Azure provider

Install the Azure provider

Install the provider into the Kubernetes cluster with a Kubernetes configuration file.

cat <<EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: upbound-provider-azure
spec:
  package: xpkg.upbound.io/upbound/provider-azure:v0.32.0
EOF

The Crossplane Provider Custom Resource Definitions tells Kubernetes how to connect to the provider.

Verify the provider installed with kubectl get providers.

TipIt may take up to five minutes for the provider to list HEALTHY as True.

kubectl get providers
NAME                     INSTALLED   HEALTHY   PACKAGE                                          AGE
upbound-provider-azure   True        True      xpkg.upbound.io/upbound/provider-azure:v0.32.0   22m

A provider installs their own Kubernetes Custom Resource Definitions (CRDs). These CRDs allow you to create Azure resources directly inside Kubernetes.

You can view the new CRDs with kubectl get crds. Every CRD maps to a unique Azure service Crossplane can provision and manage.

Create a Kubernetes secret for Azure

The provider requires credentials to create and manage Azure resources. Providers use a Kubernetes Secret to connect the credentials to the provider.

This guide generates an Azure service principal JSON file and saves it as a Kubernetes Secret.

TipOther authentication methods exist and are beyond the scope of this guide. The Provider documentation contains information on alternative authentication methods.

Install the Azure command-line

Generating an authentication file requires the Azure command-line. Follow the documentation from Microsoft to Download and install the Azure command-line.

Log in to the Azure command-line.

az login

Create an Azure service principal

Follow the Azure documentation to find your Subscription ID from the Azure Portal.

Using the Azure command-line and provide your Subscription ID create a service principal and authentication file.

az ad sp create-for-rbac \
--sdk-auth \
--role Owner \
--scopes /subscriptions/$$<subscription_id>$$

Save your Azure JSON output as azure-credentials.json.

Create a Kubernetes secret with the Azure credentials

A Kubernetes generic secret has a name and contents. Use kubectl create secret to generate the secret object named azure-secret in the crossplane-system namespace.

Use the --from-file= argument to set the value to the contents of the azure-credentials.json file.

kubectl create secret \
generic azure-secret \
-n crossplane-system \
--from-file=creds=./azure-credentials.json

View the secret with kubectl describe secret

kubectl describe secret azure-secret -n crossplane-system
Name:         azure-secret
Namespace:    crossplane-system
Labels:       <none>
Annotations:  <none>

Type:  Opaque

Data
====
creds:  629 bytes

Create a ProviderConfig

A ProviderConfig customizes the settings of the Azure Provider.

Apply the ProviderConfig with the command:

cat <<EOF | kubectl apply -f -
apiVersion: azure.upbound.io/v1beta1
metadata:
  name: default
kind: ProviderConfig
spec:
  credentials:
    source: Secret
    secretRef:
      namespace: crossplane-system
      name: azure-secret
      key: creds
EOF

This attaches the Azure credentials, saved as a Kubernetes secret, as a secretRef .

The spec.credentials.secretRef.name value is the name of the Kubernetes secret containing the Azure credentials in the spec.credentials.secretRef.namespace .

PreviousIntroNextAWS provider

Last updated