An Azure Service Principal is needed for deploying Azure resources. The below instructions utilize environment-based authentication.
- Login with the Azure CLI.
- List your Azure subscriptions.
az account list -o table
- If more than one account is present, select the account that you want to use.
az account set -s <SubscriptionId>
- Save your Subscription ID in an environment variable.
- Create an Azure Service Principal by running the following command or skip this step and use a previously created Azure Service Principal. NOTE: the “owner” role is required to be able to create role assignments for system-assigned managed identity.
az ad sp create-for-rbac --role contributor
- Save the output from the above command in environment variables.
export AZURE_TENANT_ID="<Tenant>" export AZURE_CLIENT_ID="<AppId>" export AZURE_CLIENT_SECRET='<Password>' export AZURE_LOCATION="eastus" # this should be an Azure region that your subscription has quota for.
:warning: NOTE: If your password contains single quotes (
'), make sure to escape them. To escape a single quote, close the quoting before it, insert the single quote, and re-open the quoting.
For example, if your password is
foo'blah$, you should do
Check out the Cluster API Quick Start to create your first Kubernetes cluster on Azure using Cluster API. Make sure to select the “Azure” tabs.
Please see the CAPZ book for in-depth user documentation.