Category Archives: Infrastructure

How to hook up child DNS zone into parent by updating its NS records using ARM template

Imagine a scenario: you have one global DNS zone in Prod subscription and several child DNS zones for each environment in their own subscriptions, e.g.: infra.example.com Subscription: Prod dev.infra.examle.com Subscription: Dev test.infra.example.com Subscription: Test prod.infra.example.com Subscription: Prod Each zone is … Continue reading

Posted in Infrastructure | Tagged , | Leave a comment

How to enable automatic clean up of provisioned application types on a Service Fabric cluster

As time goes by and you deploy applications, a new build every time what means a new application type is getting provisioned. Application packages are piling up and after some time old versions become just a clutter that eats up … Continue reading

Posted in Infrastructure | Tagged , , | Leave a comment

How to set access policy on Key Vault in another subscription aka How to deploy to resource group in another subscription using ARM template?

The model for my Service Fabric infrastructure consists of two major parts: Data Center (think Azure region) Scale Unit (think Service Fabric cluster and its child resources) But today due to the limitation around AAD first party application we decided … Continue reading

Posted in Infrastructure | Tagged , | Leave a comment

How to split array into string for Service Fabric cluster ARM template

In order to use a certificates for Service Fabric cluster issues by custom, non publicly trusted CA you’d need to supply a list of thumbprints of intermediate CAs. In a form of a comma-separated string. What means if you have … Continue reading

Posted in Infrastructure | Tagged , | Leave a comment

How to combine Key Vault access policy for AAD application and user-assigned managed identity in single ARM template

On other day I was exploring how to grant access for a user-assigned managed identity to a key vault. But here’s a more advanced scenario: let’s say legacy code uses an AAD application to access the key vault and modern … Continue reading

Posted in Infrastructure | Tagged , | Leave a comment

How to create user-assigned managed identity, Key Vault, assign access policy using ARM template

There is already a plenty of materials about managed identities in Azure. But how to create a user-assigned managed identity and grant it the access to a key vault using an ARM template? I tried to find any references but … Continue reading

Posted in Infrastructure | Tagged , | 1 Comment

How to find out the latest ARM api version for given resource type

If you’d like to find this out, for instance, for Service Fabric applications, then use this query: which would yield this result: 2017-07-01-preview2016-09-012016-03-01 what means that you now can go to the GitHub repo with all ARM schemas and find … Continue reading

Posted in Infrastructure | Tagged , , | Leave a comment

How to deploy Service Fabric application using ARM template

You can deploy a Service Fabric application using an ARM templat with a number very different mechanisms, whichever you’d like: PowerShell the CLI the Portal But first you need the actual ARM template. Here’s an example of an application consisting … Continue reading

Posted in Infrastructure | Tagged , | 21 Comments

How to package Service Fabric application into SFPKG using custom MSBuild task

This task wouldn’t require much efforts but: Service Fabric doesn’t support packaging its “package” (which is not a real package but just a directory) into .sfpkg out-of-the-box. Only suggests to use ZipFile.CreateFromDirectory. MSBuildTasks doesn’t support .NET Core so we can’t … Continue reading

Posted in Infrastructure | Tagged , , | Leave a comment

How to extract private key from pfx and remove passphrase using OpenSSL

When I tried to enable SSL for BitTorrent Sync installed on my new NAS Synology 215j it turned out it requires not pfx but private and public keys separately in base64 encoded form. Here’s the command to extract certificate itself. … Continue reading

Posted in Infrastructure | Tagged | Leave a comment