You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/openshift/howto-enable-nsg-flowlogs.md
+5-4Lines changed: 5 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,22 +18,23 @@ Flow logs allow you to analyze traffic for Network Security Groups in specific r
18
18
19
19
## Prerequisites
20
20
21
-
You must have an existing Azure Red Hat OpenShift cluster. Follow this guide to [create a private Azure Red Hat OpenShift cluster](howto-create-private-cluster-4x.md).
21
+
You must have an existing Azure Red Hat OpenShift cluster. Follow [this guide](tutorial-create-cluster.md) to create a private Azure Red Hat OpenShift cluster.
22
22
23
23
## Configure Azure Network Watcher
24
24
25
25
Make sure an Azure Network Watcher exists in the applicable region or use the one existing by convention. For example, for the eastus region:
See [Enable Azure Network Watcher](../network-watcher/enable-network-watcher-flow-log-settings.md)for more information.
29
30
30
31
## Create storage account
31
32
32
-
Create a storage account for storing the actual flow logs. It must be in the same region as where the flow logs are going to be created. It cannot be in the same resource group as the cluster's resources.
33
+
[Create a storage account](../storage/common/storage-account-create.md) (or use an existing storage account) for storing the actual flow logs. It must be in the same region as where the flow logs are going to be created. It cannot be in the same resource group as the cluster's resources.
33
34
34
35
## Configure service principal
35
36
36
-
The service principal used by the cluster needs the [proper permissions](../network-watcher/required-rbac-permissions.md) in order to create necessary resources for the flow logs and to access the storage account. The easiest way to achieve that is by assigning it the network administrator and storage account contributor role on subscription level. Alternatively, you can create a custom role containing the required actions from the page linked above and assign it to the service principal.
37
+
The service principal used by the cluster needs the [proper permissions](../network-watcher/required-rbac-permissions.md) in order to create the necessary resources for the flow logs, and to access the storage account. The easiest way to achieve that is by assigning it the network administrator and storage account contributor roles at the subscription level. Alternatively, you can create a custom role containing the required actions from the page linked above and assign it to the service principal.
37
38
38
39
To get the service principal ID, run the following command:
39
40
```
@@ -53,7 +54,7 @@ az role assignment create --role "17d1049b-9a84-46fb-8f53-869881c3d3ab" --assign
53
54
```
54
55
See [Azure built-in roles](../role-based-access-control/built-in-roles.md) for IDs of built-in roles.
55
56
56
-
Create a spec as in the following example, or update the existing spec to contain `spec.nsgFlowLogs` in case you are already using another preview feature:
57
+
Create a manifest as in the following example, or update the existing object to contain `spec.nsgFlowLogs` in case you are already using another preview feature:
0 commit comments