To deploy nodes
For YugabyteDB Anywhere (YBA) to be able to deploy and manage YugabyteDB clusters, you need to provide YBA with privileges on your cloud infrastructure to create, delete, and modify VMs, mount and unmount disk volumes, and so on.
The more permissions that you can provide, the more YBA can automate.
Azure
Application and resource group
YugabyteDB Anywhere requires cloud permissions to create VMs. You grant YugabyteDB Anywhere access to manage Azure resources such as VMs by registering an application in the Azure portal so the Microsoft identity platform can provide authentication and authorization services for your application. Registering your application establishes a trust relationship between your application and the Microsoft identity platform.
In addition, your Azure application needs to have a resource group with the following permissions:
Network Contributor
Virtual Machine Contributor
You can optionally create a resource group for network resources if you want network interfaces to be created separately. The network resource group must have the Network Contributor permission.
For more information on registering applications, refer to Register an application with the Microsoft identity platform in the Microsoft Entra documentation.
For more information on roles, refer to Assign Azure roles using the Azure portal in the Microsoft Azure documentation.
Credentials
YugabyteDB Anywhere can authenticate with Azure using one of the following methods:
-
Add credentials, in the form of a client secret, to your registered application.
For information on creating client secrets, see Create a new client secret in the Microsoft Entra documentation.
-
Assign a managed identity to the Azure VM hosting YugabyteDB Anywhere. Azure will use the managed identity assigned to your instance to authenticate.
For information on assigning roles for managed identities, see Assign Azure roles using the Azure portal in the Microsoft Azure documentation.
Record the following information about your service account. You will need to provide this information later when creating an Azure provider configuration.
| Save for later | To configure |
|---|---|
| Service account details | Azure provider configuration |
| Client ID: | |
| Client Secret: (not required when using managed identity) |
|
| Resource Group: | |
| Subscription ID: | |
| (Optional) Network Resource Group: | |
| (Optional) Network Subscription ID: | |
| Tenant ID: |
Managing SSH keys for VMs
When creating VMs on the public cloud, YugabyteDB requires SSH keys to access the VM. You can manage the SSH keys for VMs in two ways:
- YBA managed keys. When YBA creates VMs, it will generate and manage the SSH key pair.
- Provide a custom key pair. Create your own custom SSH keys and upload the SSH keys when you create the provider.
If you will be using your own custom SSH keys, then ensure that you have them when installing YBA and creating your public cloud provider.
| Save for later | To configure |
|---|---|
| Custom SSH keys | Azure provider configuration |