Skip to content

Commit 6d952b6

Browse files
sethmanheimsethmanheim
committed
Fix numbering
1 parent f8b0028 commit 6d952b6

File tree

1 file changed

+32
-33
lines changed

1 file changed

+32
-33
lines changed

AKS-Arc/backup-workload-cluster.md

Lines changed: 32 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -147,42 +147,41 @@ The procedures in this section describe how to install Velero and use Azure Blob
147147
148148
If you want to enable the minimum resource provider actions, create a custom role, and assign that role to the service principal.
149149
150-
1. Create a file named **azure-role.json** with following contents. Substitute your own custom role name and subscription ID:
151-
152-
```json
153-
{
154-
"Name": <CUSTOM_ROLE_NAME>,
155-
"Id": null,
156-
"IsCustom": true,
157-
"Description": "Velero related permissions to perform backups, restores and deletions",
158-
"Actions": [
159-
"Microsoft.Compute/disks/read",
160-
"Microsoft.Compute/disks/write",
161-
"Microsoft.Compute/disks/endGetAccess/action",
162-
"Microsoft.Compute/disks/beginGetAccess/action",
163-
"Microsoft.Compute/snapshots/read",
164-
"Microsoft.Compute/snapshots/write",
165-
"Microsoft.Compute/snapshots/delete",
166-
"Microsoft.Storage/storageAccounts/listkeys/action",
167-
"Microsoft.Storage/storageAccounts/regeneratekey/action",
168-
"Microsoft.Storage/storageAccounts/read"
169-
],
170-
"NotActions": [],
171-
"AssignableScopes": [
172-
"<SUBSCRIPTION_ID>"
173-
]
174-
}
175-
```
176-
177-
1. Create the custom role and service principal:
150+
1. Create a file named **azure-role.json** with following contents. Substitute your own custom role name and subscription ID:
151+
152+
```json
153+
{
154+
"Name": <CUSTOM_ROLE_NAME>,
155+
"Id": null,
156+
"IsCustom": true,
157+
"Description": "Velero related permissions to perform backups, restores and deletions",
158+
"Actions": [
159+
"Microsoft.Compute/disks/read",
160+
"Microsoft.Compute/disks/write",
161+
"Microsoft.Compute/disks/endGetAccess/action",
162+
"Microsoft.Compute/disks/beginGetAccess/action",
163+
"Microsoft.Compute/snapshots/read",
164+
"Microsoft.Compute/snapshots/write",
165+
"Microsoft.Compute/snapshots/delete",
166+
"Microsoft.Storage/storageAccounts/listkeys/action",
167+
"Microsoft.Storage/storageAccounts/regeneratekey/action",
168+
"Microsoft.Storage/storageAccounts/read"
169+
],
170+
"NotActions": [],
171+
"AssignableScopes": [
172+
"<SUBSCRIPTION_ID>"
173+
]
174+
}
175+
```
178176
179-
```azurecli
180-
az role definition create --role-definition azure-role.json
177+
1. Create the custom role and service principal:
181178
182-
$AZURE_CLIENT_SECRET=(az ad sp create-for-rbac --name "velero" --role "<CUSTOM_ROLE>" --query 'password' -o tsv --scopes /subscriptions/$AZURE_SUBSCRIPTION_ID)
183-
```
179+
```azurecli
180+
az role definition create --role-definition azure-role.json
181+
$AZURE_CLIENT_SECRET=(az ad sp create-for-rbac --name "velero" --role "<CUSTOM_ROLE>" --query 'password' -o tsv --scopes /subscriptions/$AZURE_SUBSCRIPTION_ID)
182+
```
184183
185-
For more information about creating custom roles, see [Set permissions for Velero](https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure#specify-role).
184+
For more information about creating custom roles, see [Set permissions for Velero](https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure#specify-role).
186185
187186
1. Get the service principal name, and assign that name to the **AZURE_CLIENT_ID** variable:
188187

0 commit comments

Comments
 (0)