For provisioning Kubernetes clusters with the Azure cloud provider Kubermatic Kubernetes Platform (KKP) needs a service account. Please follow the following steps steps to create a matching service account and the roles:
Login to Azure with Azure CLI az.
az login
This command will open in your default browser a window where you can authenticate. After you successful logged in get your subscription ID.
az account show --query id -o json
********-****-****-****-************
Create a role that is used by the service account.
az role definition create --role-definition '{
"Name": "Kubermatic",
"Description": "Manage VM and Networks as well to manage Resource Groups and Tags",
"Actions": [
"Microsoft.Compute/*",
"Microsoft.Network/*",
"Microsoft.Resources/*"
],
"DataActions": [],
"NotDataActions": [],
"AssignableScopes": ["/subscriptions/<<YOUR_SUBSCRIPTION_ID>>"]
}'
Get your Tenant ID
az account show --query tenantId -o json
********-****-****-****-************
create a new app with
az ad sp create-for-rbac --role="Kubermatic" --scopes="/subscriptions/********-****-****-****-************"
{
"appId": "********-****-****-****-************",
"displayName": "azure-cli-2018-11-25-08-01-39",
"name": "http://azure-cli-2018-11-25-08-01-39",
"password": "********-****-****-****-************",
"tenant": "********-****-****-****-************"
}
Enter provider credentials using the values from step “Prepare Azure Environment” into KKP Dashboard:
Client ID: Take the value of appIdClient Secret: Take the value of passwordTenant ID: your tenant IDSubscription ID: your subscription ID