| sidebar | permalink | summary |
|---|---|---|
sidebar |
create-auth-credentials-on-azure.html |
Learn how to create new Azure credentials, or locate your Azure credentials, so that you can build an Azure cluster using NKS. |
To create an Azure cluster through NetApp Kubernetes Service (NKS), you will need to get your Azure credentials and verify that you have the correct permissions. You can do this either through the Azure portal or the Azure CLI.
To use this feature, you will need an NKS account. If you don’t have one already, you can sign up for a free 30-day trial with no credit card required at https://nks.netapp.io.
After you add your Azure credentials to your NKS account, click here to learn how to create a Kubernetes cluster on Azure
Shortcut: Find Your Azure Credentials
-
Subscription ID: All Services > Subscriptions > Subscription ID
-
Tenant ID (Azure calls this the Directory ID): Azure Active Directory > Properties > Directory ID
-
Client ID (Azure calls this the Application ID): All Services > Filter by “app registrations” > App Registrations > Click your application > Copy the Application ID
-
Client Password (Azure calls this the Client Secret): All Services > Filter by “app registrations” > App Registrations > Click your application > Certificates & Secrets > Client Secrets > New client secret
Before you begin, or if you get a permissions error, you will want to go through your Azure account to check all of your permissions.
Log in to the Azure portal, then go to Azure Active Directory > User settings > App Registrations.
-
If “Users can register applications” is set to Yes, you can proceed.
-
If “Users can register applications” is set to No, only global administrators can register apps.
Click Azure Active Directory > Overview to check your account permissions. In this example, the account’s role is User.
-
If your account is assigned to the Global administrator role, you can proceed.
-
If your account is assigned to the User role, and “Users can register applications” is set to Yes, you can proceed.
-
If your account is assigned to the User role, and “Users can register applications” is set to No, you will NOT be able to register an app. You have two options:
-
Ask your administrator to assign your account to the Global administrator role.
-
Ask your administrator to enable users to register apps.
-
You must have an Azure subscription created and assigned to the Azure directory. In order to work, the subscription must be registered with the resource provider Microsoft.Network.
To check this, click All services > Subscriptions
|
Note
|
Copy the Subscription ID. You will need it to create your NKS cluster. |
The resource provider Microsoft.Network is not registered by default. You will need to register it. Select the subscription, then click Settings: Resource Providers.
Here you can check whether Microsoft.Network is registered. If not, find the service and click Register.
|
Note
|
The providers Microsoft.Storage and Microsoft.Compute should also be registered by default. If these have not been registered, find them on the list and register them.
|
If you don’t already have an app, go to Azure Active Directory > App registrations then click New registration to create a new one.
In the pop-up window which appears:
-
Enter a name for the app.
-
Choose the supported account type (Single Tenant, Multitenant, or Multitenant and Personal).
-
Set the Redirect URI (optional).
-
Click Register.
This redirects you to the new application’s information page.
|
Note
|
Copy the Application ID. This is the Client ID you will need to create your NKS cluster. |
Next, give your app a role assignment.
Go to All services > Subscriptions. Click the subscription you want to use for the app.
Click Access Control (IAM) > +Add. In the drop-down menu which appears, choose Add role assignment.
In the pop-up window which appears:
-
Choose
Contributorfor the role. -
Leave the Assign access to drop-down menu at the default choice,
Azure AD user, group, or service principal. -
Search for your app by pasting the App ID into the Select field.
Your app will appear in the search results. Click your app, then click Save.
On the App Registrations page, click your app, then click Certificates & Secrets > +New client secret.
Fill in the description and expiration date, then click Add to generate the key.
|
Important
|
Copy and save the Client Secret. This is the Client Password you will need to create your NKS cluster. You will not be able to view the Client Secret after you leave this page. |
If you lose your Client Secret, you will need to create a new one.
To create an Azure cluster through NetApp Kubernetes Service (NKS) you will need the Subscription ID, Tenant (Directory) ID, and Client (Application) ID.
Shortcut: Find Your Azure Credentials
-
Subscription ID: All Services > Subscriptions > Subscription ID
-
Tenant ID (Azure calls this the Directory ID): Azure Active Directory > Properties > Directory ID
-
Client ID (Azure calls this the Application ID): All Services > Filter by “app registrations” > App Registrations > Click your application > Copy the Application ID
-
Client Password (Azure calls this the Client Secret): All Services > Filter by “app registrations” > App Registrations > Click your application > Certificates & Secrets > Client Secrets > New client secret
Sign in to your Azure account through the Azure portal. Go to All services > Subscriptions and copy the Subscription ID.
Click Azure Active Directory > Properties > Directory ID. This is the Tenant ID you need to create your NKS cluster.
Go to Azure Active Directory > App registrations. Copy the Application ID. This is the Client ID you will need to create your NKS cluster.
Go to Azure Active Directory > App Registrations. Click your app, then click Certificates & Secrets > +New client secret.
Fill in the description and expiration date, then click Add to generate the key.
|
Important
|
Copy and save the Client Secret. This is the Client Password you will need to create your NKS cluster. You will not be able to view the Client Secret after you leave this page. |
If you lose your Client Secret, you will need to create a new one.
Authentication Parameters
-
Subscription ID: Azure calls this "ID" in the output of the
az logincommand. -
Tenant ID: Azure calls this the Directory ID.
-
Client ID: Azure calls this the Application ID.
Log in to the Azure CLI.
az login
Follow the instructions to authenticate. After the log-in and authentication process is complete, this will output account information including the Subscription ID.
|
Note
|
The Subscription ID is labeled "ID" in the output of the az login command.
|
Set the account with the subscription ID.
az account set --subscription "[subscription ID]"
For example, if the subscription ID is a123-b456-c789 the command is:
az account set --subscription "a123-b456-c789"
Create a resource group if one does not already exist.
az group create -n "[resource group name]" -l "westus"
For example, if the resource group name is myResourceGroup the command is:
az group create -n "myResourceGroup" -l "westus"
Create the service principal:
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/[subscription ID]/resourceGroups/[resource group name]"
For example, if the subscription ID is a123-b456-c789 and the resource group name is myResourceGroup, the command is:
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/a123-b456-c789/resourceGroups/myResourceGroup" -o table
This will output account information including the app ID.
Assign the service principal with the role Contributor:
az role assignment create --assignee [appID] --role Contributor
For example, if the app ID is 1234-5678, the command is:
az role assignment create --assignee 1234-5678 --role Contributor
Did this article answer your question? If not, contact us.