Set up Stateful Node Commitments

Cloud service provider relevance: Azure Kubernetes

Before you can turn on commitments for your stateful node, you need to:

• Purchase Azure commitments (refer to Azure)
• Get your Azure credentials.
• Connect Commitments to Spot Products.

Once you have your Azure credentials, you can turn on commitments via either the Spot console or the Spot API.

Get the Azure Credentials Required to Connect Commitments to Spot Products

Follow the instructions below while referring to the Azure documentation:

App Registration

1. Log in to your Azure account.

2. Go to App Registration.

3. Create a new application registration.

4. Set the Redirect URI to https://spot.io

   note

   Spot requires this URI for authentication purposes.

5. Copy the following IDs (you will need them later to connect to Spot):

   • Application (client) ID.
   • Directory (tenant) ID.

Certificates & Secrets

1. In Azure, under the newly created application, click Certificates & secrets.
2. Create a new client secret and set the expiration to 24 months.
3. Copy the following details (you will need them later to connect to Spot):
   • Application secret expiration date.
   • Client secret value.

Connect Commitments to Spot Products

1. Obtain the credentials from your Azure app. Refer to Get your Azure credentials

2. Create or edit a stateful node. See Manage Stateful Nodes.

3. In the Strategy area, next to Utilize RIs/SPs, click Add permission.

   

Step 1: App Registrations

1. In Connect RIs/SPs to Spot wizard, step 1, create (register) a new Azure app or upgrade an existing one.

   Upgrade:

   

   New:

   

2. Copy the following credentials from your Azure app and paste them into the fields:

   • Application (client) ID.
   • Directory (tenant) ID.

3. Go to Step 2: Certificates and Secrets

Step 2: Certificates and Secrets

1. Copy the following credentials from your Azure app and paste them into the fields:

   • Application secret expiration date.
   • Client secret value.

2. Go to Step 3: Permissions assignment.

Step 3: Permissions Assignment

important

• The first time you use commitments; you must add at least one permission at the tenant level, so Spot can connect to Azure environments. These permissions give you access to all the resources under the same tenant. You need these permissions to turn on Stateful Node commitments.
• In addition, you must add the custom reader role. This subscription role permission grants controlled access to Azure resources within a subscription and enables custom read-only visibility while preventing unauthorized modifications.
• If this step is unsuccessful, check your Azure environment.

1. Select the custom reader role, and the permissions in accordance with those you purchased from Azure (by default, both RI and SP are selected).

2. Use the following Azure PowerShell script to assign the Reservation Reader / Savings Plan Reader roles at the tenant level:

   Import-Module Az.Accounts
   Import-Module Az.Resources
   
   Connect-AzAccount -Tenant {TENANT_ID}
   
   ## Assign Reservation Reader role
   New-AzRoleAssignment -Scope "/providers/Microsoft.Capacity" -ApplicationId {CLIENT_ID} -RoleDefinitionName "Reservations Reader"
   
   ## Assign Savings Plan Reader role (optional)
   New-AzRoleAssignment -Scope "/providers/Microsoft.BillingBenefits" -ApplicationId {CLIENT_ID} -RoleDefinitionName "Savings plan Reader"

3. Use the following Azure PowerShell script to assign the Custom Reader role:

   # Replace with your principal's object ID (user, group, or service principal)
   $principalId = "<YOUR-PRINCIPAL-ID>"
   
   # Replace with your custom role name (from your JSON)
   $roleName = "Custom Reader Role"
   
   # Path to your custom role definition JSON file
   $roleFile = "custom-role.json"
   
   # Create the custom role
   az role definition create --role-definition $roleFile
   
   # Assign the custom role to all subscriptions
   $subscriptions = az account list --query "[].id" -o tsv
   foreach ($sub in $subscriptions) {
       Write-Host "Assigning role to subscription: $sub"
       az role assignment create `
           --assignee $principalId `
           --role $roleName `
           --scope "/subscriptions/$sub"
   }
   
   # For management groups, use the following:
   $managementGroups = az account management-group list --query "[].name" -o tsv
   foreach ($mg in $managementGroups) {
       Write-Host "Assigning '$roleName' to principal at MG: $mg"
       az role assignment create `
           --assignee $principalId `
           --role $roleName `
           --scope "/providers/Microsoft.Management/managementGroups/$mg"
   }

4. Click Test RIs/SPs to Spot Permissions to verify that your permissions have been successfully granted.

Turn on Utilize Commitments from the Spot Console

1. Go to the stateful node where you want to turn on the utilize RSs/SPs feature. See Manage Stateful Nodes.
2. In the Availability settings area, click Utilize RIs/SPs.

important

If the Add permissions link appears, and Utilize RIs/SPs is grayed, make sure you have completed the following tasks with no errors:

• Get your Azure credentials.
• Connect Commitments to Spot Products.

Turn on Utilize Commitments for Stateful Node in the Spot API

In the Spot API, the shouldUtilizeCommitments attribute controls utilization commitments.

When set to True (default), and there are free reserved instances / savings plans within the Azure account, Stateful Node will utilize them before launching spot instances. Make sure that the VM attached to the specific stateful node also has shouldUtilizeCommitments attribute enabled.

Under Spot API > Elastigroup > Elastigroup Azure Stateful >...

• Create Stateful Node or Update Stateful Node (under statefulNode > strategy)
• Get Stateful Node Status or Update Stateful Node Status