How-To: Configure the Azure cloud provider with Service Principal
Categories:
The Azure provider allows you to deploy and connect to Azure resources from a self-hosted Radius Environment. It can be configured:
Prerequisites
Interactive configuration
-
Initialize a new environment with
rad init --full
:rad init --full
-
Follow the prompts, specifying:
-
Namespace - The Kubernetes namespace where your application containers and networking resources will be deployed (different than the Radius control-plane namespace,
radius-system
) -
Add an Azure provider
- Pick the subscription and resource group to deploy your Azure resources to. The resource group should exist.
- Select the “Service Principal” option.
- Run
az ad sp create-for-rbac
to create a Service Principal without a role assignment and obtain yourappId
,displayName
,password
, andtenant
information.
{ "appId": "****", "displayName": "****", "password": "****", "tenant": "****" } ``` Enter the `appId`, `password`, and `tenant` information when prompted. 4. Grant the service principal access to the resource group using the Azure role that allows creating the resource you plan to deploy.
-
Environment name - The name of the environment to create
You should see the following output:
Initializing Radius... ✅ Install Radius v0.51 - Kubernetes cluster: k3d-k3s-default - Kubernetes namespace: radius-system - Azure service principal: **** ✅ Create new environment default - Kubernetes namespace: default - Azure: subscription ***** and resource group *** ✅ Scaffold application samples ✅ Update local configuration Initialization complete! Have a RAD time 😎
-
Manual configuration
-
Use
rad env update
to update your Radius Environment with your Azure subscription ID and Azure resource group. The resource group should exist:rad env update myEnvironment --azure-subscription-id myAzureSubscriptionId --azure-resource-group myAzureResourceGroup
-
Run
az ad sp create-for-rbac
to create a Service Principal without a role assignment and obtain yourappId
,displayName
,password
, andtenant
information.{ "appId": "****", "displayName": "****", "password": "****", "tenant": "****" }
-
Grant the service principal access to the resource group using the Azure role that allows creating the resource you plan to deploy.
-
Use
rad credential register azure
to add the Azure service principal to your Radius installation:rad credential register azure sp --client-id myClientId --client-secret myClientSecret --tenant-id myTenantId
Radius will use the provided service principal for all interactions with Azure, including Bicep and Recipe deployments.
Feedback
Was this page helpful?
Glad to hear it! Please feel free to star our repo and join our Discord server to stay up to date with the project.
Sorry to hear that. If you would like to also contribute a suggestion visit and tell us how we can improve.