How-To: Configure the Azure cloud provider with Service Principal
Categories:
The Azure provider allows you to deploy and connect to Azure resources from a self-hosted Radius Environment. It can be configured:
Prerequisites
Interactive configuration
-
Initialize a new environment with
rad init --full
:rad init --full
-
Follow the prompts, specifying:
-
Namespace - The Kubernetes namespace where your application containers and networking resources will be deployed (different than the Radius control-plane namespace,
radius-system
) -
Add an Azure provider
- Pick the subscription and resource group to deploy your Azure resources to
- Select the “Service Principal” option
- Run
az ad sp create-for-rbac
to create a Service Principal without a role assignment and obtain yourappId
,displayName
,password
, andtenant
information.
{ "appId": "****", "displayName": "****", "password": "****", "tenant": "****" } ``` Enter the `appId`, `password`, and `tenant` information when prompted.
-
Environment name - The name of the environment to create
You should see the following output:
Initializing Radius... ✅ Install Radius v0.41 - Kubernetes cluster: k3d-k3s-default - Kubernetes namespace: radius-system - Azure service principal: **** ✅ Create new environment default - Kubernetes namespace: default - Azure: subscription ***** and resource group *** ✅ Scaffold application samples ✅ Update local configuration Initialization complete! Have a RAD time 😎
-
Manual configuration
-
Use
rad env update
to update your Radius Environment with your Azure subscription ID and Azure resource group:rad env update myEnvironment --azure-subscription-id myAzureSubscriptionId --azure-resource-group myAzureResourceGroup
-
Run
az ad sp create-for-rbac
to create a Service Principal without a role assignment and obtain yourappId
,displayName
,password
, andtenant
information.{ "appId": "****", "displayName": "****", "password": "****", "tenant": "****" }
-
Use
rad credential register azure
to add the Azure service principal to your Radius installation:rad credential register azure sp --client-id myClientId --client-secret myClientSecret --tenant-id myTenantId
Radius will use the provided service principal for all interactions with Azure, including Bicep and Recipe deployments.
Feedback
Was this page helpful?
Glad to hear it! Please feel free to star our repo and join our Discord server to stay up to date with the project.
Sorry to hear that. If you would like to also contribute a suggestion visit and tell us how we can improve.