Deploy application into Azure Service Fabric with VSTS and AAD

Nov 30, 2017 ALM
[Reading Time: 4 minutes]

This article is about enabling Service Fabric Cluster (SFC) in Azure for use with AAD (Azure Active Directory) authentication.

My Setup is as follows

I used VSTS (Visual Studio Team Services), where I built up a release, that cares for deployment of SFC. So to get everything working, you first need a Cluster Endpoint configuration, that allows VSTS to deploy an application into SFC.
To get this right, you can choose from two main possibilities: Certificate-Auth or AAD-Auth
If you like to choose Certificate Auth., than you should read this article here: Deploy Azure Service Fabric Application with VSTS (it’s written by Mike Kaufmann a friend of mine and a MVP for ALM/DevOps).

If you like to choose AAD-Auth, then this is, what you are looking for….

First you have to grab a Powershell-Script, that creates some App registration for you (you could do this by hand, but for being consistent the script is the better choice) [Create a Service Fabric cluster by using Azure Resource Manager (Microsoft Docs) – paragraph  “Set up Azure Active Directory for client authentication”] or simply click this here Download Script, but read this article, to get everything, you should know here.

.\SetupApplications.ps1 -TenantId '<Guid>' -ClusterName 'ttservicescluster' -WebApplicationReplyUrl  'https://ttservicescluster.westus.cloudapp.azure.com:19080/Explorer/index.html'

This generates two App-regs:
ttservicescluster_Cluster and ttservicescluster_client.

Web Application Created: 86da6beb-b97e-4b60-8063-40e07cd75c85
Native Client Application Created: 9fd1ec7c-5155-42dd-a543-5839ba5d2f43

Name                           Value
----                           -----
TenantId                       <GUID>
WebAppId                       86da6beb-b97e-4b60-8063-40e07cd75c85
NativeClientAppId              9fd1ec7c-5155-42dd-a543-5839ba5d2f43
ServicePrincipalId             8276a89d-0d3b-4430-aa05-23cde21cd084

-----ARM template-----
"azureActiveDirectory": {
  "tenantId":"<GUID>",
  "clusterApplication":"86da6beb-b97e-4b60-8063-40e07cd75c85",
  "clientApplication":"9fd1ec7c-5155-42dd-a543-5839ba5d2f43"
},

 

By the way, it is important, to grab the output of the script, because you need the GUIDs, to setup your cluster access with these J

Now, you have to assign user to the corresponding App

First go to AAD and look for the “Cluster” App registration.

Then, go to that app (Yes there is also another way, to go there…. By using “Enterprise Application”-Menu in AAD)

After opening the App, you can add users or groups (in my case, I added a user)

At least, you have to set the needed right/role, for accessing the SFC (Admin is the right choiceJ )

Having that done, we can concentrate on setting up Cluster Endpoint for Application deployment over VSTS

For doing this, you have to open VSTS Service Tab

… and click dropdown “New Service Endpoint” for creating a cluster endpoint

Fill out as below in the picture and click OK

Now, you are ready, to deploy apps to your cluster.

If this was helpfull, or lacks from Details, please let me know.

By Thomas

I work as a director at CGI in Stuttgart. Responsible for the topic of innovation in the cloud and DevOps, I drive various topics like IoT, AI and Cloud with teams. The agile transformation of German IT companies or ministries plays a major role here, as does the modernization of applications using smart services. For almost two decades I have been supporting as IT architect, developer and coach. I am also very active in the community. As host of Azure Meetup Konstnaz & Region, as well as co-host of Azure Meetup Stuttgart and as co-admin of GitHub Meetup Stuttgart, I would like to share knowledge and experience with like-minded people.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.