mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
96 lines
3.0 KiB
Plaintext
96 lines
3.0 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * installing/installing_azure/installing-azure-user-infra.adoc
|
|
// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
|
|
// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
|
|
|
|
ifeval::["{context}" == "installing-azure-user-infra"]
|
|
:azure:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
|
|
:ash:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
|
|
:azure:
|
|
endif::[]
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="installation-azure-create-resource-group-and-identity_{context}"]
|
|
= Creating the Azure resource group
|
|
|
|
ifdef::azure[]
|
|
You must create a Microsoft Azure link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups[resource group] and an identity for that resource group. These are both used during the installation of your {product-title} cluster on Azure.
|
|
endif::azure[]
|
|
ifdef::ash[]
|
|
You must create a Microsoft Azure link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups[resource group]. This is used during the installation of your {product-title} cluster on Azure Stack Hub.
|
|
endif::ash[]
|
|
|
|
.Procedure
|
|
|
|
ifdef::azure[]
|
|
. Create the resource group in a supported Azure region:
|
|
endif::azure[]
|
|
ifdef::ash[]
|
|
* Create the resource group in a supported Azure region:
|
|
endif::ash[]
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ az group create --name ${RESOURCE_GROUP} --location ${AZURE_REGION}
|
|
----
|
|
|
|
ifdef::azure[]
|
|
. Create an Azure identity for the resource group:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ az identity create -g ${RESOURCE_GROUP} -n ${INFRA_ID}-identity
|
|
----
|
|
+
|
|
This is used to grant the required access to Operators in your cluster. For
|
|
example, this allows the Ingress Operator to create a public IP and its load
|
|
balancer. You must assign the Azure identity to a role.
|
|
|
|
. Grant the Contributor role to the Azure identity:
|
|
|
|
.. Export the following variables required by the Azure role assignment:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ export PRINCIPAL_ID=`az identity show -g ${RESOURCE_GROUP} -n ${INFRA_ID}-identity --query principalId --out tsv`
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ export RESOURCE_GROUP_ID=`az group show -g ${RESOURCE_GROUP} --query id --out tsv`
|
|
----
|
|
|
|
.. Assign the Contributor role to the identity:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ az role assignment create --assignee "${PRINCIPAL_ID}" --role 'Contributor' --scope "${RESOURCE_GROUP_ID}"
|
|
----
|
|
+
|
|
[NOTE]
|
|
====
|
|
If you want to assign a custom role with all the required permissions to the identity, run the following command:
|
|
[source,terminal]
|
|
----
|
|
$ az role assignment create --assignee "${PRINCIPAL_ID}" --role <custom_role> \ <1>
|
|
--scope "${RESOURCE_GROUP_ID}"
|
|
----
|
|
<1> Specifies the custom role name.
|
|
====
|
|
endif::azure[]
|
|
|
|
ifeval::["{context}" == "installing-azure-user-infra"]
|
|
:!azure:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
|
|
:!ash:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-restricted-networks-azure-user-provisioned"]
|
|
:!azure:
|
|
endif::[]
|