For provisioning Kubernetes clusters with the Azure cloud provider Kubermatic Kubernetes Platform (KKP) needs a service account with (at least) the Azure role Contributor. Please follow the following steps to create an matching service account:
Login to Azure with Azure CLI az.
az login
This command will open in your default browser a window where you can authenticate. After you succefull logged in get your subscription ID.
az account show --query id -o json
********-****-****-****-************
Get your Tenant ID
az account show --query tenantId -o json
********-****-****-****-************
create a new app with
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/********-****-****-****-************"
Retrying role assignment creation: 1/36
Retrying role assignment creation: 2/36
Retrying role assignment creation: 3/36
{
"appId": "********-****-****-****-************",
"displayName": "azure-cli-2018-11-25-08-01-39",
"name": "http://azure-cli-2018-11-25-08-01-39",
"password": "********-****-****-****-************",
"tenant": "********-****-****-****-************"
}
Enter provider credentials using the values from step “Prepare Azure Environment” into KKP Dashboard:
Client ID: Take the value of appIdClient Secret: Take the value of passwordTenant ID: your tenant IDSubscription ID: your subscription ID