Badges
Tags
Categories
Meta
Category Archives: Infrastructure
Multiple Placement Group Value of NodeType does not match with the value of VMSS
If you’re getting the following error: Multiple Placement Group Value of NodeType does not match with the value of VMSS while attempting to deploy a VMSS for a Service Fabric cluster to enable multi-AZ (availability zones) in a region that … Continue reading
Reliable and scalable infrastructure: Secrets
This is a series of posts: Introduction Principles Layers Traffic Secrets (this post) In the previous post we’ve discussed probably the most important aspect of running a service – the handling of live traffic. Without it it’s a not a … Continue reading
Posted in Infrastructure
Tagged azure, azure active directory, azure key vault, azure managed identity, book, x509 certificate
Leave a comment
Following circular nested profile path identified
If you’re getting the following error: Circular nested profile definitions are not allowed. Following circular nested profile path identified: example.trafficmanager.net -> example.trafficmanager.net. Then very likely you got an ARM template like this: What means you created a Geographic traffic-routing based … Continue reading
Reliable and scalable infrastructure: Traffic
This is a series of posts: Introduction Principles Layers Traffic (this post) Secrets Now you have multiple environments, each consisting of multiple data centers, each consisting of multiple scale units. How do you wire up them all together to be … Continue reading
Reliable and scalable infrastructure: Layers
This is a series of posts: Introduction Principles Layers (this post) Traffic Secrets When designing your service’s infrastructure, you need to remember that your deployment (or scale, more below) unit can go down at any point of time for any … Continue reading
Reliable and scalable infrastructure: Principles
This is a series of posts: Introduction Principles (this post) Layers Traffic Secrets First and foremost, you have to threat your service’s infrastructure as you threat your service’s code. In other words as infrastructure-as-code. This may include the techniques that … Continue reading
3 ways to assign access policy for user-assigned managed identity on key vault using ARM template
This post is a summary of my experience dealing with user-assigned managed identity and key vaults in Azure, it explores multiple ways to achieve the same result – how to assign access policies using an ARM template. Each of the … Continue reading
How to configure Service Fabric to use AAD for client authentication
This blob post is intended to compliment the official doc which I personally don’t find helpful and comprehensive enough. The configuration that works for me consists of 3 parts: Cluster ARM template change AAD app for the cluster identity (let’s … Continue reading
How to hook up child DNS zone into parent by updating its NS records using ARM template
Imagine a scenario: you have one global DNS zone in Prod subscription and several child DNS zones for each environment in their own subscriptions, e.g.: infra.example.com Subscription: Prod dev.infra.examle.com Subscription: Dev test.infra.example.com Subscription: Test prod.infra.example.com Subscription: Prod Each zone is … Continue reading
How to enable automatic clean up of provisioned application types on a Service Fabric cluster
As time goes by and you deploy applications, a new build every time what means a new application type is getting provisioned. Application packages are piling up and after some time old versions become just a clutter that eats up … Continue reading
Alexander Batishchev's Blog 