This article is about enabling Service Fabric Cluster (SFC) in Azure for use with AAD (Azure Active Directory) authentication.
My Setup is as follows
I used VSTS (Visual Studio Team Services), where I built up a release, that cares for deployment of SFC. So to get everything working, you first need a Cluster Endpoint configuration, that allows VSTS to deploy an application into SFC.
To get this right, you can choose from two main possibilities: Certificate-Auth or AAD-Auth
If you like to choose Certificate Auth., than you should read this article here: Deploy Azure Service Fabric Application with VSTS (it’s written by Mike Kaufmann a friend of mine and a MVP for ALM/DevOps).
If you like to choose AAD-Auth, then this is, what you are looking for….
First you have to grab a Powershell-Script, that creates some App registration for you (you could do this by hand, but for being consistent the script is the better choice) [Create a Service Fabric cluster by using Azure Resource Manager (Microsoft Docs) – paragraph “Set up Azure Active Directory for client authentication”] or simply click this here Download Script, but read this article, to get everything, you should know here.
.\SetupApplications.ps1 -TenantId '<Guid>' -ClusterName 'ttservicescluster' -WebApplicationReplyUrl 'https://ttservicescluster.westus.cloudapp.azure.com:19080/Explorer/index.html'
This generates two App-regs:
ttservicescluster_Cluster and ttservicescluster_client.
Web Application Created: 86da6beb-b97e-4b60-8063-40e07cd75c85
Native Client Application Created: 9fd1ec7c-5155-42dd-a543-5839ba5d2f43
By the way, it is important, to grab the output of the script, because you need the GUIDs, to setup your cluster access with these J
Now, you have to assign user to the corresponding App
First go to AAD and look for the “Cluster” App registration.
Then, go to that app (Yes there is also another way, to go there…. By using “Enterprise Application”-Menu in AAD)
After opening the App, you can add users or groups (in my case, I added a user)
At least, you have to set the needed right/role, for accessing the SFC (Admin is the right choiceJ )
Having that done, we can concentrate on setting up Cluster Endpoint for Application deployment over VSTS
For doing this, you have to open VSTS Service Tab
… and click dropdown “New Service Endpoint” for creating a cluster endpoint
Fill out as below in the picture and click OK
Now, you are ready, to deploy apps to your cluster.
If this was helpfull, or lacks from Details, please let me know.