Step 8. Create a service principal for the cluster
Create a service principal to perform cluster operations on an advanced cluster. You will use this service principal to populate the advanced configuration.
In Azure, complete the following tasks:
1Create a service principal.
2Create a cluster role.
3Add a role assignment to assign the cluster role to the service principal.
4Store the service principal credentials in a key vault.
5Add an access policy to the key vault.
Create a service principal
Create a service principal named cluster_principal.
For instructions about creating a service principal, refer to the Microsoft Azure documentation.
Create a cluster role
Create a cluster role to define the permissions for the service principal cluster_principal.
Create a custom role named cluster_role with the following role definition:
Required when you use managed identity authentication to connect to a source or target. The service principal uses this permission to assign managed identities to virtual machines in the virtual machine scale sets.
Add a role assignment
Add a role assignment to assign the custom role cluster_role to the service principal cluster_principal.
Store the credentials in a key vault
Create a new key vault and generate a secret to store the credentials for the service principal cluster_principal.
Add an access policy to the key vault
Add an access policy to the key vault that allows the managed identity agent_identity to access the credentials for the service principal cluster_principal.
1Add an access policy to the key vault.
2In the access policy, select the secret that you generated for the service principal cluster_principal.
3Grant the secret permission to the managed identity agent_identity.