Skip to content

Onboarding Your Cloud Provider

You can add your Public Cloud Providers here. To add your Kubernetes Clusters that is not EKS, AKS, or GKE. Head to Add Clusters.

AZURE (Microsoft)

How to get the Cloudoor form information?

 alt

Step 1

Create a "SERVICE PRINCIPAL" (app registration) and retrieve information such as : Client ID, Client secret, Tenant ID

  • Log into your Azure portal
  • enter "app registration" on the search bar

Click on "new registration".

 alt

Fill in the form: enter the name of your app registration and leave the other settings as default, then click on "Register" to create your app registration.

 alt

You will be redirected to a view like the one shown, note the following information:

  1. Application (client) ID
  2. Directory (tenant) ID

 alt

Create and retrieve the Client Secret

  1. Click on “ Certificate & secrets “
  2. Click on “ New client secret “
  3. Enter a description of your client secret
  4. Select expiration period

 alt

 alt

 alt

5- Retrieve the "client secret" (make a note of it, as it will no longer be visible after you exit this view)

 alt

At this level, we already have:

  1. Client ID = Application (client) ID
  2. Client secret
  3. Tenant ID = Directory (tenant) ID

Step 2

Assign the necessary permissions to our app registration and retrieve the subscription identifier ( Subscription ID )

enter “subscription“ on the search bar

 alt

Choose your subscription and copy the subscription ID

 alt

Copy subscription ID

 alt

At this point, we have all the information requested by cloudoor

  1. Client ID = Application (client) ID
  2. Client secret
  3. Tenant ID = Directory (tenant) ID
  4. Subscription ID

Assign permissions to the app registration previously created on the subscription

  1. Click on “ Access control (IAM) “
  2. Click on “Add”
  3. Click on “Add role assignment”

 alt

Assign the "contributor" role”

 alt

Select your app registration

 alt

 alt

 alt

Assign “ Role Based Access Control Administrator” role

 alt  alt  alt  alt  alt

Step 3

Retrieve resource group name

Enter "resources groups" on the search bar

 alt

Select your resource group

 alt

Copy the resource group name and its location

 alt

Step 4

Fill in the cloudoor onboarding form with the information retrieved above

 alt

🎉 You have successfully onboarded your Azure cloud provider 🎉

GCP ( Google Cloud Provider )

How to get the Cloudoor form information?

 alt

Step 1

Log in into your google portal and select your project

 alt

Step 2

Create a service account with the owner role on the project

  1. Click on the menu on the left
  2. Click on “ IAM and administration “
  3. Click on “ service accounts “ xxx  alt

  4. Click on “ create service account “  alt

  5. Write the service account name.  alt
  6. Assign permissions to your service account  alt
  7. Select “owner” role to your project.  alt  alt  alt

Step 3

Create and download a service account access key

  1. Click on service accounts.
  2. Select the service account created and click on the three-dot icon under "action".
  3. Select “ manage keys “.  alt
  4. Click on “ create key “  alt
  5. Select “ json”  alt
  6. After clicking on "Create", the private key will be downloaded to your computer.
  7. The key created will appear in the service account view  alt

Step 4

Find the location of the created private key

Find the location of the private key on your computer

  • Click on the download icon in your browser and click on "open in folder" In my case, the file is in the "Download" folder

 alt

Step 5

Fill in the cloudoor form.

alt

  1. Select the region where the infrastructure is or will be deployed
  2. Write your organization name
  3. Click on the "File" field and choose the private key we created above. My key is placed in my "Download" folder, just choose the key's location on your computer.
  4. Click "Add"

🎉You have successfully onboarded your GCP cloud provider🎉

AWS (Amazon Web Service)

How to get the information for this form ?

a form from cloudoor asking for your aws account creds

Step 1

Log on to the AWS portal and create a user with the necessary permissions

  1. On the service search bar, enter "IAM" and click on the service AWS service search bar showing IAM
  2. On the new view, click on "users" then on "create user" AWS portal showing users AWS portal create users
  3. Write the user name and click on "next" image showing the user form
  4. Assigning authorizations for accounts with no EKS clusters:

Click on “ Attach policies directly “

Enter “administratorAcces” on search bar.

Select “administratorAccess” policies

Click on “ Next “  alt Click on “ create user”  alt 5. Assigning permissions for accounts with EKS clusters already deployed:

Click on “ Attach policies directly “.

Enter “ EKS” on search bar.

Select “ AmazonEKSClusterPolicy “, “AmazonEKSServicePolicy”  alt

Click on “ next “

Click on “ create user”  alt

Step 2

Generate this user's access keys

  1. Click on the created user.

 alt 2. On the new view, click on "Security credentials" then scroll and click on "Create access key".  alt 3. Select “Application running outside AWS” then click "Next".  alt 4. Write a description (optional) 5. Click on “Create access key “  alt 6. Copy and save somewhere, the access key and secret key that will be used in the "aws cloud" form.  alt

Step 3

Create a Policy and grant your created user access to it.

  1. Head back to your IAM dashboard and choose "Policies". Click "Create Policy" on the top right corner. IAM Showing Policy
  2. In the "Policy Editor", click "JSON". Policy editor
  3. Paste this JSON code:
    {
                "Version": "2012-10-17",
                "Statement": 
                [
                    {
                        "Effect": "Allow",
                        "Action": [
                            "eks:*",
                            "ec2:*",
                            "elasticloadbalancing:*",
                            "kms:DescribeKey"
                      ],
                        "Resource": "*"
                  }
                ]
            }
    
  4. Click "Next"
  5. Write any name, like "EKSPersonalPolicy-Cloudoor", and click "Create Policy"
  6. Head on your IAM dashboard, find your created user, scroll down to "Permissions policies" and click "Add Permissions" on the right corner.

7. Under "Permission Options", Choose "Attach policies directly". 8. Find your just created policy, possibly named "EKSPersonalPolicy-Cloudoor". 9. Click "Next" then click "Add Permissions"

Step 4

Grant your created user access on the cluster.

  1. On the service search bar, enter "EKS" and click on the service search bar showing EKS
  2. Choose the correct region of your cluster, then click your cluster.
  3. Scroll down and click on "Access"
  4. On the "IAM access entries", click on "Create Access Entry"
  5. In "IAM principal ARN" search for our just created user and choose it.
  6. On "Type", choose "Standard" and give a username to the entry. Maybe something like cloudoor-user.
  7. Scroll down and click "Skip to review and create"
  8. Scroll down to Step 2 "Add access policies" and click "Edit"
  9. Search and add "AmazonEKSClusterAdminPolicy" and click "Next".
  10. Click "Create"

Step 5

Fill in the cloudoor form and add the AWS cluster on cloudoor

  1. Fill in the form  alt

Name: Put organization name Default Region: Select the region equivalent to the one on your AWS console in the right-hand corner  alt

Access Key: Paste the value of the user's "access key" copied above Secret Key: Paste the value of the user's "secret access key" copied above

 alt

  1. Come back on the dashboard, click on the cloud provider that you added and click "Select Provider"
  2. Select the cluster that you need to onboard and click on "Select my cluster"

Wait a few minutes to see it with the "Connected" status

🎉You have successfully onboarded your AWS cloud provider🎉