Azure
In Azure, an Account maps to a credential able to authenticate against a given Azure subscription.
Prerequisites
You need a Service Principal
to authenticate with Azure and a Key Vault
to store a default username/password for deployed VM Scale Sets.
The next steps assume the use of the Azure CLI 2.0.
The example commands will set environment variables along the way for use when
creating an account in the final stage. You can check that you have az
installed by running:
az --version
First, log in and set your subscription:
az login
az account list
SUBSCRIPTION_ID=<Insert Subscription ID>
az account set --subscription $SUBSCRIPTION_ID
Next, create a Service Principal (where the name is unique in your subscription) and set environment variables based on the output:
az ad sp create-for-rbac --name "Spinnaker"
APP_ID=<Insert App Id>
TENANT_ID=<Insert Tenant Id>
NOTE: You will need the App Key (also called password) when creating an account, but you will be prompted on standard input for that since it is sensitive data.
Next, create a resource group for your Key Vault. Make sure to specify a location (e.g. westus) available in your account:
az account list-locations --query [].name
RESOURCE_GROUP="Spinnaker"
az group create --name $RESOURCE_GROUP --location <Insert Location>
Finally, create a Key Vault (where the vault name is globally unique) and add a default username/password:
VAULT_NAME=<Insert Vault Name>
az keyvault create --enabled-for-template-deployment true --resource-group $RESOURCE_GROUP --name $VAULT_NAME
az keyvault set-policy --secret-permissions get --name $VAULT_NAME --spn $APP_ID
az keyvault secret set --name VMUsername --vault-name $VAULT_NAME --value <Insert default username>
az keyvault secret set --name VMPassword --vault-name $VAULT_NAME --value <Insert default password>
Adding an account
First, make sure the provider is enabled:
hal config provider azure enable
Next, run the following hal
command to add an account named my-azure-account
to your list of Azure accounts:
hal config provider azure account add my-azure-account \
--client-id $APP_ID \
--tenant-id $TENANT_ID \
--subscription-id $SUBSCRIPTION_ID \
--default-key-vault $VAULT_NAME \
--default-resource-group $RESOURCE_GROUP \
--app-key
NOTE: You will be prompted for the App Key on standard input. If necessary, you can generate a new key:
az ad sp credential reset --name $APP_ID
Advanced account settings
You can view the available configuration flags for Azure within the Halyard reference.
Next steps
Optionally, you can set up another cloud provider, but otherwise you’re ready to choose an environment in which to install Spinnaker.