Configuring a cloud account credential for F5 Distributed Cloud to use with Azure, while a straightforward process, requires some nuance to get just right. This article illustrates each step of the way.
Log in to the Azure portal at portal.azure.com. Navigate to All Services > Azure AD > App registrations, then click “New registration”.
Enter the app name and choose who can access the API. Single tenant access is recommended.
Now click “Certificates & secrets”, then “Client secrets (0)”, and then “New client secret”. Enter a name for the secret and choose the default expiration time of 6 months as a best practice.
Copy the secret and save it to enter later in the F5 Distributed Cloud Console.
In the app registration overview “Essentials” section, copy the Application (client) ID and Directory (tenant) ID. You’ll need this information in the F5 Distributed Cloud Console further in this guide.
Exit the app registration, and in the Azure Active Directory Overview, save the Tenant ID to enter later in the F5 Distributed Cloud Console.
In the search box, type “Subscriptions” and open the subscription that you want services provisioned in.
Click “Access control (IAM)”, then “+ Add”, then “Add role assignment”.
Select the built-in role “Contributor”, then click the tab “Members”.
Enter the name of the app registration created in step 2 above, highlight the selection, then click “Select”.
The role assignment and member should appear. Now click “Review & assign”.
Open and navigate to the F5 Distributed Cloud Console, Cloud and Edge Sites > Site Management > Cloud Credentials, then click “Add Cloud Credentials”.
Enter the following details, and then click “Configure”. Name: azure-cred Cloud Credential Type: Azure Client Secret for Service Principal Client ID: [copied in step 5] Subscription ID: [copied in step 6] Tenant ID: [copied in step 5]
Paste in the private key using type “Text”, with the key copied in step 4. Click “Blindfold”, and then click “Apply”.
Click “Save and Exit”
Congrats! You've now configured a Cloud Credential for deploying services in Azure using the Distributed Cloud Service.