Deploy application into Azure Service Fabric with VSTS and AAD

ALM Nov 30, 2017 #Active Directory, #ALM, #Azure, #Cluster, #configuration, #Deployment, #powershell, #Service Fabric, #VSTS
[Reading Time: 4 minutes]

This article is about enabling Service Fabric Cluster (SFC) in Azure for use with AAD (Azure Active Directory) authentication.

My Setup is as follows

I used VSTS (Visual Studio Team Services), where I built up a release, that cares for deployment of SFC. So to get everything working, you first need a Cluster Endpoint configuration, that allows VSTS to deploy an application into SFC.
To get this right, you can choose from two main possibilities: Certificate-Auth or AAD-Auth
If you like to choose Certificate Auth., than you should read this article here: Deploy Azure Service Fabric Application with VSTS (it’s written by Mike Kaufmann a friend of mine and a MVP for ALM/DevOps).

If you like to choose AAD-Auth, then this is, what you are looking for….

First you have to grab a Powershell-Script, that creates some App registration for you (you could do this by hand, but for being consistent the script is the better choice) [Create a Service Fabric cluster by using Azure Resource Manager (Microsoft Docs) – paragraph  “Set up Azure Active Directory for client authentication”] or simply click this here Download Script, but read this article, to get everything, you should know here. 

.\SetupApplications.ps1 -TenantId '<Guid>' -ClusterName 'ttservicescluster' -WebApplicationReplyUrl  'https://ttservicescluster.westus.cloudapp.azure.com:19080/Explorer/index.html'

This generates two App-regs:
ttservicescluster_Cluster and ttservicescluster_client.

Web Application Created: 86da6beb-b97e-4b60-8063-40e07cd75c85
Native Client Application Created: 9fd1ec7c-5155-42dd-a543-5839ba5d2f43

Name                           Value
----                           -----
TenantId                       <GUID>
WebAppId                       86da6beb-b97e-4b60-8063-40e07cd75c85
NativeClientAppId              9fd1ec7c-5155-42dd-a543-5839ba5d2f43
ServicePrincipalId             8276a89d-0d3b-4430-aa05-23cde21cd084

-----ARM template-----
"azureActiveDirectory": {
  "tenantId":"<GUID>",
  "clusterApplication":"86da6beb-b97e-4b60-8063-40e07cd75c85",
  "clientApplication":"9fd1ec7c-5155-42dd-a543-5839ba5d2f43"
},

 

By the way, it is important, to grab the output of the script, because you need the GUIDs, to setup your cluster access with these J

Now, you have to assign user to the corresponding App

First go to AAD and look for the “Cluster” App registration.

Then, go to that app (Yes there is also another way, to go there…. By using “Enterprise Application”-Menu in AAD)

After opening the App, you can add users or groups (in my case, I added a user)

At least, you have to set the needed right/role, for accessing the SFC (Admin is the right choiceJ )

Having that done, we can concentrate on setting up Cluster Endpoint for Application deployment over VSTS

For doing this, you have to open VSTS Service Tab

… and click dropdown “New Service Endpoint” for creating a cluster endpoint

Fill out as below in the picture and click OK

Now, you are ready, to deploy apps to your cluster.

If this was helpfull, or lacks from Details, please let me know.

By Thomas

As Chief Technology Officer at Xpirit Germany. I am responsible for driving productivity for our customers by a full stack of dev and technology in modern times. But I not only care for technologies from Microsofts stack like Azure, AI, and IoT, but also for delivering quality and expertise with DevOps

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.