on
03-Aug-2022
05:00
- edited on
06-Feb-2023
12:09
by
LiefZimmerman
Configuring a cloud account credential for F5 Distributed Cloud to use with Azure, while a straightforward process, requires some nuance to get just right. This article illustrates each step of the way.
Exit the app registration, and in the Azure Active Directory Overview, save the Tenant ID to enter later in the F5 Distributed Cloud Console.
In the search box, type “Subscriptions” and open the subscription that you want services provisioned in.
Enter the name of the app registration created in step 2 above, highlight the selection, then click “Select”.
The role assignment and member should appear. Now click “Review & assign”.
Open and navigate to the F5 Distributed Cloud Console, Cloud and Edge Sites > Site Management > Cloud Credentials, then click “Add Cloud Credentials”.
Enter the following details, and then click “Configure”.
Name: azure-cred
Cloud Credential Type: Azure Client Secret for Service Principal
Client ID: [copied in step 5]
Subscription ID: [copied in step 6]
Tenant ID: [copied in step 5]
Paste in the private key using type “Text”, with the key copied in step 4. Click “Blindfold”, and then click “Apply”.
Congrats! You've now configured a Cloud Credential for deploying services in Azure using the Distributed Cloud Service.
For the CLI savvy you can use AZ cli and grab the needed outputs too.
From the Azure Console Bash Cloud Shell, run the following command:
$ az ad sp create-for-rbac -n "http://[unique-name]-volterra-cc" --role contributor { "appId": "xxx-xxxx", "displayName": "[unique-name]-f5xc-cc", "name": "http://[unique-name]-f5xc-cc", "password": "[password]", "tenant": "yyy-yyy" }
Copy the JSON output (starting with "{" ending with "}") of this command and keep it safe. This credential enables read/write access to your Azure Subscription.
You will also need to retrieve your subscription ID. You can use the following command to list out the name, id, and whether it is your default subscription.
$ az account show --query [name,id,isDefault] [ "f5-AZR_xxxx", <-- name "xxx-xxx-xxx", <-- subscription id true <-- is this the default subscription ]
Very helpful, thanks for this Dave.
I got tripped up slightly by the "Subscription ID". This ID is not listed in the step 6 screen as described here. It's easy to obtain after step 7 (search for "subscriptions" and you'll see your "Subscription ID" listed there). This gets copied into your cloud credential.