For a secured cluster, see option B. below.
You can always deploy a SF cluster through the Azure portal, as explained in this article:
However, when creating a cluster, there are quite a few configurations to take into account, like enabling the internal DNS service or Reverse Proxy service, choosing between Linux/Windows, open/publish your application ports in the load-balancer and most of all (the most complex setup) how to create a secure cluster.
Because of those reasons, we have created a set of ARM templates and scripts so you can create, re-create and configure the SF clusters much faster, as explained below:
Within eShopOnContainers root folder, at the folder ..\deploy\az\servicefabric\LinuxContainers, you can find the ARM template servicefabricdeploy.json
and its parameters file (servicefabricdeploy.parameters.json
) to create a Service Fabric cluster environment for Linux Containers.
Edit the following params in servicefabricdeploy.parameters.json
file to set your values:
Optionally, you could modify which ports are opened in the LoadBalancer for the multiple eShopOnContainer apps and API services. By default, they are setup as:
Once parameter file is edited you can deploy it using create-resources script.
For example, to deploy the cluster to a new resourcegroup located in westus, go to deploy\az
folder and type:
create-resources.cmd servicefabric\LinuxContainers\servicefabricdeploy qa-eshop-sflinux-resgrp -c westus
You should see a similar execution to the following:
The ARM template servicefabricdeploysecured.json
and its parameter file (servicefabricdeploysecured.parameters.json
) are used to create a service fabric cluster environment for linux containers secured with a certificate.
Go to PortalAzure and create a Keyvault service. Make sure Enable access for deployment checkboxes are selected.
Execute the gen-keyvaultcert.ps1 script to generate and download a certificate from Keyvault.
.\gen-keyvaultcert.ps1 -vaultName <your_keyvault_service> -certName <your_cert_name> -certPwd <your_cert_pwd> -subjectName CN=<your_sf_dns_name> -saveDir C:\Users\<user>\Downloads
Install the certificate under 'Current User' store location and check it as exportable.
Edit the following params in servicefabricdeploysecured.parameters.json
file to set your values:
Optionally, you can modify which ports are opened in the LoadBalancer for accessing externally to the apps:
Once parameter file is edited you can deploy it using create-resources script.
create-resources.cmd servicefabric\LinuxContainers\servicefabricdeploysecured newResourceGroup -c westus
Modify the cloud.xml file of each Service Fabric application in PublishProfile directory and set your certificate settings to be able to deploy eshopOnContainers in the secured cluster: