Secure Service Fabric on Linux inside an existing Virtual Network

This guide will help you create a Secured Linux Service Fabric cluster that runs inside an existing Virtual Network and Subnet using the Azure CLI.

You can get the required template and parameters json files from my GitHub. The template is based on the sample published here and is modified to provision into an existing Virtual Network and Subnet.

This guide assumes you already have a Virtual Network created with a Subnet where you want to deploy Service Fabric. If not, you need to create the Virtual Network and Subnet first and specify the values below.

Specify variable values

declare rg=sf-rg # Resource Group Name
export location=westeurope # Region
export sfName=sfcluster # Service Fabric cluster name

Create Resource Group

az group create -n $rg -l $location

Modify the parameters.json file and replace:

• clusterName with your Service Fabric cluster name
• clusterLocation with your region name
• adminUserName with your VM admin username
• adminPassword with your VM admin password
• existingVirtualNetworkNameRGName with your existing Virtual Network Resource Group name
• existingVirtualNetworkName with your existing Virtual Network name
• existingSubnetName with your existing Virtual Network name
• existingSubnetPrefix with your existing Virtual Network name

Create the folder to store the certificates

mkdir -p certs

Create the cluster and generate a certificate

az sf cluster create-n $sfName -g $rg -l $location \
--certificate-output-folder certs \
--certificate-subject-name "$sfName.$location.cloudapp.azure.com" \
--template-file template.json --parameter-file parameters.json

Verify that the cluster is up

Wait until the command below shows Ready. It may take a while.

az sf cluster show -n $sfName -g $location --query clusterState

Connect to the cluster

Once the cluster is up and running, connect using sfctl

sfctl cluster select --endpoint https://"$sfName.$location.cloudapp.azure.com":19080 --pem /path/to/certificate.pem --no-verify

Verify cluster health

sfctl cluster health

Access the Service Fabric Explorer in your browser

Make sure you install either the .pem or the .pfx certificate on your machine, depending on your operating system, then:

• Go to https://:19080[clustername].[region].cloudapp.azure.com/Explorer
• When prompted, select the cluster certificate to authenticate.