Create custom Azure Fabric cluster

When you start working with Azure Service Fabric you might be disappointed with customisation possibilities.

So even if you just want to add a few Internal Load balancers you have to customise ARM template.

When you working with ARM templates it might be good idea to split VNet and KeyVaults from computing resources.

To make provision easier you can use PowerShell scripts, like this one for certificates.

Full solution you can find in my GitHub – https://github.com/kagarlickij/azure-fabric-arm

Now let’s see how it can be implemented:

  1. Ensure that you don’t have any Fabric management certificates:
Get-ChildItem -Path 'C:\AzureCertificates\' -Force
Get-ChildItem -Path 'Cert:\LocalMachine\My\' -Force
Get-ChildItem -Path 'Cert:\CurrentUser\My\' -Force

2. Create public IP address (ensure that pip1 is present in .\pip\parameters.json):

.\create-resource.ps1 -subscriptionId '21e736fa-3b61-4681-ba13-db7a0e34c7dd' -resourceGroupName 'kag-sf-rg0' -resourceGroupLocation 'westeurope' -templateFilePath .\pip\template.json -parametersFilePath .\pip\parameters.json

3. Create Fabric Cluster and Server certificates using DnsName created on previous step:

.\create-FabricCert.ps1 -subscriptionId '21e736fa-3b61-4681-ba13-db7a0e34c7dd' -resourceGroupName 'kag-sf-rg1' -resourceGroupLocation 'westeurope' -DnsName 'kag-sf-pip1.westeurope.cloudapp.azure.com' -VaultName 'kag-sf-kw0' -CertificateName 'kag-sf-clusterCert0' -CertificatePassword 'Passw0rd'

.\create-FabricCert.ps1 -subscriptionId '21e736fa-3b61-4681-ba13-db7a0e34c7dd' -resourceGroupName 'kag-sf-rg1' -resourceGroupLocation 'westeurope' -DnsName 'kag-sf-pip1.westeurope.cloudapp.azure.com' -VaultName 'kag-sf-kw0' -CertificateName 'kag-sf-clientCert0' -CertificatePassword 'Passw0rd'

4. Create virtual network:

.\create-resource.ps1 -subscriptionId '21e736fa-3b61-4681-ba13-db7a0e34c7dd' -resourceGroupName 'kag-sf-rg2' -resourceGroupLocation 'westeurope' -templateFilePath .\vnet\template.json -parametersFilePath .\vnet\parameters.json

5. Add clientCertificateThumbprint, clusterCertificateThumbprint, certificateVaultValue and clusterCertificateUrlValue (stored in C:\AzureCertificates\) to .\fabric\parameters.json :

6. Create Fabric cluster:

.\create-resource.ps1 -subscriptionId '21e736fa-3b61-4681-ba13-db7a0e34c7dd' -resourceGroupName 'kag-sf-rg3' -resourceGroupLocation 'westeurope' -templateFilePath .\fabric\template.json -parametersFilePath .\fabric\parameters.json

7. Check cluster certificates:

8. Deploy jumpbox in VNet created earlier using portal:

9. Install certificates on jumpbox to ‘Cert:\CurrentUser\My\’:

10. Check RDP to VMSS nodes from jumpbox:

I hope this info will be useful for you, and if you need any help feel free to use contact from on the main page.