Documentation

Add Cloud Credentials

?Manager  ?Partner

If you are struggling with adding the Clouds, check our Where to find credentials guide.

You’ll find examples for every available Cloud below.

Openstack #

Requirements for Openstack #

🔥
Warning

A Taikun image must already exist in the Openstack Cloud. Requirement is an Ubuntu 20 image, we recommend using the most recent kernel (e.g. a base Ubuntu image with hwe kernel available here: https://repo.itera.io/repository/images/taikun-image.qcow2)

To use an image in Taikun you have to use the tags “taikun” and “ubuntu{number}”. By default Taikun takes an image with the latest {number}.

Command to add an image to Openstack:

openstack image create –disk-format qcow2 –container-format bare –public –tag taikun –tag ubuntu20.04 –property hw_disk_bus=scsi –property hw_scsi_model=virtio-scsi taikun-focal-image –file taikun-image.qcow2

Adding your Openstack Cloud credentials:

add cc openstack
  1. Switch to Cloud credentials in Taikun 

  2. Hit Add Cloud Credentials in the top-right corner

  3. Specify the following parameters in the Openstack section:

    • Cloud Name – choose name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
    • User – your user name to OpenStack (e.g. user)
    • Password – your password to OpenStack (e.g. 123abc)
    • URL – Endpoint-Identity (e.g. https://cloud.mycloud.com:32132)
    • Domain – insert domain name (e.g. default)
    • Project – select Project if there are multiple options (e.g. my-cloud-project)
    • Region – select Region if there are multiple options (e.g. RegionOne)
    • Public Network – choose network, if available (e.g. public2)

    • Optional:
      • Specify Availability Zone
      • Volume Types 
      • Enable Import Network

🔥
Warning

If you choose to import your network, DNS created in Access Profiles will be ignored.

Enable Import Network
🔥
Warning

If entered Credentials are invalid, you will be notified that Cloud cannot be connected.

Adding your Amazon Web Services (AWS) Cloud credentials #

add cc aws
  1. Switch to Cloud credentials in Taikun 

  2. Hit Add Cloud Credentials in the top-right corner

  3. Specify the necessary parameters in the Amazon Web Services section:

    • Cloud Name – choose name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
    • Access Key ID, Secret Access Key – input your AWS credentials (My Security Credentials will help you finding it)
    • Region – choose suitable region
    • Availability Zone – choose availability for a region 

Azure #

Before adding the Azure account, you need to create an application registration with commands. (source)

ℹ️
Info

The provided instructions are specific to Linux. It might look different with another Operating System.

1) If you haven’t installed Azure CLI, you can do it with the following command:

sudo apt install azure-cli -y

2) Login

sudo apt-get install azure-cli

You will be redirected to an Azure page where you can choose your account:

Web login

CLI output will be similar to this: 

[
  {
    "cloudName": "AzureCloud",
    "id": "c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6",
    "isDefault": true,
    "name": "Bezplatná zkušební verze",
    "state": "Enabled",
    "tenantId": "32xxxxb3-xxx-46b3-xxxx-0exxxxc46d1",
    "user": {
      "name": "usermail@gmail.com",
      "type": "user"
    }
  }
]

You’ll need to fetch Azure Subscription ID (“id”) and Azure Tenant ID (“tenantID”) fields from the output. Here’s what we would use in our test instance:

"id": "c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6”

"tenantId": "32xxxxb3-xxx-46b3-xxxx-0exxxxc46d1"

3) Create a new Azure App with the following command: 

az ad app create --display-name kubernetes --identifier-uris http://kubernetes --homepage http://example.com --password CLIENT_SECRET

You’ll need to use your Client Secret in this command which can be deleted later (e.g. “Ue9)Qj^V\~UYES3(C”)

CLI output will look like this: 

{
  "acceptMappedClaims": null,
  "addIns": [],
  "allowGuestsSignIn": null,
  "allowPassthroughUsers": null,
! "appId": "7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558", !
  "appLogoUrl": null,
  "appPermissions": null,
  "appRoles": [],
  "applicationTemplateId": null,
  "availableToOtherTenants": false,
  "deletionTimestamp": null,
  "displayName": "kubernetes",
  "errorUrl": null,
  "groupMembershipClaims": null,
  "homepage": "http://example.com",
  "identifierUris": [
    "http://kubernetes"
  ],
  }
  ...
  {
    "adminConsentDescription": "Allow the application to access kubernetes on behalf of the signed-in user.",
    "adminConsentDisplayName": "Access kubernetes",
    "id": "59xxx87-xxxx-47b8-xxxx-1708xxxxefcd",
    "isEnabled": true,
    "type": "User",
    "userConsentDescription": "Allow the application to access kubernetes on your behalf.",
    "userConsentDisplayName": "Access kubernetes",
    "value": "user*impersonation"
  }
...
}

You’ll need to use the “appID” parameter from this output. In our example, it would be:


"appId": "7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558"

4) Create service principal for the app:

az ad sp create --id appId

Use “appId” from the previous step here: 

az ad sp create -id 7bxxxxc3-xxxx-4d74-xxxx-8c40xxxb558

CLI output example:

{
  "accountEnabled": true,
  ...
}
...
"objectId": "85xxxxcb-xxxx-4761-xxxx-63fxxxx515e",
  "objectType": "ServicePrincipal",
  "odata.metadata": "https://graph.windows.net/32xxxxb3-xxxx-46b3-xxxx-0e33xxxx46d1/$metadata#directoryObjects/@Element",
  "odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
}
...

5) Create a role assignment:

az role assignment create --role "Owner" --assignee http://kubernetes --subscription SUBSCRIPTION_ID

In this case, you will use the subscription ID from the step №2:

az role assignment create --role "Owner" --assignee http://kubernetes --subscription c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6

You’ll find the following CLI output:

{
  "canDelegate": null,
  "id": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6/providers/Microsoft.Authorization/roleAssignments/4fxxxx7f-xxxx-4ccf-xxxx-7287xxxxfa14",
  "name": "4fxxxx7f-xxxx-4ccf-xxxx-7287xxxxfa14",
  "principalId": "85xxxxcb-xxxx-4761-xxxx-63ffxxxx515e",
  "principalType": "ServicePrincipal",
  "roleDefinitionId": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6/providers/Microsoft.Authorization/roleDefinitions/8exxxx57-xxxx-443c-xxxx-2fe8xxxxb635",
  "scope": "/subscriptions/c0xxxxa5-xxx-4ecb-xxxx-f37bxxxx28d6",
  "type": "Microsoft.Authorization/roleAssignments"
}

Now you have all needed Azure IDs! You can also locate them in your Azure portal.

Please be careful when inserting the credentials. If you add incorrect credentials, you will not be able to add flavor and then create cluster.

You can switch to Taikun and add your Azure credentials now:

add cc azure 1
  1. Switch to Cloud credentials in Taikun
     
  2. Hit Add Cloud Credentials in the top-right corner
  3. Specify the necessary parameters in the Azure section:

  • Cloud Name – choose name for your Cloud Credentials (3-30 characters, e.g. cloud-test)
  • Azure Client ID
  • Azure Client Secret
  • Azure Tenant ID

Where to find credentials #

Openstack #

As you should know your username and password, the other data from Openstack will be added to Taikun automatically after filling the URL.

To find the URL:  

  1. Log into your Openstack account 
  2. Locate the Project – API Access section in the left-hand navigation panel
  3. Find the Identity row and copy its Service Endpoint 
openstack url

Amazon Web Services (AWS) #

  1. Log into your AWS account
  2. Click on your profile name in the top-right corner and access Security credentials section
aws 1
  1. Here you can create a new Access key along with a Secret key in the Access key ID and secret access section
    • Alternatively, you can use your previous combination (as long as you have your Secret key)
aws 2

Additional AWS documentation

Azure #

If you haven’t created your application via CLI, you can find the guidelines here.

Credentials for Azure are located in different tabs. Instructions on where to find them are posted below.

Please be careful when inserting the credentials. If you add incorrect credentials, you will not be able to add flavor and then create cluster.

Azure Client and Tenant Id
  • Azure Active Directory – App registrations – All Applications – application -> Application (client) ID (=Azure Client Id) and Directory (tenant) ID (Azure Tenant Id)
azure client tenant id 1
azure client tenant id 2
  • Azure Active Directory – App registrations – All Applications – application – Certificates & secrets – Client secrets -> Value (=Azure Secret Id)
azure client secret 1
azure client secret 2
azure client secret 3
azure client secret 4
🔥
Warning

Client Secret is shown only for the first time, we recommend to save it somewhere else.

Azure Subscription Id
ℹ️
Info

Subscription is chosen from drop-down selection, but you can find below where to find your Subscription ID.

  • Subscriptions -> Subscription ID (=Azure Subscription Id)
azure subscription 1
azure subscription 2

More information is provided in the Azure guideline

What are your feelings