ContextQMD
Back to Meshery

Deploy Azure resources with Meshery

docs/static/v0.8/guides/tutorials/deploy-azure-resources-with-meshery/index.html

1.0.184.6 KB
Original Source

Deploy Azure resources with Meshery

Introduction

Meshery now supports managing Azure resources declaratively through Kubernetes by integrating with Azure Service Operator (ASO). With this capability, you can visually design, deploy, and manage a variety of Azure resources—such as Storage Accounts, Key Vaults, SQL Servers, and more—directly from Meshery’s UI. In this tutorial, you’ll install the ASO operator (without CRD pattern configurations, as Meshery will handle them), create a Service Principal and a Kubernetes secret with your Azure credentials, and use Meshery to provision Azure resources seamlessly into your subscription.

Prerequisites

Before you begin, ensure you have the following:

  1. Meshery Installed A self-hosted Meshery instance running on your Kubernetes cluster (in-cluster or out-of-cluster).
  2. Kubernetes Cluster A running Kubernetes cluster (v1.16+) with kubectl configured.
  3. Azure Subscription An active Azure subscription where Storage Accounts will be provisioned.
  4. Azure CLI Installed and authenticated (az login) in your local shell.
  5. cert-manager Installed in your Kubernetes cluster (required by Azure Service Operator).

Table of Contents

  1. Create Azure Service Principal

  2. Connect Meshery to Your Cluster

  3. Install Azure Service Operator (Operator Only)

  4. Deploy ASO Operator using Kanvas

  5. Start deploying azure resources in Kanvas

  6. Conclusion

1. Create Azure Service Principal

If you do not already have a Service Principal (SP) for Meshery, create one using the Azure CLI:

`az ad sp create-for-rbac -n azure-service-operator --role contributor --scopes /subscriptions/<AZURE_SUBSCRIPTION_ID>
`

This command outputs the following credentials:

  • appId: Application ID (Client ID)
  • displayName: Service Principal Name
  • name: Azure Service Principal URL
  • password: Client Secret
  • tenant: Tenant ID

To export them, manually enter:

`export AZURE_CLIENT_ID=<appId>
export AZURE_CLIENT_SECRET=<password>
export AZURE_TENANT_ID=<tenant>
export AZURE_SUBSCRIPTION_ID=<subscriptionId>
`

2. Connect Meshery to Your Cluster

If you haven’t already connected your cluster to Meshery, run:

`mesheryctl system start
`

Then open the Meshery UI (default: http://localhost:9081) and ensure your cluster appears under Lifecycle → Connections.

3. Install Azure Service Operator (Operator Only)

Prerequisite

Create a cert-manager that is necessary for deployment of Azure Service operator

`kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.14.1/cert-manager.yaml
`

3.1 Deploy ASO Operator

Apply the official ASO operator manifest (Meshery will manage CRDs):

`kubectl apply -f https://github.com/Azure/azure-service-operator/releases/download/v2.13.0/azureserviceoperator_v2.13.0.yaml
`

3.2 Create Azure Credentials Secret

Azure Service Operator requires a Kubernetes secret with your Azure identity:

`kubectl create secret generic azure-credentials --namespace azureserviceoperator-system --from-literal=AZURE_CLIENT_ID=$AZURE_CLIENT_ID --from-literal=AZURE_CLIENT_SECRET=$AZURE_CLIENT_SECRET --from-literal=AZURE_TENANT_ID=$AZURE_TENANT_ID --from-literal=AZURE_SUBSCRIPTION_ID=$AZURE_SUBSCRIPTION_ID
`

4. Deploy Azure Service Operator using Kanvas

  1. In the Meshery UI, navigate to Kanvas.
  2. Click Catalog , filter by Azure , and select the Azure Operator design.
  3. Click Clone to add it to your canvas.
  4. Update the secret aso-controller-settings in the design template. The details are also mentioned in the catalog
  5. Click Actions → Deploy.

5. Start deployment of Azure resources using Kanvas

  • Go to Kanvas and start by picking up Azure components and putting it to design area.
  • Click Actions → Deploy.
  • Azure Portal : Confirm the new Storage Account appears in your specified resource group.

6. Conclusion

You have successfully:

  • Created an Azure Service Principal for Meshery
  • Connected your Kubernetes cluster to Meshery
  • Installed the Azure Service Operator (Meshery managed CRDs)
  • Created a Kubernetes secret for Azure credentials
  • Designed and deployed Azure resources using Meshery’s Kanvas

If you want to learn more about Azure Service Operator, visit the official ASO documentation.