How-To: Configure the Azure cloud provider with Service Principal

Learn how to configure the Azure provider with Service Principal for your Radius Environment

The Azure provider allows you to deploy and connect to Azure resources from a self-hosted Radius Environment. It can be configured:

Prerequisites

Interactive configuration

  1. Initialize a new environment with rad init --full:

    rad init --full
    
  2. Follow the prompts, specifying:

    • Namespace - The Kubernetes namespace where your application containers and networking resources will be deployed (different than the Radius control-plane namespace, radius-system)

    • Add an Azure provider

      1. Pick the subscription and resource group to deploy your Azure resources to
      2. Select the “Service Principal” option
      3. Run az ad sp create-for-rbac to create a Service Principal without a role assignment and obtain your appId, displayName, password, and tenant information.
         {
         "appId": "****",
         "displayName": "****",
         "password": "****",
         "tenant": "****"
         }
         ```
         Enter the `appId`, `password`, and `tenant` information when prompted.
      
    • Environment name - The name of the environment to create

    You should see the following output:

    Initializing Radius...
    
    ✅ Install Radius v0.41
       - Kubernetes cluster: k3d-k3s-default
       - Kubernetes namespace: radius-system
       - Azure service principal: ****
    ✅ Create new environment default
       - Kubernetes namespace: default
       - Azure: subscription ***** and resource group ***
    ✅ Scaffold application samples
    ✅ Update local configuration
    
    Initialization complete! Have a RAD time 😎
    

Manual configuration

  1. Use rad env update to update your Radius Environment with your Azure subscription ID and Azure resource group:

    rad env update myEnvironment --azure-subscription-id myAzureSubscriptionId --azure-resource-group  myAzureResourceGroup
    
  2. Run az ad sp create-for-rbac to create a Service Principal without a role assignment and obtain your appId, displayName, password, and tenant information.

    {
    "appId": "****",
    "displayName": "****",
    "password": "****",
    "tenant": "****"
    }
    
  3. Use rad credential register azure to add the Azure service principal to your Radius installation:

    rad credential register azure sp --client-id myClientId  --client-secret myClientSecret  --tenant-id myTenantId
    

    Radius will use the provided service principal for all interactions with Azure, including Bicep and Recipe deployments.