Skip to main content
Version: 3.1

CloudUserRequirements

Create a custom role for Portworx

az role definition create --role-definition '{
"Name": "portworx-cloud-drive",
"Description": "",
"AssignableScopes": [
"/subscriptions/<your-subscription-id>"
],
"Actions": [
"Microsoft.ContainerService/managedClusters/agentPools/read",
"Microsoft.Compute/disks/delete",
"Microsoft.Compute/disks/write",
"Microsoft.Compute/disks/read",
"Microsoft.Compute/virtualMachines/write",
"Microsoft.Compute/virtualMachines/read",
"Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write",
"Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read"
],
"NotActions": [],
"DataActions": [],
"NotDataActions": []
}'

Create a Service Principal and secret in Azure AD

  1. Find the AKS cluster Infrastructure Resource Group:

    az aks show -n <aks-cluster-name> -g <aks-resource-group> | jq -r '.nodeResourceGroup'
  2. Create a service principal for Portworx with the custom role:

    az ad sp create-for-rbac --role=portworx-cloud-drive --scopes="/subscriptions/72c299a4-xxxx-xxxx-xxxx-6855109979d9/resourceGroups/<aks-infrastructure-resource-group>"
    {
    "appId": "1311e5f6-xxxx-xxxx-xxxx-ede45a6b2bde",
    "displayName": "azure-cli-2020-10-10-10-10-10",
    "name": "http://azure-cli-2020-10-10-10-10-10",
    "password": "ac49a307-xxxx-xxxx-xxxx-fa551e221170",
    "tenant": "ca9700ce-xxxx-xxxx-xxxx-09c48f71d0ce"
    }
  3. Create a secret called px-azure to give Portworx access to Azure APIs by updating the following fields with the associated fields from the service principal you created in the step above:

    kubectl create secret generic -n kube-system px-azure --from-literal=AZURE_TENANT_ID=<tenant> \
    --from-literal=AZURE_CLIENT_ID=<appId> \
    --from-literal=AZURE_CLIENT_SECRET=<password>
    secret/px-azure created

Now that you've created the secret, you're ready to create the spec and deploy Portworx. The spec generator automatically incorporates the secret that you created, and Portworx will fetch the secret to authenticate. Proceed to the next section to install Portworx.