Create Azure Cloud Account

Create an Azure Cloud Account for your Organisation.

To manage your Kubernetes clusters and integrate them with Azure services, you need to configure Azure credentials within our Console. Follow the steps below to set up your Azure IAM user with the necessary permissions.

Step 1: Create an Azure application registration

  1. Log into the Azure portal.
  2. Navigate to the App registrations page.
  3. Click button + New registration in the tab bar at the top of the page.
  4. Enter a descriptive name for the application. For this guide it will be Azure demo application.
  5. Select for Supported account types the option Accounts in this organizational directory only (Default Directory only - Single tenant).
  6. Click Register to add the Azure application.
  7. Copy the Application (client) ID and the Directory (tenant) ID from the detail page that you are redirected to after registring the Azure application. Save these for section Create Azure Cloud Account in the Console of this guide.
Rectangle

Step 2: Add client secret to the Azure application registration

  1. Select the button Add a certificate or secret from the Azure application detail page that was created in step 1 of this guide.
Rectangle
  1. Click the button + New client secret.
  2. Fill out a meaningful description and select when you want the secret to expire.
Rectangle
  1. Select the Add button to create the client secrets.
  2. Copy the secret value for section Create Azure Cloud Account in the Console of this guide.

Step 3: Add Azure access control to the Azure application

  1. Navigate to the Azure Subscriptions page.
  2. Select the Azure subscription that you want to manage with AME.
  3. Copy the value Subscription ID from the detail page and save for section Create Azure Cloud Account in the Console of this guide.
  4. Select Access control (IAM) from the menu bar on the left.
  5. Click button + Add in the tab bar at the top of the page and select Add role assignment from the drop-down that appears. You are now in the Role step of Add role assignment.
  6. Now select tab Privileged administrator roles and select role Contributor.

The Contributor role is a Privileged administrator role and is therefore not best suited. We will specify the minimum required roles in a future version of this guide.

  1. Click the next button to go to the Members step of Add role assignment.
Rectangle
  1. Click the button + Select members.
  2. Type the name of the created Azure application registration from step 1. In the case of this guide: Azure demo application.
  3. Select the member from the search results that matches the search query and click the Select button.
Rectangle
  1. Click button Review + assign.
  2. Review and click button Review + assign.

Create Azure Cloud Account in the Console

Now we can create a cloud account within the Console. In the side bar in the Console, select Cloud Account. Next click the button Add cloud account.

Rectangle

Fill in the name of your account. This is a short descriptive name used to identify the account later on, during cluster creation. You can create multiple cloud accounts for the same Cloud Provider.

Once this is created you are presented with the cloud account details screen. You can now configure the credentials we just created in Azure.

Create Azure Cloud Credentials in Console

Fill out the Azure credentials that you copied earlier in this guide to the Avisi Cloud Console:

  1. Input Directory (tenant) ID in form field Tenant ID.
  2. Input Subscription ID in form field Subscription ID.
  3. Input Application (client) ID in form field Client ID.
  4. Enter the Azure appliation secret in form field Client secret.
  5. Click the button Create Azure credentials.
Rectangle

The credentials will be validated when you create them and will only be saved if the validation succeeds. After saving the Azure credentials, you can use this cloud account in the Console when you create a new cluster.

Required steps before creating an Azure cluster

Azure requires a few additional steps before you can create a Cluster:

  1. Ensure Azure quota’s (like CPU) are correct for the requested virtual machine sizes.
  2. Ensure the requested virtual machine size is available in the region you provision your Cluster in.
  3. Enable Azure feature EncryptionAtHost: az feature register --namespace Microsoft.Compute --name EncryptionAtHost. (required for instance types with resource disks).