sigs.k8s.io/cluster-api-provider-azure@v1.14.3/docs/book/src/topics/getting-started.md

sigs.k8s.io/cluster-api-provider-azure@v1.14.3/docs/book/src/topics/getting-started.md (about)

     1  # Getting started with cluster-api-provider-azure
     2  
     3  ## Prerequisites
     4  
     5  ### Requirements
     6  
     7  <!-- markdown-link-check-disable-next-line -->
     8  - A [Microsoft Azure account](https://azure.microsoft.com/)
     9    - Note: If using a new subscription, make sure to [register](https://learn.microsoft.com/azure/azure-resource-manager/management/resource-providers-and-types) the following resource providers:
    10      - `Microsoft.Compute`
    11      - `Microsoft.Network`
    12      - `Microsoft.ContainerService`
    13      - `Microsoft.ManagedIdentity`
    14      - `Microsoft.Authorization`
    15      - `Microsoft.ResourceHealth` (if the `EXP_AKS_RESOURCE_HEALTH` feature flag is enabled)
    16  - Install the [Azure CLI](https://learn.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest)
    17  - A [supported version](https://github.com/kubernetes-sigs/cluster-api-provider-azure#compatibility) of `clusterctl`
    18  
    19  ### Setting up your Azure environment
    20  
    21  An Azure Service Principal is needed for deploying Azure resources. The below instructions utilize [environment-based authentication](https://learn.microsoft.com/go/azure/azure-sdk-go-authorization#use-environment-based-authentication).
    22  
    23    1. Login with the Azure CLI.
    24  
    25     ```bash
    26    az login
    27     ```
    28  
    29    2. List your Azure subscriptions.
    30  
    31     ```bash
    32    az account list -o table
    33     ```
    34  
    35    3. If more than one account is present, select the account that you want to use.
    36  
    37     ```bash
    38    az account set -s <SubscriptionId>
    39     ```
    40  
    41    4. Save your Subscription ID in an environment variable.
    42  
    43    ```bash
    44    export AZURE_SUBSCRIPTION_ID="<SubscriptionId>"
    45    ```
    46  
    47    5. Create an Azure Service Principal by running the following command or skip this step and use a previously created Azure Service Principal.
    48    NOTE: the "owner" role is required to be able to create role assignments for [system-assigned managed identity](vm-identity.md).
    49  
    50    ```bash
    51    az ad sp create-for-rbac --role contributor --scopes="/subscriptions/${AZURE_SUBSCRIPTION_ID}"
    52    ```
    53  
    54    6. Save the output from the above command somewhere easily accessible and secure. You will need to save the `tenantID`, `clientID`, and `client secret`. When creating a Cluster, you will need to provide these values as a part of the `AzureClusterIdentity` object. Note that authentication via environment variables is now removed and an `AzureClusterIdentity` is required to be created. An example `AzureClusterIdentity` object is shown below:
    55  
    56    ```yaml
    57    apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
    58    kind: AzureClusterIdentity
    59    metadata:
    60      labels:
    61        clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
    62      name: <cluster-identity-name>
    63      namespace: default
    64    spec:
    65      allowedNamespaces: {}
    66      clientID: <clientID>
    67      clientSecret:
    68        name: <client-secret-name>
    69        namespace: <client-secret-namespace>
    70      tenantID: <tenantID>
    71      type: ServicePrincipal
    72    ```
    73  
    74  <aside class="note warning">
    75  
    76  <h1> Warning </h1>
    77  
    78  NOTE: If your password contains single quotes (`'`), make sure to escape them. To escape a single quote, close the quoting before it, insert the single quote, and re-open the quoting.
    79  For example, if your password is `foo'blah$`, you should do `export AZURE_CLIENT_SECRET='foo'\''blah$'`.
    80  
    81  </aside>
    82  
    83  <aside class="note warning">
    84  
    85  <h1> Warning </h1>
    86  
    87  The capability to set credentials using environment variables is now deprecated and will be removed in future releases, the recommended approach is to use `AzureClusterIdentity` as explained [here](multitenancy.md)
    88  
    89  </aside>
    90  
    91  
    92  ### Building your first cluster
    93  Check out the [Cluster API Quick Start](https://cluster-api.sigs.k8s.io/user/quick-start.html) to create your first Kubernetes cluster on Azure using Cluster API. Make sure to select the "Azure" tabs.
    94  
    95  If you are looking to install additional ASO CRDs, set `ADDITIONAL_ASO_CRDS` to the list of CRDs you want to install. Refer to adding additional CRDs for Azure Service Operator [here](aso.md#Using-aso-for-non-capz-resources).
    96  
    97  <h1> Warning </h1>
    98  
    99  Not all versions of clusterctl are supported.  Please see which versions are [currently supported](https://github.com/kubernetes-sigs/cluster-api-provider-azure#compatibility)
   100  
   101  ### Documentation
   102  
   103  Please see the [CAPZ book](https://capz.sigs.k8s.io) for in-depth user documentation.