Add Cloud Credentials

?Manager  ?Partner

If you are struggling with adding the Clouds, check our Where to find credentials guide.

You’ll find examples for every available Cloud below.

Openstack #

Requirements for Openstack #

Adding your Openstack Cloud credentials:

1. Switch to Cloud credentials in Taikun 
   
   
2. Hit Add Cloud Credentials in the top-right corner
   
   
3. Specify the following parameters in the Openstack section:
   
   
   • Cloud Name – choose name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
   • User – your user name to OpenStack (e.g. user)
   • Password – your password to OpenStack (e.g. 123abc)
   • URL – Endpoint-Identity (e.g. https://cloud.mycloud.com:32132)
   • Domain – insert domain name (e.g. default)
   • Project – select Project if there are multiple options (e.g. my-cloud-project)
   • Region – select Region if there are multiple options (e.g. RegionOne)
   • Public Network – choose network, if available (e.g. public2)
     
     
   • Optional:
     • Specify Availability Zone
     • Volume Types 
     • Enable Import Network

Adding your Amazon Web Services (AWS) Cloud credentials #

1. Switch to Cloud credentials in Taikun 
   
   
2. Hit Add Cloud Credentials in the top-right corner
   
   
3. Specify the necessary parameters in the Amazon Web Services section:
   
   
   • Cloud Name – choose name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
   • Access Key ID, Secret Access Key – input your AWS credentials (My Security Credentials will help you finding it)
   • Region – choose suitable region
   • Availability Zone – choose availability for a region 

Azure #

Before adding the Azure account, you need to create an application registration with commands. (source)

1) If you haven’t installed Azure CLI, you can do it with the following command:

sudo apt install azure-cli -y

2) Login

sudo apt-get install azure-cli

You will be redirected to an Azure page where you can choose your account:

CLI output will be similar to this: 

[
  {
    "cloudName": "AzureCloud",
    "id": "c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6",
    "isDefault": true,
    "name": "Bezplatná zkušební verze",
    "state": "Enabled",
    "tenantId": "32xxxxb3-xxx-46b3-xxxx-0exxxxc46d1",
    "user": {
      "name": "usermail@gmail.com",
      "type": "user"
    }
  }
]

You’ll need to fetch Azure Subscription ID (“id”) and Azure Tenant ID (“tenantID”) fields from the output. Here’s what we would use in our test instance:

"id": "c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6”

"tenantId": "32xxxxb3-xxx-46b3-xxxx-0exxxxc46d1"

3) Create a new Azure App with the following command: 

az ad app create --display-name kubernetes --identifier-uris http://kubernetes --homepage http://example.com --password CLIENT_SECRET

You’ll need to use your Client Secret in this command which can be deleted later (e.g. “Ue9)Qj^V\~UYES3(C”)

CLI output will look like this: 

{
  "acceptMappedClaims": null,
  "addIns": [],
  "allowGuestsSignIn": null,
  "allowPassthroughUsers": null,
! "appId": "7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558", !
  "appLogoUrl": null,
  "appPermissions": null,
  "appRoles": [],
  "applicationTemplateId": null,
  "availableToOtherTenants": false,
  "deletionTimestamp": null,
  "displayName": "kubernetes",
  "errorUrl": null,
  "groupMembershipClaims": null,
  "homepage": "http://example.com",
  "identifierUris": [
    "http://kubernetes"
  ],
  }
  ...
  {
    "adminConsentDescription": "Allow the application to access kubernetes on behalf of the signed-in user.",
    "adminConsentDisplayName": "Access kubernetes",
    "id": "59xxx87-xxxx-47b8-xxxx-1708xxxxefcd",
    "isEnabled": true,
    "type": "User",
    "userConsentDescription": "Allow the application to access kubernetes on your behalf.",
    "userConsentDisplayName": "Access kubernetes",
    "value": "user*impersonation"
  }
...
}

You’ll need to use the “appID” parameter from this output. In our example, it would be:

"appId": "7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558"

4) Create service principal for the app:

az ad sp create --id appId

Use “appId” from the previous step here: 

az ad sp create -id 7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558

CLI output example:

{
  "accountEnabled": true,
  ...
}
...
"objectId": "85xxxxcb-xxxx-4761-xxxx-63fxxxx515e",
  "objectType": "ServicePrincipal",
  "odata.metadata": "https://graph.windows.net/32xxxxb3-xxxx-46b3-xxxx-0e33xxxx46d1/$metadata#directoryObjects/@Element",
  "odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
}
...

5) Create a role assignment:

az role assignment create --role "Owner" --assignee http://kubernetes --subscription SUBSCRIPTION_ID

In this case, you will use the subscription ID from the step №2:

az role assignment create --role "Owner" --assignee http://kubernetes --subscription c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6

You’ll find the following CLI output:

{
  "canDelegate": null,
  "id": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6/providers/Microsoft.Authorization/roleAssignments/4fxxxx7f-xxxx-4ccf-xxxx-7287xxxxfa14",
  "name": "4fxxxx7f-xxxx-4ccf-xxxx-7287xxxxfa14",
  "principalId": "85xxxxcb-xxxx-4761-xxxx-63ffxxxx515e",
  "principalType": "ServicePrincipal",
  "roleDefinitionId": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6/providers/Microsoft.Authorization/roleDefinitions/8exxxx57-xxxx-443c-xxxx-2fe8xxxxb635",
  "scope": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6",
  "type": "Microsoft.Authorization/roleAssignments"
}

Now you have all needed Azure IDs! You can also locate them in your Azure portal.

Please be careful when inserting the credentials. If you add incorrect credentials, you will not be able to add flavor and then create cluster.

You can switch to Taikun and add your Azure credentials now:

1. Switch to Cloud credentials in Taikun
    
2. Hit Add Cloud Credentials in the top-right corner
   
3. Specify the necessary parameters in the Azure section:
   
   

• Cloud Name – choose name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
• Azure Client ID
• Azure Client Secret
• Azure Tenant ID

---

Where to find credentials #

Openstack #

As you should know your username and password, the other data from Openstack will be added to Taikun automatically after filling the URL.

To find the URL:  

1. Log into your Openstack account 
2. Locate the Project – API Access section in the left-hand navigation panel
3. Find the Identity row and copy its Service Endpoint 

Amazon Web Services (AWS) #

1. Log into your AWS account
2. Click on your profile name in the top-right corner and access Security credentials section

3. Here you can create a new Access key along with a Secret key in the Access key ID and secret access section
   • Alternatively, you can use your previous combination (as long as you have your Secret key)

Additional AWS documentation

Azure #

If you haven’t created your application via CLI, you can find the guidelines here.

Credentials for Azure are located in different tabs. Instructions on where to find them are posted below.

Please be careful when inserting the credentials. If you add incorrect credentials, you will not be able to add flavor and then create cluster.

Azure Client and Tenant Id

• Azure Active Directory – App registrations – All Applications – application -> Application (client) ID (=Azure Client Id) and Directory (tenant) ID (Azure Tenant Id)

• Azure Active Directory – App registrations – All Applications – application – Certificates & secrets – Client secrets -> Value (=Azure Secret Id)

Azure Subscription Id

• Subscriptions -> Subscription ID (=Azure Subscription Id)

More information is provided in the Azure guideline