad cluster is hosted on Azure, Nomad can use Managed Service Identities (MSI) to access Azure
+instead of an environment variable, shared client id and secret. MSI must be enabled on the VMs or Virtual
+Machine Scale Sets hosting Nomad. It is the preferred configuration since MSI prevents your Azure credentials
+from being stored in Nomad configuration. When using MSI, the `tag_name`, `tag_value` and `subscription_id` 
+need to be supplied for Virtual machines. Be aware that the amount of time that Azure takes for the VMs to detect
+the MSI permissions can be between a minute to an hour.
+
+</Note>
+

 #### Google Compute Engine