Add Cloud Credentials
Sign with Your Credential
Manager/Partner: Use your Credentials to sign to your Cloud in OpenStack, Amazon or Azure.
If you are struggling with adding the clouds, try Where to find credentials tab.
Here are examples for each cloud:
Openstack
Requirements for Openstack
For Openstack: a taikun image must already exist in the openstack cloud. Requirement is an Ubuntu 20 image and we recommend using a recent kernel, e.g. a base Ubuntu image with hwe kernel here: https://repo.itera.io/repository/images/taikun-image.qcow2
To use the image in Taikun you have to use the tags "taikun" and "ubuntu{number}”. By default Taikun will take image with the latest {number}.
Command to add an image to openstack:
openstack image create --disk-format qcow2 --container-format bare --public --tag taikun --tag ubuntu20.04 --property hw_disk_bus=scsi --property hw_scsi_model=virtio-scsi taikun-focal-image --file taikun-image.qcow2
Add new CC:
Cloud Name - choose name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
User - your user name to OpenStack (e.g. user)
Password - your password to OpenStack (e.g. 123abc)
URL - Endpoint-Identity (e.g. https://cloud.mycloud.com:32132)
Domain - insert domain name (e.g. default)
Project - select Project if there are multiple options (e.g. my-cloud-project)
Region - select Region if there are multiple options (e.g. RegionOne
Public Network - choose network, if available (e.g. public2)
Optional:
Specify Availability Zone - check if you want to specify (e.g. pod04)
Volume Types - check and choose type of volume (e.g. ssd)
Enable Import Network - check if you want to enable
If you choose to import network, DNS in profile created in Access Profiles will be IGNORED.
If the Credentials are invalid, you are notified and you won't be able to connect the cloud.
Amazon Web Services
Cloud Name - choose name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
Access Key ID, Secret Access Key - find your credentials in AWS account (under My Security Credentials)
Region - choose suitable region
Availability Zone - choose availability for the region
Azure
Before adding the Azure account, you have to create application registration with commands. (source)
1) If you haven't install Azure CLI, you can do it with
sudo apt install azure-cli -y2) Login
sudo apt-get install azure-cliYou will be redirected to azure web page where you choose your account.
CLI output:
[
{
"cloudName": "AzureCloud",
"id": "c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6",
"isDefault": true,
"name": "Bezplatná zkušební verze",
"state": "Enabled",
"tenantId": "32xxxxb3-xxx-46b3-xxxx-0exxxxc46d1",
"user": {
"name": "usermail@gmail.com",
"type": "user"
}
}
]AZURE SUBSCRIPTION ID = "id": "c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6"
AZURE TENANT ID = "tenantId": "32xxxxb3-xxx-46b3-xxxx-0exxxxc46d1"
3) Create Azure App
az ad app create --display-name kubernetes --identifier-uris http://kubernetes --homepage http://example.com --password CLIENT_SECRETCLIENT_SECRET - change to your secret (can be deleted later) (e.g. "Ue9)Qj^V~UYES3(C")
AZURE CLIENT SECRET = CLIENT_SECRET
CLI output
{
"acceptMappedClaims": null,
"addIns": [],
"allowGuestsSignIn": null,
"allowPassthroughUsers": null,
! "appId": "7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558", !
"appLogoUrl": null,
"appPermissions": null,
"appRoles": [],
"applicationTemplateId": null,
"availableToOtherTenants": false,
"deletionTimestamp": null,
"displayName": "kubernetes",
"errorUrl": null,
"groupMembershipClaims": null,
"homepage": "http://example.com",
"identifierUris": [
"http://kubernetes"
],
}
...
{
"adminConsentDescription": "Allow the application to access kubernetes on behalf of the signed-in user.",
"adminConsentDisplayName": "Access kubernetes",
"id": "59xxx87-xxxx-47b8-xxxx-1708xxxxefcd",
"isEnabled": true,
"type": "User",
"userConsentDescription": "Allow the application to access kubernetes on your behalf.",
"userConsentDisplayName": "Access kubernetes",
"value": "user_impersonation"
}
...
}CLIENT ID = "appId": "7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558"
4) Create service principal for the app
az ad sp create --id appIdappId is provided from previous command, in this case:
az ad sp create -id 7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558
CLI output:
{
"accountEnabled": true,
...
}
...
"objectId": "85xxxxcb-xxxx-4761-xxxx-63fxxxx515e",
"objectType": "ServicePrincipal",
"odata.metadata": "https://graph.windows.net/32xxxxb3-xxxx-46b3-xxxx-0e33xxxx46d1/$metadata#directoryObjects/@Element",
"odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
}
...5) Create the role assignment
az role assignment create --role "Owner" --assignee http://kubernetes --subscription SUBSCRIPTION_IDSUBSCRIPTION_ID - subscription id from login command, in this case:
az role assignment create --role "Owner" --assignee http://kubernetes --subscription c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6
CLI output:
{
"canDelegate": null,
"id": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6/providers/Microsoft.Authorization/roleAssignments/4fxxxx7f-xxxx-4ccf-xxxx-7287xxxxfa14",
"name": "4fxxxx7f-xxxx-4ccf-xxxx-7287xxxxfa14",
"principalId": "85xxxxcb-xxxx-4761-xxxx-63ffxxxx515e",
"principalType": "ServicePrincipal",
"roleDefinitionId": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6/providers/Microsoft.Authorization/roleDefinitions/8exxxx57-xxxx-443c-xxxx-2fe8xxxxb635",
"scope": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6",
"type": "Microsoft.Authorization/roleAssignments"
}Now you have all Azure Ids needed, but you can also find them in Azure portal.
Please be careful when inserting the credentials. If you add incorrect credentials, you will not be able to add flavor and then create cluster.
Cloud Name - choose name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
Location - choose suitable location
Availability Zone - choose zone for the location
Last updated
Was this helpful?