Added info about sp-options

Signed-off-by: French Ben <frenchben@docker.com>
docker · Jan 18, 2017 · a89f4bf · a89f4bf · mdlinville · Jan 18, 2017
1 parent de10cf4
commit a89f4bf
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/docker-for-azure/index.md b/docker-for-azure/index.md
@@ -34,21 +34,26 @@ The number of workers you want in your swarm (1-100).
 ### Service Principal
 
 To set up Docker for Azure, a [Service Principal](https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-objects/) is required. Docker for Azure uses the principal to operate Azure APIs as you scale up and down or deploy apps on your swarm. Docker provides a containerized helper-script to help create the Service Principal:
-
-    docker run -ti docker4x/create-sp-azure sp-name
+```
+    docker run -ti docker4x/create-sp-azure sp-name rg-name rg-loc
     ...
     Your access credentials =============================
     AD App ID:       <app-id>
     AD App Secret:   <secret>
     AD Tenant ID:   <tenant-id>
+```
 
 If you have multiple Azure subscriptions, make sure you're creating the Service Principal with subscription ID that you shared with Docker when signing up for the beta.
 
-`sp-name` is the name of the authentication app that the script creates with Azure. The name is not important, simply choose something you'll recognize in the Azure portal.
+* `sp-name` is the name of the authentication app that the script creates with Azure. The name is not important, simply choose something you'll recognize in the Azure portal. Example: `sp1`.
+* `rg-name` is the name of the new resource group that will be created to deploy the resources (VMs, networks, storage accounts) associated with the swarm. The Service Principal will be scoped to this resource group. Example: `swarm1`.
+* `rg-loc` is the name of Azure's region/location where the resource group will be created. This needs to be one of the regions supported by Azure e.g. `westus`, `centralus`, `eastus`.
+
+While `rg-name` and `rg-loc` are optional, it's highly recommended that you create the resource group up front and scope the service principal to that specific resource group.
 
 If the script fails, it's typically because your Azure user account doesn't have sufficient privileges. Contact your Azure administrator.
 
-When setting up the ARM template, you will be prompted for the App ID (a UUID) and the app secret.
+When setting up the ARM template, you will be prompted for the App ID (a UUID) and the app secret. If you specified the resource group name and location parameters, please choose the option to deploy the template into an existing resource group and pass the same name and region/location that were passed above to create-sp-azure.
 
 ### SSH Key