Enter a descriptive name for your cloud provider setup, such as “My Azure Account”. From the drop-down, select Microsoft Azure as the provider. Enter the Subscription ID, Tenant ID, Application ID, and Application Secret (all of which were provided when you created the Service Account in the Azure portal). Add the Storage Account and Storage Container to use for storing configuration and application data for your cluster. If it does not already exist, the container will be created.
If this Microsoft Azure account will be your main cloud provider for CycleCloud, check the “Set Default” option. Once you have completed setting the parameters for your Azure account, click Save to continue.
CycleCloud can use Microsoft’s Azure cloud service. It supports both the Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) compute offerings, as well as Azure Block Storage Service.
You will need the following:
- A Microsoft Azure account with an active subscription
- An Owner Service Account to use with CycleCloud
- A Network Security Group set up to allow CycleCloud to communicate with Azure
- A Virtual Network for CycleCloud
Azure uses a subscription ID and authentication certificate for account validation. You can download these in a .publishsettings format by logging into this Azure service. This format easily integrates with CycleCloud.
Creating the Azure Service Account
- Log into your Microsoft Azure Dashboard
- From the left menu, open Azure Active Directory
- Click on App Registrations, then + New Application Registration
- Give your application a unique name (i.e. “MyAzureApplication”)
- Choose “Web App/API” as the Type
- The Sign-on URL is a required field, but not used by CycleCloud. Enter http://localhost so the form will accept your request.
- Click Create
Once your application has been created, click on it to load the app information. From here, click on Settings, then Keys.
- Enter a descriptive name for your key, such as “MyCycleCloudKey”
- Select a duration for your key to be valid: 1-year, 2-years, or Never Expires
- Your key will not be displayed until it has been saved. Click the button at the top of the pane:
You can only view this key once! If you leave this page, you will no longer be able to access the key, which is needed to configure CycleCloud as the “Application Secret”. Copy it now and save it somewhere secure.
After you’ve saved your key, go back to the app information panel. From here, copy the Application ID. This will be used in CycleCloud, along with the key saved in the previous step.
Assigning the Owner Role
To give CycleCloud the required access to your Azure Service Account, you will need to set the service account (application) you just created up as an Owner. To change the Service Account Role:
- Click the blue “Microsoft Azure” text on the top left of your screen to return to the Azure Dashboard
- From the left menu, click on “Subscriptions” (or More Services – Subscriptions)
- Click on the appropriate subscription
- Select Access Control (IAM)
- Click + Add. On the new panel that appears, click on Owner to set the role.
- In Step 2, search for “MyAzureApplication” and select the appropriate item. Click Select.
Creating a Network Security Group
From the Azure Dashboard, click on Network Security Groups. If you don’t see the option, click on More Services and search for or scroll down to Network Security Groups.
- Click + Add
- Give your Network Security Group a unique name. Security groups are managed per region, so we suggest including the region you intend to run in.
- Create a new Resource Group with a unique name
- Click Create
In the dashboard, click on the name of the Network Security Group you just created. If you do not see it, click Refresh. In the new panel, click on Inbound Security Rules and add the following:
- For each entry, Allow the action
- Click OK to add the rule
Creating a Virtual Network
You will need to set up a Virtual Network within Azure to work with CycleCloud. From the main menu, click on Virtual Network. If you don’t see the option, click on More Services and either search for Virtual Networks or scroll down to the Networking section.
- Click + Add
- Enter a unique name for your Virtual Network
- Create a new Resource Group if you don’t have one set up
- The other default settings will suffice for this demonstration
- Select the Resource Group name you created in the previous step
- Click Create
Your Virtual Network requires a subnet, and your Network Security Group assigned to it:
- From the dashboard, click on the Virtual Network you just created
- Under “Settings”, click on Subnets
- Click on the default subnet
- Click on the Network Security Groups header
- Select the group created earlier
- Click OK
The information you need from Microsoft Azure to get it working within CycleCloud can be a little difficult to locate. Here’s a list of what you’ll need, and where to find it:
- Application ID: Click on Dashboard – Azure Active Directory – App Registrations – the application display name
- Application Secret: This is the secret key that you saved when creating your Service Account
- Subscription ID: Dashboard – Virtual Networks – the VN you are using with CycleCloud
- Tenant ID: This is the Directory ID. It is found under Azure Active Directory – Properties – Directory ID.
For more information on Microsoft Azure, check out the Azure Documentation Portal.