diff --git a/docs/azure-config.md b/docs/azure-config.md index 04e9cdbe80..ba9d747afc 100644 --- a/docs/azure-config.md +++ b/docs/azure-config.md @@ -57,34 +57,36 @@ Create the blob container named `ark`. Feel free to use a different name, prefer az storage container create -n ark --public-access off --account-name $AZURE_STORAGE_ACCOUNT_ID ``` -## Create service principal +## Get resource group for persistent volume snapshots -To integrate Ark with Azure, you must create an Ark-specific [service principal][17]. +1. Set the name of the Resource Group that contains your Kubernetes cluster's virtual machines/disks. -1. Obtain your Azure Account Subscription ID and Tenant ID: + > **WARNING**: If you're using [AKS][22], `AZURE_RESOURCE_GROUP` must be set to the name of the auto-generated resource group that is created + when you provision your cluster in Azure, since this is the resource group that contains your cluster's virtual machines/disks. ```bash - AZURE_SUBSCRIPTION_ID=`az account list --query '[?isDefault].id' -o tsv` - AZURE_TENANT_ID=`az account list --query '[?isDefault].tenantId' -o tsv` + AZURE_RESOURCE_GROUP= ``` -1. Set the name of the Resource Group that contains your Kubernetes cluster. + If you are unsure of the Resource Group name, run the following command to get a list that you can select from. Then set the `AZURE_RESOURCE_GROUP` environment variable to the appropriate value. ```bash - # Make sure this is the name of the auto-generated resource group. See warning. - AZURE_RESOURCE_GROUP= + az group list --query '[].{ ResourceGroup: name, Location:location }' ``` - WARNING: `AZURE_RESOURCE_GROUP` must be set to the name of the auto-generated resource group that is created when you provision your cluster in Azure. Your cluster is provisioned in the resource group that you specified when you created the cluster. Your disks, however, are provisioned in the second resource group. + Get your cluster's Resource Group name from the `ResourceGroup` value in the response, and use it to set `$AZURE_RESOURCE_GROUP`. - If you are unsure of the Resource Group name, run the following command to get a list that you can select from. Then set the `AZURE_RESOURCE_GROUP` environment variable to the appropriate value. +## Create service principal + +To integrate Ark with Azure, you must create an Ark-specific [service principal][17]. + +1. Obtain your Azure Account Subscription ID and Tenant ID: ```bash - az group list --query '[].{ ResourceGroup: name, Location:location }' + AZURE_SUBSCRIPTION_ID=`az account list --query '[?isDefault].id' -o tsv` + AZURE_TENANT_ID=`az account list --query '[?isDefault].tenantId' -o tsv` ``` - Get your cluster's Resource Group name from the `ResourceGroup` value in the response, and use it to set `$AZURE_RESOURCE_GROUP`. - 1. Create a service principal with `Contributor` role. This will have subscription-wide access, so protect this credential. You can specify a password or let the `az ad sp create-for-rbac` command create one for you. > If you'll be using Ark to backup multiple clusters with multiple blob containers, it may be desirable to create a unique username per cluster rather than the default `heptio-ark`. @@ -163,4 +165,5 @@ In the root of your Ark directory, run: [18]: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli [19]: https://docs.microsoft.com/en-us/azure/architecture/best-practices/naming-conventions#storage [20]: faq.md -[21]: backupstoragelocation-definition.md#azure \ No newline at end of file +[21]: backupstoragelocation-definition.md#azure +[22]: https://azure.microsoft.com/en-us/services/kubernetes-service/