How to configure APIM with Service Fabric managed cluster#301
Draft
jagilber wants to merge 26 commits intoAzure:masterfrom
Draft
How to configure APIM with Service Fabric managed cluster#301jagilber wants to merge 26 commits intoAzure:masterfrom
jagilber wants to merge 26 commits intoAzure:masterfrom
Conversation
…olicy and rbac policy options
…ation now supported Major updates: - Remove outdated limitation - migration now supported (June 2025) - Add comprehensive 'Enabling stable FQDN on existing clusters' section - Document Set-AzServiceFabricManagedCluster migration path with PowerShell example - Include migration steps, retry/revert guidance, and scenario recommendations - Add Client Certificate Configuration section (thumbprint vs common name) - Emphasize CRITICAL EKU requirement (Client Authentication 1.3.6.1.5.5.7.3.2) - Add Certificate Rotation section explaining server vs client cert lifecycle - Enhance troubleshooting with EKU validation PowerShell script - Simplify APIM certificate upload (direct approach vs Key Vault) - Reference official Azure Service Fabric Managed TLS Solution documentation This update reflects current capabilities as of January 2026.
…s and Azure Key Vault integration
…ters with static FQDN and domainNameLabelScope
…ings - Add DNS and Network Connectivity Issues troubleshooting section - Documents management plane (FQDN → public IP) vs data plane (VNet routing) architecture - Troubleshooting table for common DNS issues (custom DNS, Internal VNet APIM, NSG) - Private DNS zone guidance for custom DNS server configurations - Notes External VNet mode requirement for SFMC public endpoint access - Update certificate validation settings based on validated feedback - Changed validateCertificateChain and validateCertificateName from false to true - Added note: APIM Azure trusted root store includes major public CAs - No issuer pinning (issuerCertificateThumbprint) needed for public CA certs Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
How to configure APIM with Service Fabric managed cluster using new domainNameLabel configuration for static cluster common name connectivity