Adding Microsoft Azure to Crossplane
This document applies to Crossplane version v1.9 and not to the latest release v1.10.
In this guide, we will walk through the steps necessary to configure your Azure account to be ready for integration with Crossplane. The general steps we will take are summarized below:
- Create a new service principal (account) that Crossplane will use to create and manage Azure resources
- Add the required permissions to the account
- Consent to the permissions using an administrator account
In order to manage resources in Azure, you must provide credentials for a Azure service principal that Crossplane can use to authenticate. This assumes that you have already set up the Azure CLI client with your credentials.
Create a JSON file that contains all the information needed to connect and authenticate to Azure:
Take note of the
clientID value from the JSON file that we just created, and
save it to an environment variable:
Now add the required permissions to the service principal that will allow it to manage the necessary resources in Azure:
You might see an error similar to the following, but that is OK, the permissions should have gone through still:
Finally, you need to grant admin permissions on the Azure Active Directory to
the service principal because it will need to create other service principals
Note: You might need
Global Administrator role to
Grant admin consent for Default Directory. Please contact the administrator of your Azure subscription.
To check your role, go to
Azure Active Directory ->
Roles and administrators. You can find your role(s) by clicking on
Your Role (Preview)
After these steps are completed, you should have the following file on your local filesystem:
Before creating any resources, we need to create and configure an Azure cloud
provider resource in Crossplane, which stores the cloud account information in
it. All the requests from Crossplane to Azure Cloud will use the credentials
attached to this provider resource. The following command assumes that you have
crossplane-azure-provider-key.json file that belongs to the account you’d
like Crossplane to use.
Now we’ll create our
Secret that contains the credential and
resource that refers to that secret:
The output will look like the following:
Crossplane resources use the
default if no specific
ProviderConfig is specified, so this
ProviderConfig will be the default for
all Azure resources.