Skip to main content
Skip table of contents

Azure using Konvoy Image Builder

This procedure describes how to use the Konvoy Image Builder (KIB) to create a Cluster API compliant Azure Virtual Machine (VM) Image. The VM Image contains the base operating system you specify and all the necessary Kubernetes components. The Konvoy Image Builder uses variable overrides to specify the base image and container images to use in your new Azure VM image.

The default Azure image is not recommended for use in production. We suggest using KIB for Azure to build the image in order to take advantage of enhanced cluster operations. To explore more information on this topic refer to the Azure Infrastructure.


Before you begin, you must:

Extract the KIB Bundle

Extract the bundle and cd into the extracted konvoy-image-bundle-$VERSION_$OS folder. The bundled version of konvoy-image contains an embedded docker image that contains all the requirements for building.

The konvoy-image binary and all supporting folders are also extracted. When extracted, konvoy-image bind mounts the current working directory (${PWD}) into the container to be used.

Configure Azure Prerequisites

If you have already followed the Azure Prerequisites topic steps, then the environment variables needed by KIB ([AZURE_CLIENT_SECRET, AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_SUBSCRIPTION_ID] ) are set and do not need repeated if you are still working in the same window.

If you have not executed the Azure Prerequisite steps, they are listed below.

  1. Sign in to Azure:

    az login


        "cloudName": "AzureCloud",
        "homeTenantId": "a1234567-b132-1234-1a11-1234a5678b90",
        "id": "b1234567-abcd-11a1-a0a0-1234a5678b90",
        "isDefault": true,
        "managedByTenants": [],
        "name": "Mesosphere Developer Subscription",
        "state": "Enabled",
        "tenantId": "a1234567-b132-1234-1a11-1234a5678b90",
        "user": {
          "name": "",
          "type": "user"
  2. Create an Azure Service Principal (SP) by running the following command:

    If an SP with the name exists, this command will rotate the password.

    az ad sp create-for-rbac --role contributor --name "$(whoami)-konvoy" --scopes=/subscriptions/$(az account show --query id -o tsv) --query "{ client_id: appId, client_secret: password, tenant_id: tenant }"
      "client_id": "7654321a-1a23-567b-b789-0987b6543a21",
      "client_secret": "Z79yVstq_E.R0R7RUUck718vEHSuyhAB0C",
      "tenant_id": "a1234567-b132-1234-1a11-1234a5678b90"
  3. Set the AZURE_CLIENT_SECRET environment variable:

    export AZURE_CLIENT_SECRET="<azure_client_secret>" # Z79yVstq_E.R0R7RUUck718vEHSuyhAB0C
    export AZURE_CLIENT_ID="<client_id>"               # 7654321a-1a23-567b-b789-0987b6543a21
    export AZURE_TENANT_ID="<tenant_id>"               # a1234567-b132-1234-1a11-1234a5678b90
    export AZURE_SUBSCRIPTION_ID="<subscription_id>"   # b1234567-abcd-11a1-a0a0-1234a5678b90
  4. Ensure you have an override file to configure specific attributes of your Azure image.

Next Step:

Azure Bootstrap

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.