Prepare the Azure configuration

  1. Create an Azure service principal. Skip this step to use an existing Azure service principal.

    1. Create a Microsoft Azure account.

    2. Install Azure CLI.

    3. Log in to the Azure CLI:

      az login
      
    4. List your Azure accounts:

      az account list -o table
      
    5. If more than one account exists, select the account dedicated for Container Cloud:

      az account set -s <subscriptionID>
      
    6. Create an Azure service principal:

      Caution

      The owner role is required for creation of role assignments.

      az ad sp create-for-rbac --role contributor
      

      Example of system response:

      {
         "appId": "0c87aM5a-e172-182b-a91a-a9b8d39ddbcd",
         "displayName": "azure-cli-2021-08-04-15-25-16",
         "name": "1359ac72-5794-494d-b787-1d7309b7f8bc",
         "password": "Q1jB2-7Uz6Cka7xos6vL-Ddb4BQx2vgMl",
         "tenant": "6d498697-7anvd-4172-a7v0-4e5b2e25f280"
      }
      
  2. Change the directory to kaas-bootstrap.

  3. Export the following parameter:

    export KAAS_AZURE_ENABLED=true
    
  4. In templates/azure/azure-config.yaml.template, modify the following parameters using credentials obtained in the previous steps or using credentials of an existing Azure service principal obtained from the subscription owner:

    • spec:subscriptionID is the subscription ID of your Azure account

    • spec:tenantID is the value of "tenant"

    • spec:clientID is the value of "appId"

    • spec:clientSecret:value is the value of "password"

    For example:

    spec:
      subscriptionID: b8bea78f-zf7s-s7vk-s8f0-642a6v7a39c1
      tenantID: 6d498697-7anvd-4172-a7v0-4e5b2e25f280
      clientID: 0c87aM5a-e172-182b-a91a-a9b8d39ddbcd
      clientSecret:
        value: Q1jB2-7Uz6Cka7xos6vL-Ddb4BQx2vgMl
    
  5. In templates/azure/cluster.yaml.template, modify the default configuration of the Azure cluster location. This is an Azure region that your subscription has quota for.

    To obtain the list of available locations, run:

    az account list-locations -o=table
    

    For example:

    providerSpec:
      value:
      ...
        location: southcentralus
    

    Also, modify other parameters as required.

  6. Optional. If you are going to use your own TLS certificates for Keycloak, set DISABLE_OIDC=true in bootstrap.env.