From 8e6b2e1b63bed0b7844934961ada8ee2c07c9d63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mattias=20Fjellstr=C3=B6m?= <36640518+mattias-fjellstrom@users.noreply.github.com> Date: Thu, 26 Jun 2025 10:29:06 +0200 Subject: [PATCH] docs: adding note on azure msi for server join (#26141) --- .../content/docs/configuration/server_join.mdx | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/website/content/docs/configuration/server_join.mdx b/website/content/docs/configuration/server_join.mdx index 0559a836d..a9935bf3f 100644 --- a/website/content/docs/configuration/server_join.mdx +++ b/website/content/docs/configuration/server_join.mdx @@ -236,8 +236,20 @@ Use these configuration parameters when using Virtual Machine Scale Sets (Consul - `resource_group` - the name of the resource group to filter on. - `vm_scale_set` - the name of the virtual machine scale set to filter on. - When using tags the only permission needed is the `ListAll` method for `NetworkInterfaces`. When using - Virtual Machine Scale Sets the only role action needed is `Microsoft.Compute/virtualMachineScaleSets/*/read`. +When using tags the only permission needed is the `ListAll` method for `NetworkInterfaces`. When using +Virtual Machine Scale Sets the only role action needed is `Microsoft.Compute/virtualMachineScaleSets/*/read`. + + + +If the Nomad cluster is hosted on Azure, Nomad can use Managed Service Identities (MSI) to access Azure +instead of an environment variable, shared client id and secret. MSI must be enabled on the VMs or Virtual +Machine Scale Sets hosting Nomad. It is the preferred configuration since MSI prevents your Azure credentials +from being stored in Nomad configuration. When using MSI, the `tag_name`, `tag_value` and `subscription_id` +need to be supplied for Virtual machines. Be aware that the amount of time that Azure takes for the VMs to detect +the MSI permissions can be between a minute to an hour. + + + #### Google Compute Engine