How-To: Configure the Azure cloud provider with Service Principal

The Azure provider allows you to deploy and connect to Azure resources from a self-hosted Radius Environment. It can be configured:

• Prerequisites
• Interactive configuration
• Manual configuration

Prerequisites

• Azure subscription
• az CLI
• rad CLI

Interactive configuration

1. Initialize a new environment with rad init --full:

   rad init --full
   

2. Follow the prompts, specifying:

   • Namespace - The Kubernetes namespace where your application containers and networking resources will be deployed (different than the Radius control-plane namespace, radius-system)

   • Add an Azure provider

     1. Pick the subscription and resource group to deploy your Azure resources to. The resource group should exist.
     2. Select the “Service Principal” option.
     3. Run az ad sp create-for-rbac to create a Service Principal without a role assignment and obtain your appId, displayName, password, and tenant information.

        {
        "appId": "****",
        "displayName": "****",
        "password": "****",
        "tenant": "****"
        }
        ```
        Enter the `appId`, `password`, and `tenant` information when prompted.
     4. Grant the service principal access to the resource group using the Azure role that allows creating the resource you plan to deploy.
     

   • Environment name - The name of the environment to create

   You should see the following output:

   Initializing Radius...
   
   ✅ Install Radius v0.52
      - Kubernetes cluster: k3d-k3s-default
      - Kubernetes namespace: radius-system
      - Azure service principal: ****
   ✅ Create new environment default
      - Kubernetes namespace: default
      - Azure: subscription ***** and resource group ***
   ✅ Scaffold application samples
   ✅ Update local configuration
   
   Initialization complete! Have a RAD time 😎
   

Manual configuration

1. Use rad env update to update your Radius Environment with your Azure subscription ID and Azure resource group. The resource group should exist:

   rad env update myEnvironment --azure-subscription-id myAzureSubscriptionId --azure-resource-group  myAzureResourceGroup
   

2. Run az ad sp create-for-rbac to create a Service Principal without a role assignment and obtain your appId, displayName, password, and tenant information.

   {
   "appId": "****",
   "displayName": "****",
   "password": "****",
   "tenant": "****"
   }
   

3. Grant the service principal access to the resource group using the Azure role that allows creating the resource you plan to deploy.

4. Use rad credential register azure to add the Azure service principal to your Radius installation:

   rad credential register azure sp --client-id myClientId  --client-secret myClientSecret  --tenant-id myTenantId
   

   Radius will use the provided service principal for all interactions with Azure, including Bicep and Recipe deployments.