Azure provider
Install the Azure provider
Install the provider into the Kubernetes cluster with a Kubernetes configuration file.
yaml
cat <<EOF | kubectl apply -f -
apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
name: upbound-provider-azure
spec:
package: xpkg.upbound.io/upbound/provider-azure:v0.32.0
EOF
plaintext
The Crossplane Provider Custom Resource Definitions tells Kubernetes how to connect to the provider.
Verify the provider installed with kubectl get providers.
TipIt may take up to five minutes for the provider to list HEALTHY as True.
shell
kubectl get providers
NAME INSTALLED HEALTHY PACKAGE AGE
upbound-provider-azure True True xpkg.upbound.io/upbound/provider-azure:v0.32.0 22m
plaintext
A provider installs their own Kubernetes Custom Resource Definitions (CRDs). These CRDs allow you to create Azure resources directly inside Kubernetes.
You can view the new CRDs with kubectl get crds. Every CRD maps to a unique Azure service Crossplane can provision and manage.
Create a Kubernetes secret for Azure
The provider requires credentials to create and manage Azure resources. Providers use a Kubernetes Secret to connect the credentials to the provider.
This guide generates an Azure service principal JSON file and saves it as a Kubernetes Secret.
TipOther authentication methods exist and are beyond the scope of this guide. The Provider documentation contains information on alternative authentication methods.
Install the Azure command-line
Generating an authentication file requires the Azure command-line.
Follow the documentation from Microsoft to Download and install the Azure command-line.
Log in to the Azure command-line.
command
az login
plaintext
Create an Azure service principal
Follow the Azure documentation to find your Subscription ID from the Azure Portal.
Using the Azure command-line and provide your Subscription ID create a service principal and authentication file.
console
az ad sp create-for-rbac \
--sdk-auth \
--role Owner \
--scopes /subscriptions/$$<subscription_id>$$
plaintext
Save your Azure JSON output as azure-credentials.json.
Create a Kubernetes secret with the Azure credentials
A Kubernetes generic secret has a name and contents. Use kubectl create secret to generate the secret object named azure-secret in the crossplane-system namespace.
Use the --from-file= argument to set the value to the contents of the azure-credentials.json file.
shell
kubectl create secret \
generic azure-secret \
-n crossplane-system \
--from-file=creds=./azure-credentials.json
plaintext
View the secret with kubectl describe secret
```shell
kubectl describe secret azure-secret -n crossplane-system
Name: azure-secret
Namespace: crossplane-system
Labels:
Type: Opaque
Data
creds: 629 bytes ```plaintext
Create a ProviderConfig
A ProviderConfig customizes the settings of the Azure Provider.
Apply the ProviderConfig with the command:
yaml
cat <<EOF | kubectl apply -f -
apiVersion: azure.upbound.io/v1beta1
metadata:
name: default
kind: ProviderConfig
spec:
credentials:
source: Secret
secretRef:
namespace: crossplane-system
name: azure-secret
key: creds
EOF
plaintext
This attaches the Azure credentials, saved as a Kubernetes secret, as a secretRef .
The spec.credentials.secretRef.name value is the name of the Kubernetes secret containing the Azure credentials in the spec.credentials.secretRef.namespace .