Microsoft.ServiceFabric clusters 2017-07-01-preview

Bicep resource definition

The clusters resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ServiceFabric/clusters resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.ServiceFabric/clusters@2017-07-01-preview' = {
  location: 'string'
  name: 'string'
  properties: {
    addOnFeatures: [
      'string'
    ]
    availableClusterVersions: [
      {
        codeVersion: 'string'
        environment: 'string'
        supportExpiryUtc: 'string'
      }
    ]
    azureActiveDirectory: {
      clientApplication: 'string'
      clusterApplication: 'string'
      tenantId: 'string'
    }
    certificate: {
      thumbprint: 'string'
      thumbprintSecondary: 'string'
      x509StoreName: 'string'
    }
    clientCertificateCommonNames: [
      {
        certificateCommonName: 'string'
        certificateIssuerThumbprint: 'string'
        isAdmin: bool
      }
    ]
    clientCertificateThumbprints: [
      {
        certificateThumbprint: 'string'
        isAdmin: bool
      }
    ]
    clusterCodeVersion: 'string'
    clusterState: 'string'
    diagnosticsStorageAccountConfig: {
      blobEndpoint: 'string'
      protectedAccountKeyName: 'string'
      queueEndpoint: 'string'
      storageAccountName: 'string'
      tableEndpoint: 'string'
    }
    fabricSettings: [
      {
        name: 'string'
        parameters: [
          {
            name: 'string'
            value: 'string'
          }
        ]
      }
    ]
    managementEndpoint: 'string'
    nodeTypes: [
      {
        applicationPorts: {
          endPort: int
          startPort: int
        }
        capacities: {
          {customized property}: 'string'
        }
        clientConnectionEndpointPort: int
        durabilityLevel: 'string'
        ephemeralPorts: {
          endPort: int
          startPort: int
        }
        httpGatewayEndpointPort: int
        isPrimary: bool
        name: 'string'
        placementProperties: {
          {customized property}: 'string'
        }
        reverseProxyEndpointPort: int
        vmInstanceCount: int
      }
    ]
    reliabilityLevel: 'string'
    reverseProxyCertificate: {
      thumbprint: 'string'
      thumbprintSecondary: 'string'
      x509StoreName: 'string'
    }
    upgradeDescription: {
      deltaHealthPolicy: {
        maxPercentDeltaUnhealthyApplications: int
        maxPercentDeltaUnhealthyNodes: int
        maxPercentUpgradeDomainDeltaUnhealthyNodes: int
      }
      forceRestart: bool
      healthCheckRetryTimeout: 'string'
      healthCheckStableDuration: 'string'
      healthCheckWaitDuration: 'string'
      healthPolicy: {
        maxPercentUnhealthyApplications: int
        maxPercentUnhealthyNodes: int
      }
      upgradeDomainTimeout: 'string'
      upgradeReplicaSetCheckTimeout: 'string'
      upgradeTimeout: 'string'
    }
    upgradeMode: 'string'
    vmImage: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

AzureActiveDirectory

Name Description Value
clientApplication Azure active directory client application id. string
clusterApplication Azure active directory cluster application id. string
tenantId Azure active directory tenant id. string

CertificateDescription

Name Description Value
thumbprint Thumbprint of the primary certificate. string (required)
thumbprintSecondary Thumbprint of the secondary certificate. string
x509StoreName The local certificate store location. 'AddressBook'
'AuthRoot'
'CertificateAuthority'
'Disallowed'
'My'
'Root'
'TrustedPeople'
'TrustedPublisher'

ClientCertificateCommonName

Name Description Value
certificateCommonName The common name of the client certificate. string (required)
certificateIssuerThumbprint The issuer thumbprint of the client certificate. string (required)
isAdmin Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. bool (required)

ClientCertificateThumbprint

Name Description Value
certificateThumbprint The thumbprint of the client certificate. string (required)
isAdmin Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. bool (required)

ClusterHealthPolicy

Name Description Value
maxPercentUnhealthyApplications The maximum allowed percentage of unhealthy applications before reporting an error. For example, to allow 10% of applications to be unhealthy, this value would be 10. int

Constraints:
Min value = 0
Max value = 100
maxPercentUnhealthyNodes The maximum allowed percentage of unhealthy nodes before reporting an error. For example, to allow 10% of nodes to be unhealthy, this value would be 10. int

Constraints:
Min value = 0
Max value = 100

ClusterProperties

Name Description Value
addOnFeatures The list of add-on features to enable in the cluster. String array containing any of:
'BackupRestoreService'
'DnsService'
'RepairManager'
availableClusterVersions The Service Fabric runtime versions available for this cluster. ClusterVersionDetails[]
azureActiveDirectory The AAD authentication settings of the cluster. AzureActiveDirectory
certificate The certificate to use for securing the cluster. The certificate provided will be used for node to node security within the cluster, SSL certificate for cluster management endpoint and default admin client. CertificateDescription
clientCertificateCommonNames The list of client certificates referenced by common name that are allowed to manage the cluster. ClientCertificateCommonName[]
clientCertificateThumbprints The list of client certificates referenced by thumbprint that are allowed to manage the cluster. ClientCertificateThumbprint[]
clusterCodeVersion The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to 'Manual'. To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. string
clusterState The current state of the cluster.

- WaitingForNodes - Indicates that the cluster resource is created and the resource provider is waiting for Service Fabric VM extension to boot up and report to it.
- Deploying - Indicates that the Service Fabric runtime is being installed on the VMs. Cluster resource will be in this state until the cluster boots up and system services are up.
- BaselineUpgrade - Indicates that the cluster is upgrading to establishes the cluster version. This upgrade is automatically initiated when the cluster boots up for the first time.
- UpdatingUserConfiguration - Indicates that the cluster is being upgraded with the user provided configuration.
- UpdatingUserCertificate - Indicates that the cluster is being upgraded with the user provided certificate.
- UpdatingInfrastructure - Indicates that the cluster is being upgraded with the latest Service Fabric runtime version. This happens only when the upgradeMode is set to 'Automatic'.
- EnforcingClusterVersion - Indicates that cluster is on a different version than expected and the cluster is being upgraded to the expected version.
- UpgradeServiceUnreachable - Indicates that the system service in the cluster is no longer polling the Resource Provider. Clusters in this state cannot be managed by the Resource Provider.
- AutoScale - Indicates that the ReliabilityLevel of the cluster is being adjusted.
- Ready - Indicates that the cluster is in a stable state.
'AutoScale'
'BaselineUpgrade'
'Deploying'
'EnforcingClusterVersion'
'Ready'
'UpdatingInfrastructure'
'UpdatingUserCertificate'
'UpdatingUserConfiguration'
'UpgradeServiceUnreachable'
'WaitingForNodes'
diagnosticsStorageAccountConfig The storage account information for storing Service Fabric diagnostic logs. DiagnosticsStorageAccountConfig
fabricSettings The list of custom fabric settings to configure the cluster. SettingsSectionDescription[]
managementEndpoint The http management endpoint of the cluster. string (required)
nodeTypes The list of node types in the cluster. NodeTypeDescription[] (required)
reliabilityLevel The reliability level sets the replica set size of system services. Learn about ReliabilityLevel.

- None - Run the System services with a target replica set count of 1. This should only be used for test clusters.
- Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters.
- Silver - Run the System services with a target replica set count of 5.
- Gold - Run the System services with a target replica set count of 7.
- Platinum - Run the System services with a target replica set count of 9.
'Bronze'
'Gold'
'None'
'Platinum'
'Silver'
reverseProxyCertificate The server certificate used by reverse proxy. CertificateDescription
upgradeDescription The policy to use when upgrading the cluster. ClusterUpgradePolicy
upgradeMode The upgrade mode of the cluster when new Service Fabric runtime version is available.

- Automatic - The cluster will be automatically upgraded to the latest Service Fabric runtime version as soon as it is available.
- Manual - The cluster will not be automatically upgraded to the latest Service Fabric runtime version. The cluster is upgraded by setting the clusterCodeVersion property in the cluster resource.
'Automatic'
'Manual'
vmImage The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used. string

ClusterUpgradeDeltaHealthPolicy

Name Description Value
maxPercentDeltaUnhealthyApplications The maximum allowed percentage of applications health degradation allowed during cluster upgrades. The delta is measured between the state of the applications at the beginning of upgrade and the state of the applications at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. System services are not included in this. int

Constraints:
Min value = 0
Max value = 100 (required)
maxPercentDeltaUnhealthyNodes The maximum allowed percentage of nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the nodes at the beginning of upgrade and the state of the nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. int

Constraints:
Min value = 0
Max value = 100 (required)
maxPercentUpgradeDomainDeltaUnhealthyNodes The maximum allowed percentage of upgrade domain nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the upgrade domain nodes at the beginning of upgrade and the state of the upgrade domain nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion for all completed upgrade domains to make sure the state of the upgrade domains is within tolerated limits. int

Constraints:
Min value = 0
Max value = 100 (required)

ClusterUpgradePolicy

Name Description Value
deltaHealthPolicy The delta health policy used when upgrading the cluster. ClusterUpgradeDeltaHealthPolicy
forceRestart If true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data). bool
healthCheckRetryTimeout The amount of time to retry health evaluation when the application or cluster is unhealthy before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
healthCheckStableDuration The amount of time that the application or cluster must remain healthy before the upgrade proceeds to the next upgrade domain. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
healthCheckWaitDuration The length of time to wait after completing an upgrade domain before performing health checks. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
healthPolicy The cluster health policy used when upgrading the cluster. ClusterHealthPolicy (required)
upgradeDomainTimeout The amount of time each upgrade domain has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
upgradeReplicaSetCheckTimeout The maximum amount of time to block processing of an upgrade domain and prevent loss of availability when there are unexpected issues. When this timeout expires, processing of the upgrade domain will proceed regardless of availability loss issues. The timeout is reset at the start of each upgrade domain. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
upgradeTimeout The amount of time the overall upgrade has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)

ClusterVersionDetails

Name Description Value
codeVersion The Service Fabric runtime version of the cluster. string
environment Indicates if this version is for Windows or Linux operating system. 'Linux'
'Windows'
supportExpiryUtc The date of expiry of support of the version. string

DiagnosticsStorageAccountConfig

Name Description Value
blobEndpoint The blob endpoint of the azure storage account. string (required)
protectedAccountKeyName The protected diagnostics storage key name. string (required)
queueEndpoint The queue endpoint of the azure storage account. string (required)
storageAccountName The Azure storage account name. string (required)
tableEndpoint The table endpoint of the azure storage account. string (required)

EndpointRangeDescription

Name Description Value
endPort End port of a range of ports int (required)
startPort Starting port of a range of ports int (required)

Microsoft.ServiceFabric/clusters

Name Description Value
location Resource location. string (required)
name The resource name string (required)
properties The cluster resource properties ClusterProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates

NodeTypeDescription

Name Description Value
applicationPorts The range of ports from which cluster assigned port to Service Fabric applications. EndpointRangeDescription
capacities The capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has. NodeTypeDescriptionCapacities
clientConnectionEndpointPort The TCP cluster management endpoint port. int (required)
durabilityLevel The durability level of the node type. Learn about DurabilityLevel.

- Bronze - No privileges. This is the default.
- Silver - The infrastructure jobs can be paused for a duration of 30 minutes per UD.
- Gold - The infrastructure jobs can be paused for a duration of 2 hours per UD. Gold durability can be enabled only on full node VM skus like D15_V2, G5 etc.
'Bronze'
'Gold'
'Silver'
ephemeralPorts The range of ephemeral ports that nodes in this node type should be configured with. EndpointRangeDescription
httpGatewayEndpointPort The HTTP cluster management endpoint port. int (required)
isPrimary The node type on which system services will run. Only one node type should be marked as primary. Primary node type cannot be deleted or changed for existing clusters. bool (required)
name The name of the node type. string (required)
placementProperties The placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run. NodeTypeDescriptionPlacementProperties
reverseProxyEndpointPort The endpoint used by reverse proxy. int
vmInstanceCount The number of nodes in the node type. This count should match the capacity property in the corresponding VirtualMachineScaleSet resource. int

Constraints:
Min value = 1
Max value = 2147483647 (required)

NodeTypeDescriptionCapacities

Name Description Value

NodeTypeDescriptionPlacementProperties

Name Description Value

ResourceTags

Name Description Value

SettingsParameterDescription

Name Description Value
name The parameter name of fabric setting. string (required)
value The parameter value of fabric setting. string (required)

SettingsSectionDescription

Name Description Value
name The section name of the fabric settings. string (required)
parameters The collection of parameters in the section. SettingsParameterDescription[] (required)

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File Description
Deploy a 5 Node Secure Cluster This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS.

ARM template resource definition

The clusters resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ServiceFabric/clusters resource, add the following JSON to your template.

{
  "type": "Microsoft.ServiceFabric/clusters",
  "apiVersion": "2017-07-01-preview",
  "name": "string",
  "location": "string",
  "properties": {
    "addOnFeatures": [ "string" ],
    "availableClusterVersions": [
      {
        "codeVersion": "string",
        "environment": "string",
        "supportExpiryUtc": "string"
      }
    ],
    "azureActiveDirectory": {
      "clientApplication": "string",
      "clusterApplication": "string",
      "tenantId": "string"
    },
    "certificate": {
      "thumbprint": "string",
      "thumbprintSecondary": "string",
      "x509StoreName": "string"
    },
    "clientCertificateCommonNames": [
      {
        "certificateCommonName": "string",
        "certificateIssuerThumbprint": "string",
        "isAdmin": "bool"
      }
    ],
    "clientCertificateThumbprints": [
      {
        "certificateThumbprint": "string",
        "isAdmin": "bool"
      }
    ],
    "clusterCodeVersion": "string",
    "clusterState": "string",
    "diagnosticsStorageAccountConfig": {
      "blobEndpoint": "string",
      "protectedAccountKeyName": "string",
      "queueEndpoint": "string",
      "storageAccountName": "string",
      "tableEndpoint": "string"
    },
    "fabricSettings": [
      {
        "name": "string",
        "parameters": [
          {
            "name": "string",
            "value": "string"
          }
        ]
      }
    ],
    "managementEndpoint": "string",
    "nodeTypes": [
      {
        "applicationPorts": {
          "endPort": "int",
          "startPort": "int"
        },
        "capacities": {
          "{customized property}": "string"
        },
        "clientConnectionEndpointPort": "int",
        "durabilityLevel": "string",
        "ephemeralPorts": {
          "endPort": "int",
          "startPort": "int"
        },
        "httpGatewayEndpointPort": "int",
        "isPrimary": "bool",
        "name": "string",
        "placementProperties": {
          "{customized property}": "string"
        },
        "reverseProxyEndpointPort": "int",
        "vmInstanceCount": "int"
      }
    ],
    "reliabilityLevel": "string",
    "reverseProxyCertificate": {
      "thumbprint": "string",
      "thumbprintSecondary": "string",
      "x509StoreName": "string"
    },
    "upgradeDescription": {
      "deltaHealthPolicy": {
        "maxPercentDeltaUnhealthyApplications": "int",
        "maxPercentDeltaUnhealthyNodes": "int",
        "maxPercentUpgradeDomainDeltaUnhealthyNodes": "int"
      },
      "forceRestart": "bool",
      "healthCheckRetryTimeout": "string",
      "healthCheckStableDuration": "string",
      "healthCheckWaitDuration": "string",
      "healthPolicy": {
        "maxPercentUnhealthyApplications": "int",
        "maxPercentUnhealthyNodes": "int"
      },
      "upgradeDomainTimeout": "string",
      "upgradeReplicaSetCheckTimeout": "string",
      "upgradeTimeout": "string"
    },
    "upgradeMode": "string",
    "vmImage": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

AzureActiveDirectory

Name Description Value
clientApplication Azure active directory client application id. string
clusterApplication Azure active directory cluster application id. string
tenantId Azure active directory tenant id. string

CertificateDescription

Name Description Value
thumbprint Thumbprint of the primary certificate. string (required)
thumbprintSecondary Thumbprint of the secondary certificate. string
x509StoreName The local certificate store location. 'AddressBook'
'AuthRoot'
'CertificateAuthority'
'Disallowed'
'My'
'Root'
'TrustedPeople'
'TrustedPublisher'

ClientCertificateCommonName

Name Description Value
certificateCommonName The common name of the client certificate. string (required)
certificateIssuerThumbprint The issuer thumbprint of the client certificate. string (required)
isAdmin Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. bool (required)

ClientCertificateThumbprint

Name Description Value
certificateThumbprint The thumbprint of the client certificate. string (required)
isAdmin Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. bool (required)

ClusterHealthPolicy

Name Description Value
maxPercentUnhealthyApplications The maximum allowed percentage of unhealthy applications before reporting an error. For example, to allow 10% of applications to be unhealthy, this value would be 10. int

Constraints:
Min value = 0
Max value = 100
maxPercentUnhealthyNodes The maximum allowed percentage of unhealthy nodes before reporting an error. For example, to allow 10% of nodes to be unhealthy, this value would be 10. int

Constraints:
Min value = 0
Max value = 100

ClusterProperties

Name Description Value
addOnFeatures The list of add-on features to enable in the cluster. String array containing any of:
'BackupRestoreService'
'DnsService'
'RepairManager'
availableClusterVersions The Service Fabric runtime versions available for this cluster. ClusterVersionDetails[]
azureActiveDirectory The AAD authentication settings of the cluster. AzureActiveDirectory
certificate The certificate to use for securing the cluster. The certificate provided will be used for node to node security within the cluster, SSL certificate for cluster management endpoint and default admin client. CertificateDescription
clientCertificateCommonNames The list of client certificates referenced by common name that are allowed to manage the cluster. ClientCertificateCommonName[]
clientCertificateThumbprints The list of client certificates referenced by thumbprint that are allowed to manage the cluster. ClientCertificateThumbprint[]
clusterCodeVersion The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to 'Manual'. To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. string
clusterState The current state of the cluster.

- WaitingForNodes - Indicates that the cluster resource is created and the resource provider is waiting for Service Fabric VM extension to boot up and report to it.
- Deploying - Indicates that the Service Fabric runtime is being installed on the VMs. Cluster resource will be in this state until the cluster boots up and system services are up.
- BaselineUpgrade - Indicates that the cluster is upgrading to establishes the cluster version. This upgrade is automatically initiated when the cluster boots up for the first time.
- UpdatingUserConfiguration - Indicates that the cluster is being upgraded with the user provided configuration.
- UpdatingUserCertificate - Indicates that the cluster is being upgraded with the user provided certificate.
- UpdatingInfrastructure - Indicates that the cluster is being upgraded with the latest Service Fabric runtime version. This happens only when the upgradeMode is set to 'Automatic'.
- EnforcingClusterVersion - Indicates that cluster is on a different version than expected and the cluster is being upgraded to the expected version.
- UpgradeServiceUnreachable - Indicates that the system service in the cluster is no longer polling the Resource Provider. Clusters in this state cannot be managed by the Resource Provider.
- AutoScale - Indicates that the ReliabilityLevel of the cluster is being adjusted.
- Ready - Indicates that the cluster is in a stable state.
'AutoScale'
'BaselineUpgrade'
'Deploying'
'EnforcingClusterVersion'
'Ready'
'UpdatingInfrastructure'
'UpdatingUserCertificate'
'UpdatingUserConfiguration'
'UpgradeServiceUnreachable'
'WaitingForNodes'
diagnosticsStorageAccountConfig The storage account information for storing Service Fabric diagnostic logs. DiagnosticsStorageAccountConfig
fabricSettings The list of custom fabric settings to configure the cluster. SettingsSectionDescription[]
managementEndpoint The http management endpoint of the cluster. string (required)
nodeTypes The list of node types in the cluster. NodeTypeDescription[] (required)
reliabilityLevel The reliability level sets the replica set size of system services. Learn about ReliabilityLevel.

- None - Run the System services with a target replica set count of 1. This should only be used for test clusters.
- Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters.
- Silver - Run the System services with a target replica set count of 5.
- Gold - Run the System services with a target replica set count of 7.
- Platinum - Run the System services with a target replica set count of 9.
'Bronze'
'Gold'
'None'
'Platinum'
'Silver'
reverseProxyCertificate The server certificate used by reverse proxy. CertificateDescription
upgradeDescription The policy to use when upgrading the cluster. ClusterUpgradePolicy
upgradeMode The upgrade mode of the cluster when new Service Fabric runtime version is available.

- Automatic - The cluster will be automatically upgraded to the latest Service Fabric runtime version as soon as it is available.
- Manual - The cluster will not be automatically upgraded to the latest Service Fabric runtime version. The cluster is upgraded by setting the clusterCodeVersion property in the cluster resource.
'Automatic'
'Manual'
vmImage The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used. string

ClusterUpgradeDeltaHealthPolicy

Name Description Value
maxPercentDeltaUnhealthyApplications The maximum allowed percentage of applications health degradation allowed during cluster upgrades. The delta is measured between the state of the applications at the beginning of upgrade and the state of the applications at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. System services are not included in this. int

Constraints:
Min value = 0
Max value = 100 (required)
maxPercentDeltaUnhealthyNodes The maximum allowed percentage of nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the nodes at the beginning of upgrade and the state of the nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. int

Constraints:
Min value = 0
Max value = 100 (required)
maxPercentUpgradeDomainDeltaUnhealthyNodes The maximum allowed percentage of upgrade domain nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the upgrade domain nodes at the beginning of upgrade and the state of the upgrade domain nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion for all completed upgrade domains to make sure the state of the upgrade domains is within tolerated limits. int

Constraints:
Min value = 0
Max value = 100 (required)

ClusterUpgradePolicy

Name Description Value
deltaHealthPolicy The delta health policy used when upgrading the cluster. ClusterUpgradeDeltaHealthPolicy
forceRestart If true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data). bool
healthCheckRetryTimeout The amount of time to retry health evaluation when the application or cluster is unhealthy before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
healthCheckStableDuration The amount of time that the application or cluster must remain healthy before the upgrade proceeds to the next upgrade domain. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
healthCheckWaitDuration The length of time to wait after completing an upgrade domain before performing health checks. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
healthPolicy The cluster health policy used when upgrading the cluster. ClusterHealthPolicy (required)
upgradeDomainTimeout The amount of time each upgrade domain has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
upgradeReplicaSetCheckTimeout The maximum amount of time to block processing of an upgrade domain and prevent loss of availability when there are unexpected issues. When this timeout expires, processing of the upgrade domain will proceed regardless of availability loss issues. The timeout is reset at the start of each upgrade domain. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
upgradeTimeout The amount of time the overall upgrade has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)

ClusterVersionDetails

Name Description Value
codeVersion The Service Fabric runtime version of the cluster. string
environment Indicates if this version is for Windows or Linux operating system. 'Linux'
'Windows'
supportExpiryUtc The date of expiry of support of the version. string

DiagnosticsStorageAccountConfig

Name Description Value
blobEndpoint The blob endpoint of the azure storage account. string (required)
protectedAccountKeyName The protected diagnostics storage key name. string (required)
queueEndpoint The queue endpoint of the azure storage account. string (required)
storageAccountName The Azure storage account name. string (required)
tableEndpoint The table endpoint of the azure storage account. string (required)

EndpointRangeDescription

Name Description Value
endPort End port of a range of ports int (required)
startPort Starting port of a range of ports int (required)

Microsoft.ServiceFabric/clusters

Name Description Value
apiVersion The api version '2017-07-01-preview'
location Resource location. string (required)
name The resource name string (required)
properties The cluster resource properties ClusterProperties
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.ServiceFabric/clusters'

NodeTypeDescription

Name Description Value
applicationPorts The range of ports from which cluster assigned port to Service Fabric applications. EndpointRangeDescription
capacities The capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has. NodeTypeDescriptionCapacities
clientConnectionEndpointPort The TCP cluster management endpoint port. int (required)
durabilityLevel The durability level of the node type. Learn about DurabilityLevel.

- Bronze - No privileges. This is the default.
- Silver - The infrastructure jobs can be paused for a duration of 30 minutes per UD.
- Gold - The infrastructure jobs can be paused for a duration of 2 hours per UD. Gold durability can be enabled only on full node VM skus like D15_V2, G5 etc.
'Bronze'
'Gold'
'Silver'
ephemeralPorts The range of ephemeral ports that nodes in this node type should be configured with. EndpointRangeDescription
httpGatewayEndpointPort The HTTP cluster management endpoint port. int (required)
isPrimary The node type on which system services will run. Only one node type should be marked as primary. Primary node type cannot be deleted or changed for existing clusters. bool (required)
name The name of the node type. string (required)
placementProperties The placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run. NodeTypeDescriptionPlacementProperties
reverseProxyEndpointPort The endpoint used by reverse proxy. int
vmInstanceCount The number of nodes in the node type. This count should match the capacity property in the corresponding VirtualMachineScaleSet resource. int

Constraints:
Min value = 1
Max value = 2147483647 (required)

NodeTypeDescriptionCapacities

Name Description Value

NodeTypeDescriptionPlacementProperties

Name Description Value

ResourceTags

Name Description Value

SettingsParameterDescription

Name Description Value
name The parameter name of fabric setting. string (required)
value The parameter value of fabric setting. string (required)

SettingsSectionDescription

Name Description Value
name The section name of the fabric settings. string (required)
parameters The collection of parameters in the section. SettingsParameterDescription[] (required)

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Deploy a 3 Nodetype Secure Cluster with NSGs enabled

Deploy to Azure
This template allows you to deploy a secure 3 nodetype Service fabric Cluster running Windows server 2016 Data center on a Standard_D2 Size VMs. Use this template allows you ro control the inbound and outbound network traffic using Network Security Groups.
Deploy a 5 Node Secure Cluster

Deploy to Azure
This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS.
Deploy a 5 Node Ubuntu Service Fabric Cluster

Deploy to Azure
This template allows you to deploy a secure 5 node Service Fabric Cluster running Ubuntu on a Standard_D2_V2 Size VMSS.

Terraform (AzAPI provider) resource definition

The clusters resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ServiceFabric/clusters resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.ServiceFabric/clusters@2017-07-01-preview"
  name = "string"
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = jsonencode({
    properties = {
      addOnFeatures = [
        "string"
      ]
      availableClusterVersions = [
        {
          codeVersion = "string"
          environment = "string"
          supportExpiryUtc = "string"
        }
      ]
      azureActiveDirectory = {
        clientApplication = "string"
        clusterApplication = "string"
        tenantId = "string"
      }
      certificate = {
        thumbprint = "string"
        thumbprintSecondary = "string"
        x509StoreName = "string"
      }
      clientCertificateCommonNames = [
        {
          certificateCommonName = "string"
          certificateIssuerThumbprint = "string"
          isAdmin = bool
        }
      ]
      clientCertificateThumbprints = [
        {
          certificateThumbprint = "string"
          isAdmin = bool
        }
      ]
      clusterCodeVersion = "string"
      clusterState = "string"
      diagnosticsStorageAccountConfig = {
        blobEndpoint = "string"
        protectedAccountKeyName = "string"
        queueEndpoint = "string"
        storageAccountName = "string"
        tableEndpoint = "string"
      }
      fabricSettings = [
        {
          name = "string"
          parameters = [
            {
              name = "string"
              value = "string"
            }
          ]
        }
      ]
      managementEndpoint = "string"
      nodeTypes = [
        {
          applicationPorts = {
            endPort = int
            startPort = int
          }
          capacities = {
            {customized property} = "string"
          }
          clientConnectionEndpointPort = int
          durabilityLevel = "string"
          ephemeralPorts = {
            endPort = int
            startPort = int
          }
          httpGatewayEndpointPort = int
          isPrimary = bool
          name = "string"
          placementProperties = {
            {customized property} = "string"
          }
          reverseProxyEndpointPort = int
          vmInstanceCount = int
        }
      ]
      reliabilityLevel = "string"
      reverseProxyCertificate = {
        thumbprint = "string"
        thumbprintSecondary = "string"
        x509StoreName = "string"
      }
      upgradeDescription = {
        deltaHealthPolicy = {
          maxPercentDeltaUnhealthyApplications = int
          maxPercentDeltaUnhealthyNodes = int
          maxPercentUpgradeDomainDeltaUnhealthyNodes = int
        }
        forceRestart = bool
        healthCheckRetryTimeout = "string"
        healthCheckStableDuration = "string"
        healthCheckWaitDuration = "string"
        healthPolicy = {
          maxPercentUnhealthyApplications = int
          maxPercentUnhealthyNodes = int
        }
        upgradeDomainTimeout = "string"
        upgradeReplicaSetCheckTimeout = "string"
        upgradeTimeout = "string"
      }
      upgradeMode = "string"
      vmImage = "string"
    }
  })
}

Property values

AzureActiveDirectory

Name Description Value
clientApplication Azure active directory client application id. string
clusterApplication Azure active directory cluster application id. string
tenantId Azure active directory tenant id. string

CertificateDescription

Name Description Value
thumbprint Thumbprint of the primary certificate. string (required)
thumbprintSecondary Thumbprint of the secondary certificate. string
x509StoreName The local certificate store location. 'AddressBook'
'AuthRoot'
'CertificateAuthority'
'Disallowed'
'My'
'Root'
'TrustedPeople'
'TrustedPublisher'

ClientCertificateCommonName

Name Description Value
certificateCommonName The common name of the client certificate. string (required)
certificateIssuerThumbprint The issuer thumbprint of the client certificate. string (required)
isAdmin Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. bool (required)

ClientCertificateThumbprint

Name Description Value
certificateThumbprint The thumbprint of the client certificate. string (required)
isAdmin Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. bool (required)

ClusterHealthPolicy

Name Description Value
maxPercentUnhealthyApplications The maximum allowed percentage of unhealthy applications before reporting an error. For example, to allow 10% of applications to be unhealthy, this value would be 10. int

Constraints:
Min value = 0
Max value = 100
maxPercentUnhealthyNodes The maximum allowed percentage of unhealthy nodes before reporting an error. For example, to allow 10% of nodes to be unhealthy, this value would be 10. int

Constraints:
Min value = 0
Max value = 100

ClusterProperties

Name Description Value
addOnFeatures The list of add-on features to enable in the cluster. String array containing any of:
'BackupRestoreService'
'DnsService'
'RepairManager'
availableClusterVersions The Service Fabric runtime versions available for this cluster. ClusterVersionDetails[]
azureActiveDirectory The AAD authentication settings of the cluster. AzureActiveDirectory
certificate The certificate to use for securing the cluster. The certificate provided will be used for node to node security within the cluster, SSL certificate for cluster management endpoint and default admin client. CertificateDescription
clientCertificateCommonNames The list of client certificates referenced by common name that are allowed to manage the cluster. ClientCertificateCommonName[]
clientCertificateThumbprints The list of client certificates referenced by thumbprint that are allowed to manage the cluster. ClientCertificateThumbprint[]
clusterCodeVersion The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to 'Manual'. To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. string
clusterState The current state of the cluster.

- WaitingForNodes - Indicates that the cluster resource is created and the resource provider is waiting for Service Fabric VM extension to boot up and report to it.
- Deploying - Indicates that the Service Fabric runtime is being installed on the VMs. Cluster resource will be in this state until the cluster boots up and system services are up.
- BaselineUpgrade - Indicates that the cluster is upgrading to establishes the cluster version. This upgrade is automatically initiated when the cluster boots up for the first time.
- UpdatingUserConfiguration - Indicates that the cluster is being upgraded with the user provided configuration.
- UpdatingUserCertificate - Indicates that the cluster is being upgraded with the user provided certificate.
- UpdatingInfrastructure - Indicates that the cluster is being upgraded with the latest Service Fabric runtime version. This happens only when the upgradeMode is set to 'Automatic'.
- EnforcingClusterVersion - Indicates that cluster is on a different version than expected and the cluster is being upgraded to the expected version.
- UpgradeServiceUnreachable - Indicates that the system service in the cluster is no longer polling the Resource Provider. Clusters in this state cannot be managed by the Resource Provider.
- AutoScale - Indicates that the ReliabilityLevel of the cluster is being adjusted.
- Ready - Indicates that the cluster is in a stable state.
'AutoScale'
'BaselineUpgrade'
'Deploying'
'EnforcingClusterVersion'
'Ready'
'UpdatingInfrastructure'
'UpdatingUserCertificate'
'UpdatingUserConfiguration'
'UpgradeServiceUnreachable'
'WaitingForNodes'
diagnosticsStorageAccountConfig The storage account information for storing Service Fabric diagnostic logs. DiagnosticsStorageAccountConfig
fabricSettings The list of custom fabric settings to configure the cluster. SettingsSectionDescription[]
managementEndpoint The http management endpoint of the cluster. string (required)
nodeTypes The list of node types in the cluster. NodeTypeDescription[] (required)
reliabilityLevel The reliability level sets the replica set size of system services. Learn about ReliabilityLevel.

- None - Run the System services with a target replica set count of 1. This should only be used for test clusters.
- Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters.
- Silver - Run the System services with a target replica set count of 5.
- Gold - Run the System services with a target replica set count of 7.
- Platinum - Run the System services with a target replica set count of 9.
'Bronze'
'Gold'
'None'
'Platinum'
'Silver'
reverseProxyCertificate The server certificate used by reverse proxy. CertificateDescription
upgradeDescription The policy to use when upgrading the cluster. ClusterUpgradePolicy
upgradeMode The upgrade mode of the cluster when new Service Fabric runtime version is available.

- Automatic - The cluster will be automatically upgraded to the latest Service Fabric runtime version as soon as it is available.
- Manual - The cluster will not be automatically upgraded to the latest Service Fabric runtime version. The cluster is upgraded by setting the clusterCodeVersion property in the cluster resource.
'Automatic'
'Manual'
vmImage The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used. string

ClusterUpgradeDeltaHealthPolicy

Name Description Value
maxPercentDeltaUnhealthyApplications The maximum allowed percentage of applications health degradation allowed during cluster upgrades. The delta is measured between the state of the applications at the beginning of upgrade and the state of the applications at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. System services are not included in this. int

Constraints:
Min value = 0
Max value = 100 (required)
maxPercentDeltaUnhealthyNodes The maximum allowed percentage of nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the nodes at the beginning of upgrade and the state of the nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. int

Constraints:
Min value = 0
Max value = 100 (required)
maxPercentUpgradeDomainDeltaUnhealthyNodes The maximum allowed percentage of upgrade domain nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the upgrade domain nodes at the beginning of upgrade and the state of the upgrade domain nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion for all completed upgrade domains to make sure the state of the upgrade domains is within tolerated limits. int

Constraints:
Min value = 0
Max value = 100 (required)

ClusterUpgradePolicy

Name Description Value
deltaHealthPolicy The delta health policy used when upgrading the cluster. ClusterUpgradeDeltaHealthPolicy
forceRestart If true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data). bool
healthCheckRetryTimeout The amount of time to retry health evaluation when the application or cluster is unhealthy before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
healthCheckStableDuration The amount of time that the application or cluster must remain healthy before the upgrade proceeds to the next upgrade domain. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
healthCheckWaitDuration The length of time to wait after completing an upgrade domain before performing health checks. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
healthPolicy The cluster health policy used when upgrading the cluster. ClusterHealthPolicy (required)
upgradeDomainTimeout The amount of time each upgrade domain has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
upgradeReplicaSetCheckTimeout The maximum amount of time to block processing of an upgrade domain and prevent loss of availability when there are unexpected issues. When this timeout expires, processing of the upgrade domain will proceed regardless of availability loss issues. The timeout is reset at the start of each upgrade domain. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)
upgradeTimeout The amount of time the overall upgrade has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. string (required)

ClusterVersionDetails

Name Description Value
codeVersion The Service Fabric runtime version of the cluster. string
environment Indicates if this version is for Windows or Linux operating system. 'Linux'
'Windows'
supportExpiryUtc The date of expiry of support of the version. string

DiagnosticsStorageAccountConfig

Name Description Value
blobEndpoint The blob endpoint of the azure storage account. string (required)
protectedAccountKeyName The protected diagnostics storage key name. string (required)
queueEndpoint The queue endpoint of the azure storage account. string (required)
storageAccountName The Azure storage account name. string (required)
tableEndpoint The table endpoint of the azure storage account. string (required)

EndpointRangeDescription

Name Description Value
endPort End port of a range of ports int (required)
startPort Starting port of a range of ports int (required)

Microsoft.ServiceFabric/clusters

Name Description Value
location Resource location. string (required)
name The resource name string (required)
properties The cluster resource properties ClusterProperties
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.ServiceFabric/clusters@2017-07-01-preview"

NodeTypeDescription

Name Description Value
applicationPorts The range of ports from which cluster assigned port to Service Fabric applications. EndpointRangeDescription
capacities The capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has. NodeTypeDescriptionCapacities
clientConnectionEndpointPort The TCP cluster management endpoint port. int (required)
durabilityLevel The durability level of the node type. Learn about DurabilityLevel.

- Bronze - No privileges. This is the default.
- Silver - The infrastructure jobs can be paused for a duration of 30 minutes per UD.
- Gold - The infrastructure jobs can be paused for a duration of 2 hours per UD. Gold durability can be enabled only on full node VM skus like D15_V2, G5 etc.
'Bronze'
'Gold'
'Silver'
ephemeralPorts The range of ephemeral ports that nodes in this node type should be configured with. EndpointRangeDescription
httpGatewayEndpointPort The HTTP cluster management endpoint port. int (required)
isPrimary The node type on which system services will run. Only one node type should be marked as primary. Primary node type cannot be deleted or changed for existing clusters. bool (required)
name The name of the node type. string (required)
placementProperties The placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run. NodeTypeDescriptionPlacementProperties
reverseProxyEndpointPort The endpoint used by reverse proxy. int
vmInstanceCount The number of nodes in the node type. This count should match the capacity property in the corresponding VirtualMachineScaleSet resource. int

Constraints:
Min value = 1
Max value = 2147483647 (required)

NodeTypeDescriptionCapacities

Name Description Value

NodeTypeDescriptionPlacementProperties

Name Description Value

ResourceTags

Name Description Value

SettingsParameterDescription

Name Description Value
name The parameter name of fabric setting. string (required)
value The parameter value of fabric setting. string (required)

SettingsSectionDescription

Name Description Value
name The section name of the fabric settings. string (required)
parameters The collection of parameters in the section. SettingsParameterDescription[] (required)