Skip to content

Latest commit

 

History

History
144 lines (93 loc) · 5.47 KB

azure-setup.md

File metadata and controls

144 lines (93 loc) · 5.47 KB

Microsoft Azure Console Setup Guide

To create and use Azure services, you first need to #. If you’ve never tried or paid for Azure before, you can # for the Azure free account.

Step 1: # / # to Azure

  1. In a web browser, go to https://azure.microsoft.com/free.

  2. Follow the online instructions.

  3. Make sure the Azure account has permission to manage applications in Azure Active Directory (Azure AD). Any of the following Azure AD roles include the required permissions:

  • Application administrator
  • Application developer
  • Cloud application administrator
  1. Search for and select Azure Active Directory.

app registrations in searchbar

  1. Under Manage, select App registrations > New registration.

Register an application

  1. Enter a display Name for your application. The app registration's automatically generated Application (client) ID, not its display name, uniquely identifies your app within the identity platform.

  2. Specify who can use the application

  3. Don't enter anything for Redirect URI

Add role assignment

  1. When registration finishes, the Azure portal displays the app registration's Overview pane. You see the Application (client) ID. Also called the client ID, this value uniquely identifies your application in the Microsoft identity platform.

Credentials

Step 3: Add credentials

Credentials are used by confidential client applications that access a web API. Examples of confidential clients are web apps, other web APIs, or service-type and daemon-type applications. These Credentials allow your application to authenticate as itself, requiring no interaction from a user at runtime.

  1. In the Azure portal, in App registrations, select your application.
  2. Select Certificates & secrets > Client secrets > New client secret.
  3. Add a description for your client secret.
  4. Select an expiration for the secret or specify a custom lifetime.
  5. Client secret lifetime is limited to two years (24 months) or less. You can't specify a custom lifetime longer than 24 months.
  6. Select Add.
  7. Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.

Certificates-secrets

Step 4: Set up Access Control (IAM)

Azure role-based access control (Azure RBAC) is the authorization system you use to manage access to Azure resources. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope.

  1. # to the Azure portal.

  2. Go to your Subscriptions.

  3. Open the Add role assignment page
    Access control (IAM) is the page that you typically use to assign roles to grant access to Azure resources. It's also known as identity and access management (IAM) and appears in several locations in the Azure portal.

  4. Click Access control (IAM).

Access control (IAM) page

  1. Click the Role assignments tab to view the role assignments at this scope.

Add role assignment

  1. Click Add > Add role assignment.
    If you don't have permissions to assign roles, the Add role assignment option will be disabled.

  2. On the Roles tab, select a role that you want to use.
    You can search for a role by name or by description. You can also filter roles by type and category.

Add the Contributor Role and if your using a AKS cluster add the Network contributor role once you finish adding the Contributor role

Add role assignment

  1. Click Next.

  2. On the Members tab, select User, group, or service principal to assign the selected role to one or more Azure AD users, groups, or service principals (applications).

Add role assignment

  1. Click Select members.

  2. Find and select the users, groups, or service principals.
    You can type in the Select box to search the directory for your app name

  3. Click Select to add the app to the Members list.

  4. Click Next.

Select-member

  1. On the Review + assign tab, review the role assignment settings.

Assign role

  1. Click Review + assign to assign the role.
    After a few moments, the security principal is assigned the role at the selected scope.

Review Assigned role

Conclusion

In the end you should have all the credentials for a cluster deployment on azure

  • ARM_CLIENT_SECRET from Secret Value Certificates-secrets

  • ARM_TENANT_ID & ARM_CLIENT_ID from App Overview Credentials

  • ARM_SUBSCRIPTION_ID from subscription overview

If you have any additional questions that are not covered in this FAQ, please feel free to reach out to us for further assistance.