Prepare the Azure configuration¶
Create an Azure service principal. Skip this step to use an existing Azure service principal.
Create a Microsoft Azure account.
Install Azure CLI.
Log in to the Azure CLI:
az login
List your Azure accounts:
az account list -o table
If more than one account exists, select the account dedicated for Container Cloud:
az account set -s <subscriptionID>Create an Azure service principal:
Caution
The
ownerrole is required for creation of role assignments.az ad sp create-for-rbac --role contributor
Example of system response:
{ "appId": "0c87aM5a-e172-182b-a91a-a9b8d39ddbcd", "displayName": "azure-cli-2021-08-04-15-25-16", "name": "1359ac72-5794-494d-b787-1d7309b7f8bc", "password": "Q1jB2-7Uz6Cka7xos6vL-Ddb4BQx2vgMl", "tenant": "6d498697-7anvd-4172-a7v0-4e5b2e25f280" }
Change the directory to
kaas-bootstrap.Export the following parameter:
export KAAS_AZURE_ENABLED=true
In
templates/azure/azure-config.yaml.template, modify the following parameters using credentials obtained in the previous steps or using credentials of an existing Azure service principal obtained from the subscription owner:spec:subscriptionIDis the subscription ID of your Azure accountspec:tenantIDis the value of"tenant"spec:clientIDis the value of"appId"spec:clientSecret:valueis the value of"password"
For example:
spec: subscriptionID: b8bea78f-zf7s-s7vk-s8f0-642a6v7a39c1 tenantID: 6d498697-7anvd-4172-a7v0-4e5b2e25f280 clientID: 0c87aM5a-e172-182b-a91a-a9b8d39ddbcd clientSecret: value: Q1jB2-7Uz6Cka7xos6vL-Ddb4BQx2vgMl
In
templates/azure/cluster.yaml.template, modify the default configuration of the Azure clusterlocation. This is an Azure region that your subscription has quota for.To obtain the list of available locations, run:
az account list-locations -o=tableFor example:
providerSpec: value: ... location: southcentralus
Also, modify other parameters as required.
Optional. If you are going to use your own TLS certificates for Keycloak, set
DISABLE_OIDC=trueinbootstrap.env.