Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Creating a Credential in F5 Distributed Cloud for Azure

Dave_Potter
F5 Employee
F5 Employee

on ‎03-Aug-2022 05:00 - edited on ‎06-Feb-2023 12:09 by Community Manager

Configuring a cloud account credential for F5 Distributed Cloud to use with Azure, while a straightforward process, requires some nuance to get just right. This article illustrates each step of the way.

  1. Log in to the Azure portal at portal.azure.com. Navigate to All Services > Azure AD > App registrations, then click “New registration”.Picture-Azure_1.png

  2. Enter the app name and choose who can access the API. Single tenant access is recommended.
    Picture-Azure_2.png

  3. Now click “Certificates & secrets”, then “Client secrets (0)”, and then “New client secret”. Enter a name for the secret and choose the default expiration time of 6 months as a best practice. 
    Picture-Azure_3.png

  4. Copy the secret and save it to enter later in the F5 Distributed Cloud Console.
    Picture-Azure_4.png

     

  5. In the app registration overview “Essentials” section, copy the Application (client) ID and Directory (tenant) ID. You’ll need this information in the F5 Distributed Cloud Console further in this guide.
    Picture-Azure_5.png

  6. Exit the app registration, and in the Azure Active Directory Overview, save the Tenant ID to enter later in the F5 Distributed Cloud Console.
    Picture-Azure_6.png

  7. In the search box, type “Subscriptions” and open the subscription that you want services provisioned in.
    Picture-Azure_7.png

  8. Click “Access control (IAM)”, then “+ Add”, then “Add role assignment”.Picture-Azure_1 (1).png


  9. Select the built-in role “Contributor”, then click the tab “Members”.
    Picture-Azure_2 (1).png

  10. Enter the name of the app registration created in step 2 above, highlight the selection, then click “Select”.
    Picture-Azure_3 (1).png

  11. The role assignment and member should appear. Now click “Review & assign”.
    Picture-Azure_4 (1).png

  12. Open and navigate to the F5 Distributed Cloud Console, Cloud and Edge Sites >  Site Management > Cloud Credentials, then click “Add Cloud Credentials”.

  13. Enter the following details, and then click “Configure”.
    Name: azure-cred
    Cloud Credential Type: Azure Client Secret for Service Principal
    Client ID: [copied in step 5]
    Subscription ID: [copied in step 6]
    Tenant ID: [copied in step 5]
    Picture-Azure_5 (1).png

  14. Paste in the private key using type “Text”, with the key copied in step 4. Click “Blindfold”, and then click “Apply”.
    Picture-Azure_6 (1).png

     

    Picture-Azure_7 (1).png


    Click “Save and Exit
    Picture-Azure_8.png

 

Congrats! You've now configured a Cloud Credential for deploying services in Azure using the Distributed Cloud Service.

Labels:
Comments
Jeff_Giroux_F5
Legacy Employee
Legacy Employee
‎10-Aug-2022 06:43

For the CLI savvy you can use AZ cli and grab the needed outputs too. 

From the Azure Console Bash Cloud Shell, run the following command:

  $ az ad sp create-for-rbac -n "http://[unique-name]-volterra-cc" --role contributor
  {
    "appId": "xxx-xxxx",
    "displayName": "[unique-name]-f5xc-cc",
    "name": "http://[unique-name]-f5xc-cc",
    "password": "[password]",
    "tenant": "yyy-yyy"
  }

Copy the JSON output (starting with "{" ending with "}") of this command and keep it safe. This credential enables read/write access to your Azure Subscription.

You will also need to retrieve your subscription ID. You can use the following command to list out the name, id, and whether it is your default subscription.

  $ az account show  --query [name,id,isDefault]
  [
    "f5-AZR_xxxx", <-- name
    "xxx-xxx-xxx", <-- subscription id
    true           <-- is this the default subscription
  ]
Michael_Allen
F5 Employee
F5 Employee
‎16-Jun-2023 06:22

Very helpful, thanks for this Dave.

I got tripped up slightly by the "Subscription ID". This ID is not listed in the step 6 screen as described here. It's easy to obtain after step 7 (search for "subscriptions" and you'll see your "Subscription ID" listed there). This gets copied into your cloud credential.  

0 Kudos
Version history
Last update:
‎06-Feb-2023 12:09
Updated by:
Community Manager
Contributors
Copyright © 2023 Khoros, LLC