Creating an Azure Application
1.Activate a Subscription : Activate at least one subscription by navigating to https://portal.azure.com/#allservices in Azure Account and Select Subscriptions service. If no subscriptions are available, click on Add to add a new subscription.
Copy the Subscription ID. This ID will be used at the time of creating an AKS cluster via gopaddle.
2. Register Resource Providers : Click on the subscription created in step 1 and select Resource Provider. Select the following Resource Providers and register them.
3. Add a User : To add a new user, go to https://portal.azure.com/#allservices and filter & select Azure Active Directory. Under Manage option, select Users. Create a New User.
4. Create Custom Role : Add Owner role to the newly created user, by navigating to Subscriptions under https://portal.azure.com/#allservices. Select the subscription. Filter and select IAM. Under Access Control (IAM) Section, choose + Add to add a custom role.
In the role creation wizard, choose the JSON tab. Click Edit to edit the permissions list.
Download the ACL template
Replace <role-name> with the custom role name and <subscription-id> with the Azure subscription id.
Click on Review + create to create the custom role.
5. Access Control (IAM) Section, 'Add role assignments'. Select the custom role and assign it to the newly created user.
Note: The permssions for the custom role does not allow the newly created user to create or delete a Container registry. Either a root user or a different sub-user with sufficient permissions, can create the Container registry. The newly created sub-user can then push or pull the Docker images from this registry.
6. Add Application Administrator Role: Navigate to this users list from here https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade/MsGraphUsers. Select the user and choose the Assigned Roles. Add 'Application administrator' role to the user.
7. Add an Application : Login to the Azure portal as the new User. Go to https://portal.azure.com/#allservices and select Azure Active Directory. Under Manage option, select App Registrations. Click on New Registration and add a new Application.
Choose the account type as : Accounts in any organizational directory (Any Azure AD directory - Multitenant)
To create Azure Cluster from a managed gopaddle account, provide the redirect URL as https://portal.gopaddle.io/cloudaccounts . To create Azure Cluster from an on-premise gopaddle installation, provider the redirect URL as <http/https>://<gopaddlehomeIP/domain>/clouds.
8.Once the application is created, click on the Application to manage the application. Note down the Application (client) ID.
9. Add Client Secret : Under Manage option, select Certificates and Secrets. Create a New client secret. Note down the Value of the client secret. The Application (client) ID and the client secret Value generated in step 5 and 6 will be used to register a new Cloud Account Authenticator.