Use case scenario:
This is useful in a scenario where you need to configure your own custom domain on the management endpoint of a SF cluster. With this, you’ll be able to make management operation using this custom domain with PowerShell, Service Fabric Explorer etc.
Pre-requisite/Recommendation:
It’s recommended to get a CA signed certificate for your custom domain and upload it to Azure KeyVault so that it can be associated with the SF cluster. You can use this common name-based certificate as cluster certificate instead of cert thumbprint approach to make the certificate roll-over process easier.
Please find more details here: https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-create-cluster-using-cert-cn
Steps:
"managementEndpoint": "https://xxxxxmicrosoft.in:19080"
Attaching my ARM template of Cluster resource only for reference, please don’t copy and paste as it is.
<ARM template>
{
"type": "Microsoft.ServiceFabric/clusters",
"apiVersion": "2018-02-01",
"name": "[parameters('clusterName')]",
"location": "[parameters('clusterLocation')]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName'))]"
],
"tags": {
"resourceType": "Service Fabric",
"clusterName": "[parameters('clusterName')]"
},
"properties": {
"addonFeatures": [
"DnsService"
],
"certificate": {
"thumbprint": "[parameters('certificateThumbprint')]",
"x509StoreName": "[parameters('certificateStoreValue')]"
},
"clientCertificateCommonNames": [],
"clientCertificateThumbprints": [],
"clusterState": "Default",
"diagnosticsStorageAccountConfig": {
"blobEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]",
"protectedAccountKeyName": "StorageAccountKey1",
"queueEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.queue]",
"storageAccountName": "[parameters('supportLogStorageAccountName')]",
"tableEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.table]"
},
"fabricSettings": [
{
"parameters": [
{
"name": "ClusterProtectionLevel",
"value": "[parameters('clusterProtectionLevel')]"
}
],
"name": "Security"
}
],
"managementEndpoint": "https://xxxxxmicrosoft.in:19080",
"nodeTypes": [
{
"name": "[parameters('vmNodeType0Name')]",
"applicationPorts": {
"endPort": "[parameters('nt0applicationEndPort')]",
"startPort": "[parameters('nt0applicationStartPort')]"
},
"clientConnectionEndpointPort": "[parameters('nt0fabricTcpGatewayPort')]",
"durabilityLevel": "Bronze",
"ephemeralPorts": {
"endPort": "[parameters('nt0ephemeralEndPort')]",
"startPort": "[parameters('nt0ephemeralStartPort')]"
},
"httpGatewayEndpointPort": "[parameters('nt0fabricHttpGatewayPort')]",
"isPrimary": true,
"reverseProxyEndpointPort": "[parameters('nt0reverseProxyEndpointPort')]",
"vmInstanceCount": "[parameters('nt0InstanceCount')]"
}
],
"provisioningState": "Default",
"reliabilityLevel": "Bronze",
"upgradeMode": "Automatic",
"vmImage": "Windows"
}
}
</ARM template>
After the SF cluster gets created and DNS mapping gets propagated successfully, you would be able to access the SF cluster using the custom domain management endpoint.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.