MSI / Managed Service Identity) for Service Fabric Cluster

4
votes

Looking at the new functionality called MSI (Managed Service Identity)

Is it possible to use MSI inside VM scale sets or even better inside an Azure Service Fabric Cluster? I guess using the resource manager it might be possible, but just want to hear a confirming answer about that.

As I want to access a keyvault it would be very nice to be able to use MSI from inside a microservice running inside a Service Fabric cluster.

1
azure-service-fabricazure-managed-identity
Meanwhile answered by microsoft: yes, it's possible to use MSI in a VM scale set. We have VMSS configuration articles in our backlog, but probably won't publish for a few weeks, starting with configuration via Azure RM template. I've asked engineering about service fabric as well, and the answer is "yes, it's possible to enable the VMSS underlying an SF, but SF doing this automatically won't be coming until later."rfcdejong
Do the SF services need to run under a different account (I think the default is Network Service) with MSI enabled for VM scale set? @rfcdejongGsquare
no clue, sorry. I haven't looked into MSI anymore and I cannot find the answer given by Microsoft either, not on Azure Advisors nor in e-mail.rfcdejong

1 Answers

1
votes

This is a very old question - but the answer is "Yes", now. Both via ARM template or the portal, you can assign a SystemIdentity or 1+ User identities to your VMSS