Version: 0.6

Microsoft Azure Shared Subscriptions

An Azure shared subscription in Kore is accessed by way of a service principal permissioned to the subscription you wish to use.

Add Service Principal to Azure#

Kore uses an Azure Active Directory Service Principal to access Azure. To create one, install the Azure CLI then run the following, ensuring you are within the subscription you wish Kore to manage, and replacing kore-subscription-manager with a name of your choosing:

az login
# Set "SubscriptionName" to the friendly name of the subscription
# you wish Kore to use:
az account set --subscription "SubscriptionName"
# Set "kore-subscription-manager" to the name of the service
# principal you wish to create:
az ad sp create-for-rbac -n "kore-subscription-manager"

This will output a client ID and client secret which you will need shortly, so keep note of them.

As Kore creates access rules when creating clusters and networks, it needs the Owner role on the subscription. To grant this:

OBJECT_ID=`az ad sp list --display-name "kore-subscription-manager" | jq -r '.[0].objectId'`
SUBSCRIPTION_ID=`az account show | jq -r '.id'`
az role assignment create --assignee-object-id ${OBJECT_ID} --role Owner --scope "/subscriptions/${SUBSCRIPTION_ID}"

Configuring Azure Subscription in Kore#

To configure using the UI, enter the Admin section and choose Configure > Cloud > Microsoft Azure > Shared Subscriptions then select + Add shared subscription (for team infrastructure).

To configure using the CLI, use kore create cloudcredentials to add the key for the service principal created above then kore create cloudaccount to add the Azure subscription.