IBM Cloud Private Public Portal

Welcome to the idea portal for IBM Cloud Private (i.e. product feature requests) - A more integrated and automated feedback system to connect your product improvement ideas with IBM product and engineering teams.  Happy submitting!

Install ICP on Azure Cloud with minimum security roles

An official PMR is raised to IBM TSC support and here is the reply from the L2. We would like to submit an enhancement for ICP deploy without requirement of contributor role on Azure cloud.


In the PMR, Dev team's conclusion on this.

Removing the following set of roles from the ServicePrincipal, it was not able to deploy ICP into the Azure resource group.


Explained by support, the terraform templates for Azure that IBM develop rely on the ServicePrincipal with sufficient roles because the kubelet is enabled for cloud provider integration. IBM require the cloud provider integration to support managing routes because the calico CNI IBM use can not manage the routes in Azure directly.

Informed by L2 support, there are some users who have ICP cluster running on ICP on Azure without the additional Azure as a Cloud Provider configuration, but it is a single all in one node to avoid network routes issue. However, it would not be good workaround option for the solution based on customer perspective.


  • George Cheng
  • Jun 13 2019
  • Needs review
Real Scenario + Problem Statement
Who would benefit from this IDEA? Customer is able to deploy WEX on ICP on Azure cloud to catch up the project schedule. Otherwise, further delay of the project completion.
Why is it useful?
Workload (Deprecated)
Market Evidence - # of customers in next 12 months
Avg Annual Contract Value Per Customer
Primary Persona
Secondary Persona (multi-select)
How should it work?
Competitive position
Geo Availability for this IDEA
Submitter Tags
Submitting Organization
Idea Priority Urgent
Geo - Use for OBDR Reporting only
Submitter Tags
Owning Segment
Strategic Fit
Market Evidence
Collaboration Contact
  • Attach files