Add Microsoft Azure Cloud Provider

Updated 1 month ago by Chakravarthy Tenneti

This topic explains how to connect to the Microsoft Azure cloud where you will deploy your applications or virtual machine scale set (VMSS) using Harness.

You add Cloud Providers to your Harness Account and then reference them when defining deployment environments.

In this topic:

Before You Begin

Visual Summary

Here's an overview of the Microsoft Azure Cloud Provider settings.

Review: Permissions

This section assume you are familiar with Azure RBAC.

For security reasons, Harness uses an application object and service principal rather than a user identity. The process is described in How to: Use the portal to create an Azure AD application and service principal that can access resources from Azure.

Briefly, the process is:

  1. Register an application with Azure AD and create a service principal.
  2. Assign a role to the Azure application.
    You assign the role depending on the scope you want to use (Azure subscription or resource group). Typically, an Azure subscription is used.
    You use the scope to assign a role to the Azure application.
    The role you assign depends on which Azure resource Harness will use (ACR, AKS, etc). See the list below these steps.
    You will use the same scope on the resource Harness will use. For example, your ACR container registry will use the same Azure subscription that you used to assign a role to the Azure application.
  3. Get the application's tenant and app/client ID values for signing in.
  4. Create a new application secret.
  5. Use the tenant ID, app/client ID, and new application secret in the Harness Azure Cloud Provider.

Make sure the following permissions are assigned to the roles.

Azure Container Repository (ACR)

The Reader role must be assigned. This is the minimum requirement.

Azure Kubernetes Services (AKS)

There are two options for connecting Harness to your target AKS cluster:

  • Recommend: Install a Kubernetes Delegate in the target AKS cluster and use it for authentication in a Harness Kubernetes Cluster Cloud Provider. The Harness Kubernetes Cluster Cloud Provider is platform-agnostic.
    With this method, AKS permissions are not required at all. This is recommended.
  • As an alternative, use the Harness Azure Cloud Provider as described in this topic. The Owner role must be assigned.

Azure Virtual Machines for IIS and SSH Deployments

The Reader role must be assigned. This is the minimum requirement.

This role is only used by the Harness Delegate when it uses the Azure APIs to discover target VMs.

For IIS deployments, Harness uses a WinRM connection for credentials. See Add WinRM Connection Credentials.

For SSH deployments, Harness uses SSH keys for credentials. See Add SSH Keys.

Step 1: Add the Cloud Provider

To add a cloud provider to your Harness account, do the following:

  1. Click Setup, and then click Cloud Providers.
  2. Click Add Cloud Provider and select Microsoft Azure.

The Add Microsoft Azure Cloud Provider panel appears.

Step 2: Gather the Required Information

In Microsoft Azure, you can find the information you need in the App registration Overview page:

Step 3: Client ID

This is the Client/Application ID for the Azure app registration you are using. It is found in the Azure Active Directory App registrations. For more information, see Quickstart: Register an app with the Azure Active Directory v1.0 endpoint from Microsoft.

To access resources in your Azure subscription, you must assign the Azure App registration using this Client ID to a role in that subscription. Later, when you set up an Azure service infrastructure in a Harness environment, you will select a subscription.

If the Azure App registration using this Client ID is not assigned a role in a subscription, no subscriptions will be available.For more information, see Assign the application to a role and Use the portal to create an Azure AD application and service principal that can access resources from Microsoft.

Step 4: Tenant ID

The Tenant ID is the ID of the Azure Active Directory (AAD) in which you created your application. This is also called the Directory ID. For more information, see Get tenant ID and Use the portal to create an Azure AD application and service principal that can access resources from Azure.

Step 5: Select Encrypted Key

For secrets and other sensitive settings, select or create a new Harness Encrypted Text secret.

This is the authentication key for your application. This is found in Azure Active Directory, App Registrations. Click the App name. Click Certificates & secrets, and then click New client secret.

You cannot view existing secret values, but you can create a new key. For more information, see Create a new application secret from Azure.


How did we do?