To create and use Azure services, you first need to sign up. If you’ve never tried or paid for Azure before, you can sign up for the Azure free account.
-
In a web browser, go to https://azure.microsoft.com/free.
-
Follow the online instructions.
-
Make sure the Azure account has permission to manage applications in Azure Active Directory (Azure AD). Any of the following Azure AD roles include the required permissions:
- Application administrator
- Application developer
- Cloud application administrator
Step 2: Register an application
- Search for and select Azure Active Directory.
- Under Manage, select App registrations > New registration.
-
Enter a display Name for your application. The app registration's automatically generated Application (client) ID, not its display name, uniquely identifies your app within the identity platform.
-
Specify who can use the application
-
Don't enter anything for Redirect URI
- When registration finishes, the Azure portal displays the app registration's Overview pane. You see the Application (client) ID. Also called the client ID, this value uniquely identifies your application in the Microsoft identity platform.
Credentials are used by confidential client applications that access a web API. Examples of confidential clients are web apps, other web APIs, or service-type and daemon-type applications. These Credentials allow your application to authenticate as itself, requiring no interaction from a user at runtime.
- In the Azure portal, in App registrations, select your application.
- Select Certificates & secrets > Client secrets > New client secret.
- Add a description for your client secret.
- Select an expiration for the secret or specify a custom lifetime.
- Client secret lifetime is limited to two years (24 months) or less. You can't specify a custom lifetime longer than 24 months.
- Select Add.
- Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.
Step 4: Set up Access Control (IAM)
Azure role-based access control (Azure RBAC) is the authorization system you use to manage access to Azure resources. To grant access, you assign roles to users, groups, service principals, or managed identities at a particular scope.
-
Sign in to the Azure portal.
-
Go to your Subscriptions.
-
Open the Add role assignment page
Access control (IAM) is the page that you typically use to assign roles to grant access to Azure resources. It's also known as identity and access management (IAM) and appears in several locations in the Azure portal. -
Click Access control (IAM).
- Click the Role assignments tab to view the role assignments at this scope.
-
Click Add > Add role assignment.
If you don't have permissions to assign roles, the Add role assignment option will be disabled. -
On the Roles tab, select a role that you want to use.
You can search for a role by name or by description. You can also filter roles by type and category.
Add the Contributor Role and if your using a AKS cluster add the Network contributor role once you finish adding the Contributor role
-
Click Next.
-
On the Members tab, select User, group, or service principal to assign the selected role to one or more Azure AD users, groups, or service principals (applications).
-
Click Select members.
-
Find and select the users, groups, or service principals.
You can type in the Select box to search the directory for your app name -
Click Select to add the app to the Members list.
-
Click Next.
- On the Review + assign tab, review the role assignment settings.
- Click Review + assign to assign the role.
After a few moments, the security principal is assigned the role at the selected scope.
In the end you should have all the credentials for a cluster deployment on azure
-
ARM_CLIENT_SECRET from Secret Value
-
ARM_TENANT_ID & ARM_CLIENT_ID from App Overview
-
ARM_SUBSCRIPTION_ID from subscription overview
If you have any additional questions that are not covered in this FAQ, please feel free to reach out to us for further assistance.