diff --git a/Makefile b/Makefile
index 72f3d391b7..7de0daf081 100644
--- a/Makefile
+++ b/Makefile
@@ -87,6 +87,8 @@ sync-vale: ## Install Vale plugins
check-writing: ## Run Vale lint checks
vale $(CHANGED_FILE)
+format: ## Apply Prettier formating to all files.
+ npm run format
##@ Clean Server Artifacts
diff --git a/docs/docs-content/clusters/public-cloud/azure/aks.md b/docs/docs-content/clusters/public-cloud/azure/aks.md
index 11866da969..7ed97edf12 100644
--- a/docs/docs-content/clusters/public-cloud/azure/aks.md
+++ b/docs/docs-content/clusters/public-cloud/azure/aks.md
@@ -60,6 +60,8 @@ Management Console. [Click here for more..](gateways.md)
:::
+{" "}
+
To create an Azure cloud account you need the following Azure account information:
@@ -105,7 +107,9 @@ client secret:
-The following steps need to be performed to provision a new cluster:
+The following steps need to be performed to provision a new cluster:
+
+
1. If you already have a profile to use, go to **Cluster** > **Add a New Cluster** > **Deploy New Cluster** and select
an Azure cloud. If you do not have a profile to use, review the
@@ -125,26 +129,35 @@ The following steps need to be performed to provision a new cluster:
6. Complete the **Cluster config** section with the information for each parameter listed below.
- | **Parameter** | **Description** |
- | ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
- | **Subscription** | Select the subscription which is to be used to access Azure Services. |
- | **Region** | Select a region in Azure in where the cluster should be deployed. |
- | **Resource Group** | Select the resource group in which the cluster should be deployed. |
- | **SSH Key** | The public SSH key for connecting to the nodes. Review Microsoft's [supported SSH](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys#supported-ssh-key-formats) formats. |
- | **Static Placement** | By default, Palette uses dynamic placement, wherein a new VPC with a public and private subnet is created to place cluster resources for every cluster. These resources are fully managed by Palette and deleted when the corresponding cluster is deleted.
Turn on the **Static Placement** option if it is desired to place resources into preexisting VPCs and subnets. If the user is making the selection of **Static Placement** of resources, the following placement information needs to be provided: |
- | | **Virtual Resource Group**: The logical container for grouping related Azure resources. |
- | | **Virtual Network**: Select the virtual network from dropdown menu. |
- | | **Control plane Subnet**: Select the control plane network from the dropdown menu. |
- | | **Worker Network**: Select the worker network from the dropdown. |
- | **Update worker pools in parallel** | Check the box to concurrently update the worker pools. |
-
-:::warning
-
-If the Palette [cloud account](azure-cloud.md) is created with **Disable Properties** and the cluster option **Static
-Placement** is enabled, the network information from your Azure account will not be imported to Palette. You can
-manually input the information for the **Control Plane Subnet** and the **Worker Network**.
+ | **Parameter** | **Description** |
+ | -------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+ | **Subscription** | Select the subscription which is to be used to access Azure Services. |
+ | **Region** | Select a region in Azure in where the cluster should be deployed. |
+ | **Resource Group** | Select the resource group in which the cluster should be deployed. |
+ | **SSH Key** | The public SSH key for connecting to the nodes. Review Microsoft's [supported SSH](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys#supported-ssh-key-formats) formats. |
+ | **Static Placement** | By default, Palette uses dynamic placement. This creates a new VNet for the cluster that contains two subnets in different Availability Zones (AZs). Palette places resources in these clusters, manages the resources, and deletes them when the corresponding cluster is deleted.
If you want to place resources into a pre-existing VNet, enable the **Static Placement** option, and fill out the input values listed in the [Static Placement](#static-placement-table) table below. |
-:::
+ #### Static Placement Settings
+
+ Each subnet allows you to specify the CIDR range and a security group.
+
+ | **Parameter** | **Description** |
+ | -------------------------- | ----------------------------------------------------------- |
+ | **Network Resource Group** | The logical container for grouping related Azure resources. |
+ | **Virtual Network** | Select the VNet. |
+ | **CIDR Block** | Select the IP address CIDR range. |
+ | **Security Group Name** | Select the security group name. |
+ | **Control Plane Subnet** | Select the control plane subnet. |
+ | **Worker Subnet** | Select the worker network. |
+
+ :::warning
+
+ If you enable the **Disable Properties** setting when
+ [registering an Azure cloud account](./azure-cloud.md#add-azure-cloud-account), Palette cannot create network
+ resources on your behalf. In this case, every time you deploy a cluster, you must manually specify their virtual
+ network subnets and security groups,
+
+ :::
7. Click **Next** to configure the node pools.
@@ -200,13 +213,14 @@ During cluster creation, you will default to a single pool.
## Create a System Node Pool
1. Each cluster requires at least one (1) system node pool. To define a pool as a system pool, check the box labeled
- **System Node Pool**.
+ **System Node Pool**.
+
:::info
-Identifying a Node Pool as a System Pool will deactivate taints, and the operating system options within the Cloud
-Configuration section, as you can not to taint or change their OS from Linux. See the
-[AKS Documentation](https://docs.microsoft.com/en-us/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools)
+Identifying a Node Pool as a System Pool will deactivate taints, and the operating system options within the cluster.
+You can not to taint or change the node OS from Linux. Refer to the
+[Azure AKS Documentation](https://docs.microsoft.com/en-us/azure/aks/use-system-pools?tabs=azure-cli#system-and-user-node-pools")
for more details on pool limitations.
:::
@@ -257,26 +271,18 @@ In all types of node pools, configure the following.
-:::info
-
-New worker pools may be added if you want to customize specific worker nodes to run specialized workloads. As an
+:::info New worker pools may be added if you want to customize specific worker nodes to run specialized workloads. As an
example, the default worker pool may be configured with the Standard_D2_v2 instance types for general-purpose
workloads, and another worker pool with the instance type Standard_NC12s_v3 can be configured to run GPU
-workloads.
-
-:::
+workloads. :::
- Provide the disk type via the **Managed Disk** dropdown and the size in Gigabytes (GB) in the **Disk size** field.
-:::info
-
-A minimum allocation of two (2) CPU cores is required across all worker nodes.
-
-A minimum allocation of 4Gi of memory is required across all worker nodes.
+:::info A minimum allocation of two (2) CPU cores is required across all worker nodes.
-:::
+A minimum allocation of 4Gi of memory is required across all worker nodes. :::
@@ -309,11 +315,8 @@ following are the steps to create the custom user _kubeconfig_ file:
-:::info
-
-The above step can also be completed using Spectro RBAC pack available under the Authentication section of Add-on Packs.
-
-:::
+:::info The above step can also be completed using Spectro RBAC pack available under the Authentication section of
+Add-on Packs. :::
diff --git a/docs/docs-content/clusters/public-cloud/azure/azure-cloud.md b/docs/docs-content/clusters/public-cloud/azure/azure-cloud.md
index 2af66dace3..5b7547fe12 100644
--- a/docs/docs-content/clusters/public-cloud/azure/azure-cloud.md
+++ b/docs/docs-content/clusters/public-cloud/azure/azure-cloud.md
@@ -17,10 +17,16 @@ authentication methods to register your cloud account.
- A [Palette](https://console.spectrocloud.com/), or VerteX account.
- An active [Azure cloud account](https://portal.azure.com/) with sufficient resource limits and permissions to
- provision compute, network, and security resources in the desired regions.
+ provision compute, network, and security resources in the desired regions. Refer to the
+ [Required Permissions](./required-permissions.md) section for more information.
- An [Azure App](https://learn.microsoft.com/en-us/azure/app-service/overview) with valid credentials.
+* An active [Azure cloud account](https://portal.azure.com/) with sufficient resource limits and permissions to
+ provision compute, network, and security resources in the desired regions.
+
+* An [Azure App](https://learn.microsoft.com/en-us/azure/app-service/overview) with valid credentials.
+
## Add Azure Cloud Account
Use the following steps to add an Azure or Azure Government account in Palette or Palette VerteX.
@@ -35,72 +41,22 @@ Use the following steps to add an Azure or Azure Government account in Palette o
5. Fill out the following information, and click **Confirm** to complete the registration.
-| **Basic Information** | **Description** |
-| --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Account Name** | A custom account name. |
-| **Tenant ID** | Unique tenant ID from Azure Management Portal. |
-| **Client ID** | Unique client ID from Azure Management Portal. |
-| **Client Secret** | Azure secret for authentication. Refer to Microsoft's reference guide for creating a [Client Secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-an-azure-active-directory-application). |
-| **Cloud** | Select **Azure Public Cloud** or **Azure US Government**. |
-| **Tenant Name** | An optional tenant name. |
-| **Disable Properties** | This option disables Palette importing Azure networking details. Disabling this option requires you to create a Microsoft Entra application and manually obtain account information. To learn more, refer to the [Disable Palette Network Calls to the Account](#disable-palette-network-calls-to-the-account) section below. |
-| **Connect Private Cloud Gateway** | If you will be launching Managed Kubernetes Service (AKS), use the **drop-down Menu** to select a [self-hosted PCG](gateways.md) that you created to link to the cloud account. |
+| **Basic Information** | **Description** |
+| --------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| **Account Name** | A custom account name. |
+| **Tenant ID** | Unique tenant ID from Azure Management Portal. |
+| **Client ID** | Unique client ID from Azure Management Portal. |
+| **Client Secret** | Azure secret for authentication. Refer to Microsoft's reference guide for creating a [Client Secret](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-an-azure-active-directory-application). |
+| **Cloud** | Select **Azure Public Cloud** or **Azure US Government**. |
+| **Tenant Name** | An optional tenant name. |
+| **Disable Properties** | This option prevents Palette and VerteX from creating Azure Virtual Networks (VNets) and other network resources on your behalf for static placement deployments. If you enable this option, all users must manually specify a pre-existing VNet, subnets, and security groups when creating clusters. |
+| **Connect Private Cloud Gateway** | If you will be launching Managed Kubernetes Service (AKS), use the **drop-down Menu** to select a [self-hosted PCG](gateways.md) that you created to link to the cloud account. |
6. After providing the required values, click the **Validate** button. If the client secret you provided is correct, a
_Credentials validated_ success message with a green check is displayed.
7. Click **Confirm** to complete the registration.
-#### Disable Palette Network Calls to Azure Account
-
-
- Expand to learn more about disabling properties.
-
-When you provide your cloud account information, Azure networking details are sent to Palette unless you disable network
-calls from Palette to the account. To disable network calls, select the **Disable Properties** option.
-
-Disabling network calls requires that you create a
-[Microsoft Entra](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#create-an-azure-active-directory-application)
-application, which can be used with Role-Based Access Control (RBAC). Follow the summary steps below to create a new
-Microsoft Entra application, assign roles, and create the client secret.
-
-:::tip
-
-Microsoft Entra replaces the Azure Active Directory (AAD) application. For more information, review the
-[Microsoft Entra](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#create-an-azure-active-directory-application)
-reference guide.
-
-:::
-
-1. Create a new Microsoft Entra application and note down your ClientID and TenantID. Refer to the
- [Create a Microsoft Entra application and service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#create-an-azure-active-directory-application)
- reference guide.
-
-2. Next, assign yourself the
- [User Access Administrator](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#user-access-administrator)
- role to allow you to manage user access to Azure resources. You need this role assignment to assign the role in
- step 3. For guidance, refer to
- [Assign a Role to the Application](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#assign-a-role-to-the-application).
-
-3. With User Access Administrator privilege, you can now assign yourself the minimum required
- [Contributor](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor) role,
- which grants full access to manage all resources.
-
-To learn about Azure roles, review
-[Azure Roles, Microsoft Entra Roles, and Administrator Roles](https://learn.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles).
-
-4. Create a client secret. Refer to
- [Create a Client Secret](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#option-3-create-a-new-client-secret)
- for guidance.
-
-:::warning
-
-Safely store your client secret, as it will not be available later as plain text.
-
-:::
-
-
-
## Validate
You can verify your account is added.
diff --git a/docs/docs-content/clusters/public-cloud/azure/azure.md b/docs/docs-content/clusters/public-cloud/azure/azure.md
index a745839550..93c0cf324d 100644
--- a/docs/docs-content/clusters/public-cloud/azure/azure.md
+++ b/docs/docs-content/clusters/public-cloud/azure/azure.md
@@ -21,16 +21,18 @@ Palette tutorial to get started.
To learn more about Palette and Azure cluster creation and its capabilities check out the following resources:
-- [Register and Manage Azure Cloud Account](azure-cloud.md)
+- [Azure Architecture](architecture.md)
-- [Create and Manage IaaS Azure Cluster](create-azure-cluster.md)
+- [Cluster Management Day Two Operations](../../cluster-management/cluster-management.md)
+
+- [Cluster Removal](../../cluster-management/remove-clusters.md)
- [Create and Manage Azure AKS Cluster](aks.md)
-- [Deleting an Azure Cluster](../../cluster-management/remove-clusters.md)
+- [Create and Manage IaaS Azure Cluster](create-azure-cluster.md)
-- [Cluster Management Day Two Operations](../../cluster-management/cluster-management.md)
+- [Deleting an Azure Cluster](../../cluster-management/remove-clusters.md)
-- [Azure Architecture](architecture.md)
+- [Register and Manage Azure Cloud Account](azure-cloud.md)
-- [Cluster Removal](../../cluster-management/remove-clusters.md)
+- [Required Permissions](required-permissions.md)
diff --git a/docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md b/docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md
index 55ff7b43cb..58208dd7a7 100644
--- a/docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md
+++ b/docs/docs-content/clusters/public-cloud/azure/create-azure-cluster.md
@@ -82,51 +82,52 @@ Use the following steps to deploy an Azure cluster.
[Configure OIDC Identity Provider](../../../integrations/kubernetes.md#configure-oidc-identity-provider) for more
information.
-:::warning
+ :::warning
-All the OIDC options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a
-Kubernetes role to users and groups, refer to
-[Create Role Bindings](../../cluster-management/cluster-rbac.md#create-role-bindings).
+ All the OIDC options require you to map a set of users or groups to a Kubernetes RBAC role. To learn how to map a
+ Kubernetes role to users and groups, refer to
+ [Create Role Bindings](../../cluster-management/cluster-rbac.md#create-role-bindings).
-:::
+ :::
9. Click **Next** to continue.
10. Provide the cluster configuration information listed in the following table. If you are utilizing your own VNet,
- ensure you also provide information listed in the Static Placement Settings table.
-
-If you have custom storage accounts or containers available, you can attach them to the cluster. To learn more about
-attaching custom storage to a cluster, check out [Azure storage](../azure/architecture.md#azure-storage).
-
-:::warning
-
-If the Azure account is registered with **Disable Properties** and **Static Placement** options enabled, then Palette
-will not import the network information from your Azure account. You can manually input the information for the
-**Control Plane Subnet** and the **Worker Network**, but be aware that **drop-down Menu** selections will be empty. To
-learn more about these settings and certain requirements to use them, refer to
-[Disable Properties](azure-cloud.md#disable-palette-network-calls-to-azure-account).
-
-:::
-
-| **Parameter** | **Description** |
-| --------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| **Subscription** | Use the **drop-down Menu** to select the subscription that will be used to access Azure services. |
-| **Region** | Use the **drop-down Menu** to choose the Azure region where you would like to provision the cluster. |
-| **Resource Group** | Select the name of the resource group that contains the Azure resources you will be accessing. |
-| **Storage Account** | Optionally, if you have a custom storage account available, you can use the **drop-down Menu** to select the storage account name. For information about use cases for custom storage, review [Azure Storage](../azure/architecture.md#azure-storage). |
-| **Storage Container** | Optionally, if you will be using a custom storage container, use the **drop-down Menu** to select it. For information about use cases for custom storage, review [Azure Storage](../azure/architecture.md#azure-storage). |
-| **SSH Key** | The public SSH key for connecting to the nodes. SSH key pairs must be pre-configured in your Azure environment. The key you select is inserted into the provisioned VMs. For more information, review Microsoft's [Supported SSH key formats](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys#supported-ssh-key-formats). |
-| **Static Placement** | By default, Palette uses dynamic placement. This creates a new VNet for the cluster that contains two subnets in different Availability Zones (AZs). Palette places resources in these clusters, manages the resources, and deletes them when the corresponding cluster is deleted.
If you want to place resources into pre-existing VNets, enable the **Static Placement** option, and fill out the input values listed in the [Static Placement](#static-placement-table) table below. |
-
- #### Static Placement Settings
-
- | **Parameter** | **Description** |
- |------------------------|------------------------------------------------------------|
- | **Network Resource Group** | The logical container for grouping related Azure resources. |
- | **Virtual Network** | Select the VNet. |
- | **CIDR Block** | Select the IP address CIDR range.|
- | **Control Plane Subnet** | Select the control plane subnet. |
- | **Worker Network** | Select the worker network. |
+ ensure you also provide information listed in the Static Placement Settings table. If you have custom storage
+ accounts or containers available, you can attach them to the cluster. To learn more about attaching custom storage
+ to a cluster, check out [Azure storage](../azure/architecture.md#azure-storage).
+
+ :::warning
+
+ If you enable the **Disable Properties** setting when
+ [registering an Azure cloud account](./azure-cloud.md#add-azure-cloud-account), Palette cannot create network
+ resources on your behalf. In this case, when creating clusters, you must manually specify their virtual network
+ subnets and security groups.
+
+ :::
+
+| **Parameter** | **Description** |
+| --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Subscription** | Use the **drop-down Menu** to select the subscription that will be used to access Azure services. |
+| **Region** | Use the **drop-down Menu** to choose the Azure region where you would like to provision the cluster. |
+| **Resource Group** | Select the name of the resource group that contains the Azure resources you will be accessing. |
+| **Storage Account** | Optionally, if you have a custom storage account available, you can use the **drop-down Menu** to select the storage account name. For information about use cases for custom storage, review [Azure Storage](../azure/architecture.md#azure-storage). |
+| **Storage Container** | Optionally, if you will be using a custom storage container, use the **drop-down Menu** to select it. For information about use cases for custom storage, review [Azure Storage](../azure/architecture.md#azure-storage). |
+| **SSH Key** | The public SSH key for connecting to the nodes. SSH key pairs must be pre-configured in your Azure environment. The key you select is inserted into the provisioned VMs. For more information, review Microsoft's [Supported SSH key formats](https://learn.microsoft.com/en-us/azure/virtual-machines/linux/mac-create-ssh-keys#supported-ssh-key-formats). |
+| **Static Placement** | By default, Palette uses dynamic placement. This creates a new VNet for clusters with two subnets in different Availability Zones (AZs). Palette places resources in these clusters, manages the resources, and deletes them when the corresponding cluster is deleted.
If you want to place resources into a pre-existing VNet, enable the **Static Placement** option, and fill out the input values listed in the [Static Placement](#static-placement-table) table below. |
+
+#### Static Placement Settings
+
+Each subnet allows you to specify the CIDR range and a security group.
+
+| **Parameter** | **Description** |
+| -------------------------- | ----------------------------------------------------------- |
+| **Network Resource Group** | The logical container for grouping related Azure resources. |
+| **Virtual Network** | Select the VNet. |
+| **CIDR Block** | Select the IP address CIDR range. |
+| **Security Group Name** | Select the security group name. |
+| **Control Plane Subnet** | Select the control plane subnet. |
+| **Worker Subnet** | Select the worker network. |
11. Click **Next** to continue.
@@ -145,25 +146,25 @@ configured for Graphics Processing Unit (GPU) workloads.
You can apply autoscale capability to dynamically increase resources during high loads and reduce them during low loads.
To learn more, refer to [Enable Autoscale for Azure IaaS Cluster](#enable-autoscale-for-azure-iaas-cluster).
- #### Master Pool Configuration Settings
+#### Master Pool Configuration Settings
- |**Parameter**| **Description**|
- |-------------|----------------|
- |**Node pool name** | A descriptive name for the node pool.|
- |**Number of nodes in the pool** | Specify the number of nodes in the master pool.|
- |**Allow worker capability** | Select this option to allow workloads to be provisioned on master nodes. |
- |**Additional Labels** | You can add optional labels to nodes in key-value format. To learn more, review [Apply Labels to Nodes](../../cluster-management/taints.md#labels). Example: `environment:production`. |
- |**Taints** | You can apply optional taint labels to a node pool during cluster creation or edit taint labels on an existing cluster. Review the [Node Pool](../../cluster-management/node-pool.md) management page and [Apply Taints to Nodes](../../cluster-management/taints.md#apply-taints-to-nodes) page to learn more. Toggle the **Taint** button to create a taint label. When tainting is enabled, you need to provide a custom key-value pair. Use the **drop-down Menu** to choose one of the following **Effect** options:
**NoSchedule** - Pods are not scheduled onto nodes with this taint.
**PreferNoSchedule** - Kubernetes attempts to avoid scheduling pods onto nodes with this taint, but scheduling is not prohibited.
**NoExecute** - Existing pods on nodes with this taint are evicted.|
+| **Parameter** | **Description** |
+| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
+| **Node pool name** | A descriptive name for the node pool. |
+| **Number of nodes in the pool** | Specify the number of nodes in the master pool. |
+| **Allow worker capability** | Select this option to allow workloads to be provisioned on master nodes. |
+| **Additional Labels** | You can add optional labels to nodes in key-value format. To learn more, review [Apply Labels to Nodes](../../cluster-management/taints.md#labels). Example: `environment:production`. |
+| **Taints** | You can apply optional taint labels to a node pool during cluster creation or edit taint labels on an existing cluster. Review the [Node Pool](../../cluster-management/node-pool.md) management page and [Apply Taints to Nodes](../../cluster-management/taints.md#apply-taints-to-nodes) page to learn more. Toggle the **Taint** button to create a taint label. When tainting is enabled, you need to provide a custom key-value pair. Use the **drop-down Menu** to choose one of the following **Effect** options:
**NoSchedule** - Pods are not scheduled onto nodes with this taint.
**PreferNoSchedule** - Kubernetes attempts to avoid scheduling pods onto nodes with this taint, but scheduling is not prohibited.
**NoExecute** - Existing pods on nodes with this taint are evicted. |
- #### Cloud Configuration Settings for Master Pool
+#### Cloud Configuration Settings for Master Pool
- |**Parameter**| **Description**|
- |-------------|----------------|
- |**Instance Type** | Select the instance type to use for all nodes in the node pool.|
- |**Managed disk** | Choose a storage option. For more information, refer to Microsoft's [Storage Account Overview](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview) reference. For information about Solid State Drive (SSD) disks, refer to [Standard SSD Disks for Azure Virtual Machine Workloads](https://azure.microsoft.com/en-us/blog/preview-standard-ssd-disks-for-azure-virtual-machine-workloads/) reference |
- |**Disk size** | You can choose disk size based on your requirements. The default size is 60. |
+| **Parameter** | **Description** |
+| ----------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| **Instance Type** | Select the instance type to use for all nodes in the node pool. |
+| **Managed disk** | Choose a storage option. For more information, refer to Microsoft's [Storage Account Overview](https://learn.microsoft.com/en-us/azure/storage/common/storage-account-overview) reference. For information about Solid State Drive (SSD) disks, refer to [Standard SSD Disks for Azure Virtual Machine Workloads](https://azure.microsoft.com/en-us/blog/preview-standard-ssd-disks-for-azure-virtual-machine-workloads/) reference |
+| **Disk size** | You can choose disk size based on your requirements. The default size is 60. |
- You can select **Remove** at right to remove the worker node if all you want is the control plane node.
+You can select **Remove** at right to remove the worker node if all you want is the control plane node.
#### Worker Pool Configuration Settings
diff --git a/docs/docs-content/clusters/public-cloud/azure/required-permissions.md b/docs/docs-content/clusters/public-cloud/azure/required-permissions.md
new file mode 100644
index 0000000000..8aa3ce06e4
--- /dev/null
+++ b/docs/docs-content/clusters/public-cloud/azure/required-permissions.md
@@ -0,0 +1,300 @@
+---
+sidebar_label: "Required Permissions"
+title: "Required Permissions"
+description: "Review the required permissions for deploying clusters on Azure"
+icon: ""
+hide_table_of_contents: false
+tags: ["public cloud", "azure", "permissions"]
+sidebar_position: 100
+---
+
+Palette requires a set of permissions to properly deploy and manage the lifecycle of clusters deployed to Azure. We
+recommend creating a
+[role assignment](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments) that has the
+service principal you want to use with Palette and the appropriate
+[scope level](https://learn.microsoft.com/en-us/azure/role-based-access-control/scope-overview). To ensure that Palette
+and VerteX can deploy and manage clusters on Azure in all use cases, use a subscription as the scope level for the role
+assignment.
+
+:::warning
+
+We recommend against assigning the built-in Azure
+[Contributor](https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor) role to the
+service principal you want to use in Palette because its permission scope exceeds our requirements. Instead, create a
+custom role to provide only those permissions that Palette requires.
+
+:::
+
+We support the following use cases:
+
+- [Dynamic Placement](#dynamic-placement) - Palette creates network resources required for your cluster.
+
+- [Static Placement](#static-placement) - Palette deploys clusters on the pre-existing network resources you specify.
+
+:::tip
+
+You can use the [Validator](https://github.com/spectrocloud-labs/validator) with the
+[Azure plugin](https://github.com/spectrocloud-labs/validator-plugin-azure) to verify you have setup the correct
+permissions. The Validator Azure plugin requires the following permissions:
+
+- Microsoft.Authorization/denyAssignments/read
+- Microsoft.Authorization/roleAssignments/read
+- Microsoft.Authorization/roleDefinitions/read
+
+You can use the Validator with the Palette CLI. Check out the Palette CLI
+[Validator](../../../palette-cli/commands/validator.md) command reference page for more information.
+
+:::
+
+## Dynamic Placement
+
+Dynamic placement is the default method for deploying Azure clusters through Palette. With dynamic placement, Palette
+dynamically creates the network resources required for your cluster.
+
+| Actions | Scope level |
+| ----------------------------------------------------------------- | ------------ |
+| Microsoft.Compute/disks/delete | Subscription |
+| Microsoft.Compute/disks/read | Subscription |
+| Microsoft.Compute/disks/write | Subscription |
+| Microsoft.Compute/galleries/images/read | Subscription |
+| Microsoft.Compute/galleries/images/versions/read | Subscription |
+| Microsoft.Compute/galleries/images/versions/write | Subscription |
+| Microsoft.Compute/galleries/images/write | Subscription |
+| Microsoft.Compute/galleries/read | Subscription |
+| Microsoft.Compute/galleries/write | Subscription |
+| Microsoft.Compute/images/read | Subscription |
+| Microsoft.Compute/images/write | Subscription |
+| Microsoft.Compute/virtualMachines/delete | Subscription |
+| Microsoft.Compute/virtualMachines/extensions/delete | Subscription |
+| Microsoft.Compute/virtualMachines/extensions/read | Subscription |
+| Microsoft.Compute/virtualMachines/extensions/write | Subscription |
+| Microsoft.Compute/virtualMachines/read | Subscription |
+| Microsoft.Compute/virtualMachines/write | Subscription |
+| Microsoft.Network/loadBalancers/backendAddressPools/join/action | Subscription |
+| Microsoft.Network/loadBalancers/delete | Subscription |
+| Microsoft.Network/loadBalancers/inboundNatRules/delete | Subscription |
+| Microsoft.Network/loadBalancers/inboundNatRules/join/action | Subscription |
+| Microsoft.Network/loadBalancers/inboundNatRules/read | Subscription |
+| Microsoft.Network/loadBalancers/inboundNatRules/write | Subscription |
+| Microsoft.Network/loadBalancers/read | Subscription |
+| Microsoft.Network/loadBalancers/write | Subscription |
+| Microsoft.Network/networkInterfaces/delete | Subscription |
+| Microsoft.Network/networkInterfaces/join/action | Subscription |
+| Microsoft.Network/networkInterfaces/read | Subscription |
+| Microsoft.Network/networkInterfaces/write | Subscription |
+| Microsoft.Network/networkSecurityGroups/read | Subscription |
+| Microsoft.Network/networkSecurityGroups/securityRules/delete | Subscription |
+| Microsoft.Network/networkSecurityGroups/securityRules/read | Subscription |
+| Microsoft.Network/networkSecurityGroups/securityRules/write | Subscription |
+| Microsoft.Network/privateDnsZones/A/delete | Subscription |
+| Microsoft.Network/privateDnsZones/A/read | Subscription |
+| Microsoft.Network/privateDnsZones/A/write | Subscription |
+| Microsoft.Network/privateDnsZones/delete | Subscription |
+| Microsoft.Network/privateDnsZones/read | Subscription |
+| Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete | Subscription |
+| Microsoft.Network/privateDnsZones/virtualNetworkLinks/read | Subscription |
+| Microsoft.Network/privateDnsZones/virtualNetworkLinks/write | Subscription |
+| Microsoft.Network/privateDnsZones/write | Subscription |
+| Microsoft.Network/publicIPAddresses/delete | Subscription |
+| Microsoft.Network/publicIPAddresses/join/action | Subscription |
+| Microsoft.Network/publicIPAddresses/read | Subscription |
+| Microsoft.Network/publicIPAddresses/write | Subscription |
+| Microsoft.Network/routeTables/delete | Subscription |
+| Microsoft.Network/routeTables/read | Subscription |
+| Microsoft.Network/routeTables/write | Subscription |
+| Microsoft.Network/virtualNetworks/delete | Subscription |
+| Microsoft.Network/virtualNetworks/join/action | Subscription |
+| Microsoft.Network/virtualNetworks/join/action | Subscription |
+| Microsoft.Network/virtualNetworks/joinLoadBalancer/action | Subscription |
+| Microsoft.Network/virtualNetworks/peer/action | Subscription |
+| Microsoft.Network/virtualNetworks/read | Subscription |
+| Microsoft.Network/virtualNetworks/subnets/delete | Subscription |
+| Microsoft.Network/virtualNetworks/subnets/join/action | Subscription |
+| Microsoft.Network/virtualNetworks/subnets/joinLoadBalancer/action | Subscription |
+| Microsoft.Network/virtualNetworks/subnets/read | Subscription |
+| Microsoft.Network/virtualNetworks/subnets/virtualMachines/read | Subscription |
+| Microsoft.Network/virtualNetworks/subnets/write | Subscription |
+| Microsoft.Network/virtualNetworks/virtualMachines/read | Subscription |
+| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/delete | Subscription |
+| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/read | Subscription |
+| Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write | Subscription |
+| Microsoft.Network/virtualNetworks/write | Subscription |
+| Microsoft.Resources/subscriptions/resourceGroups/read | Subscription |
+| Microsoft.Storage/storageAccounts/blobServices/containers/read | Subscription |
+| Microsoft.Storage/storageAccounts/blobServices/containers/write | Subscription |
+| Microsoft.Storage/storageAccounts/blobServices/listKeys/action | Subscription |
+| Microsoft.Storage/storageAccounts/read | Subscription |
+| Microsoft.Storage/storageAccounts/write | Subscription |
+
+## Static Placement
+
+Choose static placement when you want Palette to use pre-existing network resource groups, VNets, subnets, and security
+groups. Review the table below for the required actions and the different scope levels for each use case.
+
+
+
+
+
+ | Action | Scope Level|
+ |--------|------------|
+ | Microsoft.Compute/disks/delete | Resource Group |
+ | Microsoft.Compute/disks/read | Resource Group |
+ | Microsoft.Compute/disks/write | Resource Group |
+ | Microsoft.Compute/virtualMachines/delete | Resource Group |
+ | Microsoft.Compute/virtualMachines/extensions/delete | Resource Group |
+ | Microsoft.Compute/virtualMachines/extensions/read | Resource Group |
+ | Microsoft.Compute/virtualMachines/extensions/write | Resource Group |
+ | Microsoft.Compute/virtualMachines/read | Resource Group |
+ | Microsoft.Compute/virtualMachines/write | Resource Group |
+ | Microsoft.Network/loadBalancers/backendAddressPools/join/action | Resource Group |
+ | Microsoft.Network/loadBalancers/delete | Resource Group |
+ | Microsoft.Network/loadBalancers/inboundNatRules/delete | Resource Group |
+ | Microsoft.Network/loadBalancers/inboundNatRules/join/action | Resource Group |
+ | Microsoft.Network/loadBalancers/inboundNatRules/read | Resource Group |
+ | Microsoft.Network/loadBalancers/inboundNatRules/write | Resource Group |
+ | Microsoft.Network/loadBalancers/read | Resource Group |
+ | Microsoft.Network/loadBalancers/write | Resource Group |
+ | Microsoft.Network/networkInterfaces/delete | Resource Group |
+ | Microsoft.Network/networkInterfaces/join/action | Resource Group |
+ | Microsoft.Network/networkInterfaces/read | Resource Group |
+ | Microsoft.Network/networkInterfaces/write | Resource Group |
+ | Microsoft.Network/networkSecurityGroups/read | Resource Group |
+ | Microsoft.Network/networkSecurityGroups/securityRules/delete | Resource Group |
+ | Microsoft.Network/networkSecurityGroups/securityRules/read | Resource Group |
+ | Microsoft.Network/networkSecurityGroups/securityRules/write | Resource Group |
+ | Microsoft.Network/privateDnsZones/A/delete | Resource Group |
+ | Microsoft.Network/privateDnsZones/A/read | Resource Group |
+ | Microsoft.Network/privateDnsZones/A/write | Resource Group |
+ | Microsoft.Network/privateDnsZones/delete | Resource Group |
+ | Microsoft.Network/privateDnsZones/read | Resource Group |
+ | Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete | Resource Group |
+ | Microsoft.Network/privateDnsZones/virtualNetworkLinks/read | Resource Group |
+ | Microsoft.Network/privateDnsZones/virtualNetworkLinks/write | Resource Group |
+ | Microsoft.Network/privateDnsZones/write | Resource Group |
+ | Microsoft.Network/publicIPAddresses/delete | Resource Group |
+ | Microsoft.Network/publicIPAddresses/join/action | Resource Group |
+ | Microsoft.Network/publicIPAddresses/read | Resource Group |
+ | Microsoft.Network/publicIPAddresses/write | Resource Group |
+ | Microsoft.Network/routeTables/delete | Resource Group |
+ | Microsoft.Network/routeTables/read | Resource Group |
+ | Microsoft.Network/routeTables/write | Resource Group |
+ | Microsoft.Network/virtualNetworks/join/action | Resource Group |
+ | Microsoft.Resources/subscriptions/resourceGroups/read | Resource Group |
+ | Microsoft.Network/virtualNetworks/read | Virtual Network Level |
+ | Microsoft.Network/virtualNetworks/subnets/join/action | Subnet Level |
+ | Microsoft.Network/virtualNetworks/subnets/read | Subnet Level |
+ | Microsoft.Compute/galleries/images/read | Compute Gallery Level |
+ | Microsoft.Compute/galleries/images/versions/read| Compute Gallery Level |
+
+
+
+
+ | Action | Scope Level|
+ |--------|------------|
+ | Microsoft.Compute/disks/delete | Resource Group |
+ | Microsoft.Compute/disks/read | Resource Group |
+ | Microsoft.Compute/disks/write | Resource Group |
+ | Microsoft.Compute/virtualMachines/delete | Resource Group |
+ | Microsoft.Compute/virtualMachines/extensions/delete | Resource Group |
+ | Microsoft.Compute/virtualMachines/extensions/read | Resource Group |
+ | Microsoft.Compute/virtualMachines/extensions/write | Resource Group |
+ | Microsoft.Compute/virtualMachines/read | Resource Group |
+ | Microsoft.Compute/virtualMachines/write | Resource Group |
+ | Microsoft.Network/loadBalancers/backendAddressPools/join/action | Resource Group |
+ | Microsoft.Network/loadBalancers/delete | Resource Group |
+ | Microsoft.Network/loadBalancers/inboundNatRules/delete | Resource Group |
+ | Microsoft.Network/loadBalancers/inboundNatRules/join/action | Resource Group |
+ | Microsoft.Network/loadBalancers/inboundNatRules/read | Resource Group |
+ | Microsoft.Network/loadBalancers/inboundNatRules/write | Resource Group |
+ | Microsoft.Network/loadBalancers/read | Resource Group |
+ | Microsoft.Network/loadBalancers/write | Resource Group |
+ | Microsoft.Network/networkInterfaces/delete | Resource Group |
+ | Microsoft.Network/networkInterfaces/join/action | Resource Group |
+ | Microsoft.Network/networkInterfaces/read | Resource Group |
+ | Microsoft.Network/networkInterfaces/write | Resource Group |
+ | Microsoft.Network/networkSecurityGroups/read | Resource Group |
+ | Microsoft.Network/networkSecurityGroups/securityRules/delete | Resource Group |
+ | Microsoft.Network/networkSecurityGroups/securityRules/read | Resource Group |
+ | Microsoft.Network/networkSecurityGroups/securityRules/write | Resource Group |
+ | Microsoft.Network/privateDnsZones/A/delete | Resource Group |
+ | Microsoft.Network/privateDnsZones/A/read | Resource Group |
+ | Microsoft.Network/privateDnsZones/A/write | Resource Group |
+ | Microsoft.Network/privateDnsZones/delete | Resource Group |
+ | Microsoft.Network/privateDnsZones/read | Resource Group |
+ | Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete | Resource Group |
+ | Microsoft.Network/privateDnsZones/virtualNetworkLinks/read | Resource Group |
+ | Microsoft.Network/privateDnsZones/virtualNetworkLinks/write | Resource Group |
+ | Microsoft.Network/privateDnsZones/write | Resource Group |
+ | Microsoft.Network/publicIPAddresses/delete | Resource Group |
+ | Microsoft.Network/publicIPAddresses/join/action | Resource Group |
+ | Microsoft.Network/publicIPAddresses/read | Resource Group |
+ | Microsoft.Network/publicIPAddresses/write | Resource Group |
+ | Microsoft.Network/routeTables/delete | Resource Group |
+ | Microsoft.Network/routeTables/read | Resource Group |
+ | Microsoft.Network/routeTables/write | Resource Group |
+ | Microsoft.Network/virtualNetworks/join/action | Resource Group |
+ | Microsoft.Resources/subscriptions/resourceGroups/read | Resource Group |
+ | Microsoft.Network/virtualNetworks/read | Resource Group |
+ | Microsoft.Network/virtualNetworks/subnets/join/action | Resource Group|
+ | Microsoft.Network/virtualNetworks/subnets/read | Resource Group |
+ | Microsoft.Compute/galleries/images/read | Resource Group |
+ | Microsoft.Compute/galleries/images/versions/read| Resource Group |
+
+
+
+
+
+ | Action | Scope Level|
+ |--------|------------|
+ | Microsoft.Compute/disks/delete | Subscription |
+ | Microsoft.Compute/disks/read | Subscription |
+ | Microsoft.Compute/disks/write | Subscription |
+ | Microsoft.Compute/virtualMachines/delete | Subscription |
+ | Microsoft.Compute/virtualMachines/extensions/delete | Subscription |
+ | Microsoft.Compute/virtualMachines/extensions/read | Subscription |
+ | Microsoft.Compute/virtualMachines/extensions/write | Subscription |
+ | Microsoft.Compute/virtualMachines/read | Subscription |
+ | Microsoft.Compute/virtualMachines/write | Subscription |
+ | Microsoft.Network/loadBalancers/backendAddressPools/join/action | Subscription |
+ | Microsoft.Network/loadBalancers/delete | Subscription |
+ | Microsoft.Network/loadBalancers/inboundNatRules/delete | Subscription|
+ | Microsoft.Network/loadBalancers/inboundNatRules/join/action | Subscription |
+ | Microsoft.Network/loadBalancers/inboundNatRules/read | Subscription |
+ | Microsoft.Network/loadBalancers/inboundNatRules/write | Subscription |
+ | Microsoft.Network/loadBalancers/read | Subscription |
+ | Microsoft.Network/loadBalancers/write | Subscription |
+ | Microsoft.Network/networkInterfaces/delete | Subscription |
+ | Microsoft.Network/networkInterfaces/join/action | Subscription |
+ | Microsoft.Network/networkInterfaces/read | Subscription |
+ | Microsoft.Network/networkInterfaces/write | Subscription |
+ | Microsoft.Network/networkSecurityGroups/read | Subscription |
+ | Microsoft.Network/networkSecurityGroups/securityRules/delete | Subscription |
+ | Microsoft.Network/networkSecurityGroups/securityRules/read | Subscription |
+ | Microsoft.Network/networkSecurityGroups/securityRules/write | Subscription |
+ | Microsoft.Network/privateDnsZones/A/delete | Subscription |
+ | Microsoft.Network/privateDnsZones/A/read | Subscriptionp |
+ | Microsoft.Network/privateDnsZones/A/write | Subscription |
+ | Microsoft.Network/privateDnsZones/delete | Subscription |
+ | Microsoft.Network/privateDnsZones/read | Subscription |
+ | Microsoft.Network/privateDnsZones/virtualNetworkLinks/delete | Subscription |
+ | Microsoft.Network/privateDnsZones/virtualNetworkLinks/read | Subscription |
+ | Microsoft.Network/privateDnsZones/virtualNetworkLinks/write | Subscription |
+ | Microsoft.Network/privateDnsZones/write | Subscription |
+ | Microsoft.Network/publicIPAddresses/delete | Subscription |
+ | Microsoft.Network/publicIPAddresses/join/action | Subscription |
+ | Microsoft.Network/publicIPAddresses/read | Subscription |
+ | Microsoft.Network/publicIPAddresses/write | Subscription |
+ | Microsoft.Network/routeTables/delete | Subscription |
+ | Microsoft.Network/routeTables/read | Subscription |
+ | Microsoft.Network/routeTables/write | Subscription |
+ | Microsoft.Network/virtualNetworks/join/action | Subscription |
+ | Microsoft.Resources/subscriptions/resourceGroups/read | Subscription |
+ | Microsoft.Network/virtualNetworks/read | Subscription |
+ | Microsoft.Network/virtualNetworks/subnets/join/action | Subscription |
+ | Microsoft.Network/virtualNetworks/subnets/read | Subscription |
+ | Microsoft.Compute/galleries/images/read | Subscription |
+ | Microsoft.Compute/galleries/images/versions/read| Subscription |
+
+
+
+