I have a Service Fabric cluster hosted in Microsoft Azure, and I have configured its scale set to register all nodes with Azure Automation DSC (following the example from https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-template#template-example-for-windows-virtual-machine-scale-sets).
I now need to update the DSC script to also ensure that TLS 1.0 is disabled. This registry change requires a reboot of the affected machines. How can I get DSC to apply this change one update domain at a time so that all the VMs in my cluster aren't rebooted at the same time?
This depends on the durability level that you have configured for your cluster:
Gold Restarts can be delayed until approved by the Service Fabric cluster. Updates can be paused for 2 hours per UD to allow additional time for replicas to recover from earlier failures
Silver Restarts can be delayed until approved by the Service Fabric cluster. Updates cannot be delayed for any significant period of time
Bronze Restarts will not be delayed by the Service Fabric cluster. Updates cannot be delayed for any significant period of time
So, you'll need your cluster to have either Silver or Gold level.