Use Azure Application Gateway in a Service Fabric managed cluster
Article
Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. There are several benefits to using Application Gateway. Service Fabric managed cluster supports Azure Application Gateway and allows you to connect your node types to an Application Gateway. You can create an Azure Application Gateway and pass the resource ID to the service fabric managed cluster ARM template.
How to use Application Gateway in a Service Fabric managed cluster
Requirements
Use Service Fabric API version 2022-08-01-Preview (or newer).
Steps
The following section describes the steps that should be taken to use Azure Application Gateway in a Service Fabric managed cluster:
Link your Application Gateway to the node type of your Service Fabric managed cluster. To do this, you must grant SFMC permission to join the application gateway. This permission is granted by assigning SFMC the “Network Contributor” role on the application gateway resource as described in steps below:
A. Get the service Id from your subscription for Service Fabric Resource Provider application.
Make sure you are in the correct subscription, the principal ID will change if the subscription is in a different tenant.
ServicePrincipalNames : {74cb6831-0dbb-4be1-8206-fd4df301cdc2}
ApplicationId : 74cb6831-0dbb-4be1-8206-fd4df301cdc2
ObjectType : ServicePrincipal
DisplayName : Azure Service Fabric Resource Provider
Id : 00000000-0000-0000-0000-000000000000
Note the Id of the previous output as principalId for use in a later step
Role definition name
Role definition ID
Network Contributor
4d97b98b-1d4f-4787-a291-c67834d212e7
Note the Role definition name and Role definition ID property values for use in a later step
B. The sample ARM deployment template adds a role assignment to the application gateway with contributor access. For more information on Azure roles, see Azure built-in roles - Azure RBAC. This role assignment is defined in the resources section of template with PrincipalId and a role definition ID determined from the first step.
or you can also add role assignment via PowerShell using PrincipalId determined from the first step and role definition name as "Contributor" where applicable.
Use a sample ARM deployment template that assigns roles and adds application gateway configuration as part of the service fabric managed cluster creation. Update the template with principalId, appGatewayName, and appGatewayBackendPoolId obtained above.
You can also modify your existing ARM template and add new property appGatewayBackendPoolId under Microsoft.ServiceFabric/managedClusters resource that takes the resource ID of the application gateway.
This module explains what Azure Application Gateway does, how it works, and when you should choose to use Application Gateway as a solution to meet your organization's needs.