Recommended way to create a cluster is via ARM scripts. Cluster can also be created using Azure portal, but many advance features are only available in ARM
Following are pre-requisites before your start provisioning your cluster.
- Plan for cluster nodes + capacity + OS
- Plan for placement constraints and node types
- Securing cluster
- Create Azure AD applications – To secure access to cluster it is recommended to use AAD authentication. Create Cluster and client AAD applications. Cluster application will have 2 roles, Admin & ReadOnly to cluster application.
- Create cluster management SGs that you will assign to these 2 roles. You would require 2 SGs, one for admins and other for read only access.
- Add security groups to you AAD application role. If you work for an enterprise or if you are not Azure AD administrator, adding security group or users to app role is generally not allowed. You would have to request your AAD administrator to add SGs to AAD application roles.
- Get certificates for SSL, Encryption and any other application certificate that your service needs
- make sure you add all alternate names to your cluster certificate during request creation
- Identify PORTS that will be open on load balancer.
- Use powershell to create the cluster
- API code and service fabric code should not be mixed together in one solution.
- For example, if you have 2 APIs that you want to containerize and then host on service fabric;
- You can have one solution with both API code projects added. If you desire more separation, each API can be created as a different project
- Each project will contain a DOCKERFILE that will define how container image will be created for that respective project
- Below image shows a solution containing 2 web APIs, Gateway API and User API. Docker support is added to both of these projects using Visual Studio (right click project –> add –> docker support).
- None of above 2 projects have any reference or code related to Service Fabric
- Please note, adding docker support from Visual Studio also adds docker-compose file to your project. Orchestration platforms can either use this docker-compose file to manage container or can use it’s own way. While writing this content, Service Fabric does not fully support docker-compose (https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-docker-compose). For my projects, I will configure orchestration settings directly in my Service Fabric project.
- Using docker command line tools or visual studio publish features, above 2 projects will result in 2 images that can be pushed to a container registry. For most of my applications I will use Azure Container Registry
- To use service fabric as an orchestrator for hosting your contained images, we need to create a new Service Fabric project,
- Create new service fabric project
- Add 2 new container services to the SF project. After adding your project should look like this:
- Each service will define, Code, Config and Data. Each of this component is versioned independently.
- Code – Container image information
- Config – Any settings or environment variables
- Data – Any static data that is required by the service
- You can override config values in ApplicationManifest.xml which also allows you to use environment specific parameter files. Typically these parameter files are modified using build release pipeline.