For provisioning Kubernetes clusters with the Azure cloud provider Kubermatic Kubernetes Platform (KKP) needs a service account. Please follow the following steps steps to create a matching service account and the roles:
Login to Azure with Azure CLI az.
az login
This command will open in your default browser a window where you can authenticate. After you successful logged in get your subscription ID.
az account show --query id -o json
Create a role that is used by the service account.
az role definition create --role-definition '{
"Name": "Kubermatic",
"Description": "Manage VM and Networks as well to manage Resource Groups and Tags",
"Actions": [
"Microsoft.Compute/*",
"Microsoft.Network/*",
"Microsoft.Resources/*"
],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": ["/subscriptions/<<YOUR_SUBSCRIPTION_ID>>"]
}'
Get your Tenant ID
az account show --query tenantId -o json
create a new app with
az ad sp create-for-rbac --role="Kubermatic" --scopes="/subscriptions/********-****-****-****-************"
The output should look like the following one:
{
"appId": "********-****-****-****-************",
"displayName": "azure-cli-2018-11-25-08-01-39",
"name": "http://azure-cli-2018-11-25-08-01-39",
"password": "********-****-****-****-************",
"tenant": "********-****-****-****-************"
}
Enter provider credentials using the values from step “Prepare Azure Environment” into KKP Dashboard:
Client ID: Take the value of appIdClient Secret: Take the value of passwordTenant ID: your tenant IDSubscription ID: your subscription IDDuring the machines cleanup, if KKP’s Machine-Controller failed to delete the Cloud Provider instance and the user deleted that instance manually, Machine-Controller won’t be able to delete any referenced resources to that machine, such as Public IPs, Disks and NICs. In that case, the user should cleanup those resources manually due to the fact that, Azure won’t cleanup any attached resources to the deleted instance.