Skip to main content
Skip table of contents

Azure Create a Service Principal

An Azure service principal is an identity created for use with applications, hosted services and other automated tools used to access resources in Azure. Service principals provide access to Azure resources with your subscription level. The access is restricted by the roles assigned to the service principal.

Configure Azure Service Principal

If you have already set a service principal, then the environment variables needed by KIB ([AZURE_CLIENT_SECRET, AZURE_CLIENT_ID, AZURE_TENANT_ID, AZURE_SUBSCRIPTION_ID] ) are set and do not need repeated if you are still working in the same window.

If you have not executed the Azure Prerequisite steps, they are listed below.

  1. Sign in to Azure:

    CODE 
    az login

     

    CODE 
    [
  {
    "cloudName": "AzureCloud",
    "homeTenantId": "a1234567-b132-1234-1a11-1234a5678b90",
    "id": "b1234567-abcd-11a1-a0a0-1234a5678b90",
    "isDefault": true,
    "managedByTenants": [],
    "name": "Mesosphere Developer Subscription",
    "state": "Enabled",
    "tenantId": "a1234567-b132-1234-1a11-1234a5678b90",
    "user": {
      "name": "user@azuremesosphere.onmicrosoft.com",
      "type": "user"
    }
  }
]

  2. Create an Azure Service Principal (SP) by running the following command:

    If an SP with the name exists, this command will rotate the password.

    CODE 
    az ad sp create-for-rbac --role contributor --name "$(whoami)-konvoy" --scopes=/subscriptions/$(az account show --query id -o tsv) --query "{ client_id: appId, client_secret: password, tenant_id: tenant }"
    CODE 
    {
  "client_id": "7654321a-1a23-567b-b789-0987b6543a21",
  "client_secret": "Z79yVstq_E.R0R7RUUck718vEHSuyhAB0C",
  "tenant_id": "a1234567-b132-1234-1a11-1234a5678b90"
}

  3. Set the AZURE_CLIENT_SECRET environment variable:

    CODE 
    export AZURE_CLIENT_SECRET="<azure_client_secret>" # Z79yVstq_E.R0R7RUUck718vEHSuyhAB0C
export AZURE_CLIENT_ID="<client_id>"               # 7654321a-1a23-567b-b789-0987b6543a21
export AZURE_TENANT_ID="<tenant_id>"               # a1234567-b132-1234-1a11-1234a5678b90
export AZURE_SUBSCRIPTION_ID="<subscription_id>"   # b1234567-abcd-11a1-a0a0-1234a5678b90

  4. Ensure you have an override file to configure specific attributes of your Azure image. Otherwise, edit the YAML file for your OS directly.

Next Step

Azure Using Konvoy Image Builder

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close