Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document autoscale for Azure IaaS and refactor the doc #1798

Closed
wants to merge 17 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 10 additions & 17 deletions docs/docs-content/clusters/cluster-management/remove-clusters.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@ tags: ["clusters", "cluster management"]

When you delete a cluster it results in the removal of all compute instances and associated resources created for the cluster. Use the following steps to delete a cluster.

### Prerequisites
## Prerequisites

* A host cluster.



## Removal
## Delete a Cluster

1. Log in to [Palette](https://console.spectrocloud.com) and ensure you are in the correct project scope.

Expand All @@ -40,48 +40,41 @@ The cluster status is updated to **Deleting** while cluster resources are remove

## Validate

To validate the host cluster is deleted, use the following steps.

1. Log in to [Palette](https://console.spectrocloud.com).


2. Navigate to the left **Main Menu** and click on **Cluster**.


4. Check the box labeled **Deleted only** to view all the clusters deleted in the last 72 hours.
3. Check the box labeled **Deleted only** to view all the clusters deleted in the last 72 hours.

The cluster you deleted is now listed along with other previously deleted clusters.



## Force Delete a Cluster

If a cluster is stuck in the **Deleting** state for a minimum of 15 minutes, it becomes eligible for force deletion. You can force delete a cluster from the tenant and project admin scope.

To force delete a cluster, follow the same steps outlined above. After 15 minutes, a **Force Delete Cluster** option is available in the **Settings drop-down Menu**. The drop-down menu will provide you with an estimated remaining time left before the force deletion becomes available.

<br />

If a cluster is stuck in the **Deleting** state for 15 minutes, it becomes eligible for force deletion. You can force delete a cluster from the tenant and project admin scope.

A force delete can result in Palette-provisioned resources being missed in the removal process. Verify there are no remaining resources. Use the following list to help you identify resources to remove.
To force delete a cluster, follow the steps to delete the cluster. After 15 minutes, a **Force Delete Cluster** option is available in the **Settings Menu**. The **drop-down Menu** will provide you with an estimated remaining time left before the force deletion becomes available.

<br />
A force delete can result in Palette-provisioned resources being missed in the removal process. Verify there are no remaining resources. Use one of the following lists for your environment to help you identify resources to remove.

:::caution

Failure in removing provisioned resources can result in unexpected costs.
Failure to remove provisioned resources can result in unexpected costs.

:::

<br />

**Azure**

- Virtual CPU (vCPU)
- Virtual Network (VNet)
- Static Public IPs
- Static Public IP addresses
- Virtual Network Interfaces
- Load Balancers
- VHD
- Virtual Hard Disk (VHD)
- Managed Disks
- Virtual Network Gateway

Expand Down
119 changes: 65 additions & 54 deletions docs/docs-content/clusters/public-cloud/azure/azure-cloud.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,135 +7,146 @@ tags: ["public cloud", "azure"]
sidebar_position: 10
---

Palette supports deploying and managing Kubernetes clusters in an Azure account. This section guides you on how to create a Kubernetes cluster in Azure that is managed by Palette.

Palette supports integration with Azure cloud accounts. This section explains how to create an Azure cloud account in Palette. You can use any of the following authentication methods to register your cloud account.

## Prerequisites

* A [Palette Account](https://console.spectrocloud.com/)
* A [Palette Account](https://console.spectrocloud.com/).

* An active [Azure cloud account](https://portal.azure.com/) with sufficient resource limits and permissions to provision compute, network, and security resources in the desired regions.

* An [Azure App](https://learn.microsoft.com/en-us/azure/app-service/overview) with valid credentials.

## Enable Azure Cloud Account Registration to Palette

To register an Azure cloud account in the Palette console
## Add Azure Cloud Account

1. Log in to [Palette](https://console.spectrocloud.com).
1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin.
ritawatson marked this conversation as resolved.
Show resolved Hide resolved

ritawatson marked this conversation as resolved.
Show resolved Hide resolved
2. From the left **Main Menu**, select **Tenant Settings**.

2. Navigate to the **Project Overview** drop-down and switch to the **Tenant Admin**.
3. Next, select **Cloud Accounts** in the **Tenant Settings Menu**.

4. Locate **Azure**, and click **+ Add Azure Account**.

3. Select **Tenant Settings** from the left **Main Menu**.
5. Fill out the following information, and click **Confirm** to complete the registration.

| **Basic Information** |**Description**|
|-------------------------|-----------|
|**Account Name**| A custom account name.|
|**Tenant ID**| Unique tenant ID from Azure Management Portal.|
|**Client ID**| Unique client ID from Azure Management Portal.|
|**Client Secret**| Azure secret for authentication. Refer to Microsoft's reference guide for creating a [Client Secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-an-azure-active-directory-application). After providing the client secret, click the **Validate** button. If the client secret you provided is correct, a *Credentials validated* success message with a green check is displayed. |
|**Tenant Name**| An optional tenant name.|
|**Disable Properties**| This option disables Palette importing Azure networking details. Disabling this option requires you to create a Microsoft Entra application and manually obtain account information. To learn more, refer to the [Disable Palette Network Calls to the Account](#disable-palette-network-calls-to-the-account) section below. |
ritawatson marked this conversation as resolved.
Show resolved Hide resolved
|**Connect Private Cloud Gateway**| If you will be launching Managed Kubernetes Service (AKS), use the **drop-down Menu** to select a [self-hosted PCG](gateways.md) that you created to link to the cloud account.|

4. From the Tenant Settings go to **Cloud Accounts** and click on **+ Add Azure Account**.

### Disable Palette Network Calls to Azure Account

5. The Azure cloud account wizard requires the following information:
When you provide your cloud account information, Azure networking details are sent to Palette unless you disable network calls from Palette to the account. To disable network calls, select the **Disable Properties** option.

| **Basic Information** |Description|
|-------------------------|-----------|
|Account Name| A custom account name|
|Client ID| Unique client Id from Azure console|
|Tenant ID| Unique tenant Id from Azure console|
|[Client Secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-an-azure-active-directory-application)| Azure secret for authentication|
|Tenant Name| An optional tenant name|
|[Disable Properties](/clusters/public-cloud/azure/azure-cloud#disableproperties)| To disable the import of Azure networking details.|
|Toggle **Connect Private Cloud Gateway**| An option to select the [Self-Hosted PCG](gateways.md) already created from the drop-down menu to link it to the cloud account. |
Disabling network calls requires that you create a [Microsoft Entra](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#create-an-azure-active-directory-application) application, which can be used with Role-Based Access Control (RBAC). Follow the summary steps below to create a new Microsoft Entra application, assign roles, and create the client secret.
ritawatson marked this conversation as resolved.
Show resolved Hide resolved
ritawatson marked this conversation as resolved.
Show resolved Hide resolved

:::info

For existing cloud accounts go to **Edit** and toggle the **Connect Private Cloud Gateway** option to select the created Gateway from the drop-down menu.
:::


6. Click on the **Confirm** button to complete the wizard.
Microsoft Entra replaces the Azure Active Directory (AAD) application. For more information, review the [Microsoft Entra](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#create-an-azure-active-directory-application) reference guide.
ritawatson marked this conversation as resolved.
Show resolved Hide resolved
ritawatson marked this conversation as resolved.
Show resolved Hide resolved

:::

### Disable Properties

When the above information is provided to the cloud account creation wizard, Azure networking details will be sent to Palette console, which you can disable. To disable network calls from the Palette console to the Azure account, you can click **Disable Properties**.
1. Create a new Microsoft Entra application and note down your ClientID and TenantID. Refer to the [Create a Microsoft Entra application and service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-an-azure-active-directory-application) reference guide.
ritawatson marked this conversation as resolved.
Show resolved Hide resolved
ritawatson marked this conversation as resolved.
Show resolved Hide resolved

For this, we first need to create an Azure Active Directory (AAD) Application which can be used with role-based access control. Follow the steps below to create a new AAD application, assign roles, and create the client secret:
2. Next, assign yourself the [User Access Administrator](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#user-access-administrator) role to allow you to manage user access to Azure resources. You need this role assignment to assign the role in step 3. For guidance, refer to [Assign a Role to the Application](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#assign-a-role-to-the-application).

3. With User Access Administrator privilege, you can now assign yourself the minimum required [Contributor](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor) role, which grants full access to manage all resources.

1. Follow the steps described [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-an-azure-active-directory-application) to create a new Azure Active Directory application. Note down your ClientID and TenantID.
To learn about Azure roles, review [Azure Roles, Microsoft Entra Roles, and Administrator Roles](https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles).
ritawatson marked this conversation as resolved.
Show resolved Hide resolved

4. Create a client secret. Refer to [Create a Client Secret](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#option-3-create-a-new-client-secret) for guidance.

2. On creating the application, a minimum required [ContributorRole](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor) needs to be assigned. To assign any kind of role, the user must have a minimum role of [UserAccessAdministrator](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#user-access-administrator). The role can be assigned by following the [Assign Role To Application](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#assign-a-role-to-the-application) link.
:::caution

Safely store your client secret, as it will not be available later as plain text.

3. Follow the steps described in the [Create an Application Secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-a-new-application-secret) section to create the client application secret. Store the Client Secret safely as it will not be available as plain text later.
:::

<br />

## Validate

To validate the Azure Cloud account creation in Palette console:
You can verify your account is added.

1. Log in to [Palette](https://console.spectrocloud.com).

2. From the left **Main Menu**, select **Tenant Settings**.

2. Navigate to the **Project Overview** drop-down and switch to the **Tenant Admin**.

3. Next, on the **Tenant Settings Menu**, select **Cloud Accounts**.

3. Select **Tenant Settings** from the left **Main Menu**.
4. The added cloud account is listed under **Azure** with all other available Azure cloud accounts.


4. From the Tenant Settings go to **Cloud Accounts**
## Manage Azure Accounts

Use the **three-dot Menu** in the row of the cloud account to edit Azure account information in Palette or remove the account from Palette.

5. Below the label **Azure**, the available Azure cloud accounts are listed.
<!-- You can edit Azure account information in Palette or remove the account from Palette using the **three-dot Menu** in the row of the cloud account by selecting **Edit** or **Delete**. -->

<br />
<!-- ### Edit an Azure Account

## Manage Azure Accounts
After an Azure cloud account has been registered with Palette, you can change the integration settings or remove the Azure account with **Edit and Delete** capabilities respectively.
Use the following steps to edit Azure account information in Palette.

### Edit an Azure Account
1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin.

To edit the Azure Cloud account created in Palette console:
2. From the left **Main Menu**, select **Tenant Settings**.

1. Log in to [Palette](https://console.spectrocloud.com).
3. Next, on the **Tenant Settings Menu**, select **Cloud Accounts**.

4. From the **three-dot Menu** in the row of the cloud account you want to edit, select **Edit**.

2. Navigate to the **Project Overview** drop-down and switch to the **Tenant Admin**.
5. Make the required changes and click **Confirm**.


3. Select **Tenant Settings** from the left **Main Menu**.
### Validate

1. Log in to [Palette](https://console.spectrocloud.com).

4. From the Tenant Settings go to **Cloud Accounts**
2. From the left **Main Menu**, select **Tenant Settings**.

3. Next, on the **Tenant Settings Menu**, select **Cloud Accounts**.

5. Towards the name of the cloud account you want to remove, click the **three-dots Menu** and select **Edit**.
4. Locate **Azure**, and click the **three-dot Menu** in the row of the cloud account you edited, and select **Edit**.

5. Review the changed information and make any other required changes.

6. Make the required changes and click on the **Confirm** button to complete the wizard.

<br />

### Remove an Azure Account

Use the following steps to delete an Azure cloud account from Palette,.
Use the following steps to delete an Azure cloud account from Palette.

1. Log in to [Palette](https://console.spectrocloud.com).

2. From the left **Main Menu**, select **Tenant Settings**.

3. Next, on the **Tenant Settings Menu**, select **Cloud Accounts**.

2. Navigate to the **Project Overview** drop-down and switch to the **Tenant Admin**.
4. Click the **three-dot Menu** in the row of the cloud account you want to delete and select **Delete**.

The added cloud account is listed under **Azure** with all other available Azure cloud accounts.


### Validate

1. Log in to [Palette](https://console.spectrocloud.com).

3. Select **Tenant Settings** from the left **Main Menu**.
2. From the left **Main Menu**, select **Tenant Settings**.

3. Next, on the **Tenant Settings Menu**, select **Cloud Accounts**.

4. From the Tenant Settings go to **Cloud Accounts**
4. Locate **Azure** and verify the account is no longer listed. -->


5. Towards the name of the cloud account you want to remove, click the **three-dots Menu** and select **Edit**.


6. Towards the name of the cloud account you want to remove, click the **three-dots Menu** and select **Delete**.


Loading
Loading