Microsoft.ServiceFabric clusters 2017-07-01-preview
Bicep resource definition
The clusters resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ServiceFabric/clusters resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.ServiceFabric/clusters@2017-07-01-preview' = {
location: 'string'
name: 'string'
properties: {
addOnFeatures: [
'string'
]
availableClusterVersions: [
{
codeVersion: 'string'
environment: 'string'
supportExpiryUtc: 'string'
}
]
azureActiveDirectory: {
clientApplication: 'string'
clusterApplication: 'string'
tenantId: 'string'
}
certificate: {
thumbprint: 'string'
thumbprintSecondary: 'string'
x509StoreName: 'string'
}
clientCertificateCommonNames: [
{
certificateCommonName: 'string'
certificateIssuerThumbprint: 'string'
isAdmin: bool
}
]
clientCertificateThumbprints: [
{
certificateThumbprint: 'string'
isAdmin: bool
}
]
clusterCodeVersion: 'string'
clusterState: 'string'
diagnosticsStorageAccountConfig: {
blobEndpoint: 'string'
protectedAccountKeyName: 'string'
queueEndpoint: 'string'
storageAccountName: 'string'
tableEndpoint: 'string'
}
fabricSettings: [
{
name: 'string'
parameters: [
{
name: 'string'
value: 'string'
}
]
}
]
managementEndpoint: 'string'
nodeTypes: [
{
applicationPorts: {
endPort: int
startPort: int
}
capacities: {
{customized property}: 'string'
}
clientConnectionEndpointPort: int
durabilityLevel: 'string'
ephemeralPorts: {
endPort: int
startPort: int
}
httpGatewayEndpointPort: int
isPrimary: bool
name: 'string'
placementProperties: {
{customized property}: 'string'
}
reverseProxyEndpointPort: int
vmInstanceCount: int
}
]
reliabilityLevel: 'string'
reverseProxyCertificate: {
thumbprint: 'string'
thumbprintSecondary: 'string'
x509StoreName: 'string'
}
upgradeDescription: {
deltaHealthPolicy: {
maxPercentDeltaUnhealthyApplications: int
maxPercentDeltaUnhealthyNodes: int
maxPercentUpgradeDomainDeltaUnhealthyNodes: int
}
forceRestart: bool
healthCheckRetryTimeout: 'string'
healthCheckStableDuration: 'string'
healthCheckWaitDuration: 'string'
healthPolicy: {
maxPercentUnhealthyApplications: int
maxPercentUnhealthyNodes: int
}
upgradeDomainTimeout: 'string'
upgradeReplicaSetCheckTimeout: 'string'
upgradeTimeout: 'string'
}
upgradeMode: 'string'
vmImage: 'string'
}
tags: {
{customized property}: 'string'
}
}
Property values
AzureActiveDirectory
Name | Description | Value |
---|---|---|
clientApplication | Azure active directory client application id. | string |
clusterApplication | Azure active directory cluster application id. | string |
tenantId | Azure active directory tenant id. | string |
CertificateDescription
Name | Description | Value |
---|---|---|
thumbprint | Thumbprint of the primary certificate. | string (required) |
thumbprintSecondary | Thumbprint of the secondary certificate. | string |
x509StoreName | The local certificate store location. | 'AddressBook' 'AuthRoot' 'CertificateAuthority' 'Disallowed' 'My' 'Root' 'TrustedPeople' 'TrustedPublisher' |
ClientCertificateCommonName
Name | Description | Value |
---|---|---|
certificateCommonName | The common name of the client certificate. | string (required) |
certificateIssuerThumbprint | The issuer thumbprint of the client certificate. | string (required) |
isAdmin | Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. | bool (required) |
ClientCertificateThumbprint
Name | Description | Value |
---|---|---|
certificateThumbprint | The thumbprint of the client certificate. | string (required) |
isAdmin | Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. | bool (required) |
ClusterHealthPolicy
Name | Description | Value |
---|---|---|
maxPercentUnhealthyApplications | The maximum allowed percentage of unhealthy applications before reporting an error. For example, to allow 10% of applications to be unhealthy, this value would be 10. | int Constraints: Min value = 0 Max value = 100 |
maxPercentUnhealthyNodes | The maximum allowed percentage of unhealthy nodes before reporting an error. For example, to allow 10% of nodes to be unhealthy, this value would be 10. | int Constraints: Min value = 0 Max value = 100 |
ClusterProperties
Name | Description | Value |
---|---|---|
addOnFeatures | The list of add-on features to enable in the cluster. | String array containing any of: 'BackupRestoreService' 'DnsService' 'RepairManager' |
availableClusterVersions | The Service Fabric runtime versions available for this cluster. | ClusterVersionDetails[] |
azureActiveDirectory | The AAD authentication settings of the cluster. | AzureActiveDirectory |
certificate | The certificate to use for securing the cluster. The certificate provided will be used for node to node security within the cluster, SSL certificate for cluster management endpoint and default admin client. | CertificateDescription |
clientCertificateCommonNames | The list of client certificates referenced by common name that are allowed to manage the cluster. | ClientCertificateCommonName[] |
clientCertificateThumbprints | The list of client certificates referenced by thumbprint that are allowed to manage the cluster. | ClientCertificateThumbprint[] |
clusterCodeVersion | The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to 'Manual'. To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. | string |
clusterState | The current state of the cluster. - WaitingForNodes - Indicates that the cluster resource is created and the resource provider is waiting for Service Fabric VM extension to boot up and report to it. - Deploying - Indicates that the Service Fabric runtime is being installed on the VMs. Cluster resource will be in this state until the cluster boots up and system services are up. - BaselineUpgrade - Indicates that the cluster is upgrading to establishes the cluster version. This upgrade is automatically initiated when the cluster boots up for the first time. - UpdatingUserConfiguration - Indicates that the cluster is being upgraded with the user provided configuration. - UpdatingUserCertificate - Indicates that the cluster is being upgraded with the user provided certificate. - UpdatingInfrastructure - Indicates that the cluster is being upgraded with the latest Service Fabric runtime version. This happens only when the upgradeMode is set to 'Automatic'. - EnforcingClusterVersion - Indicates that cluster is on a different version than expected and the cluster is being upgraded to the expected version. - UpgradeServiceUnreachable - Indicates that the system service in the cluster is no longer polling the Resource Provider. Clusters in this state cannot be managed by the Resource Provider. - AutoScale - Indicates that the ReliabilityLevel of the cluster is being adjusted. - Ready - Indicates that the cluster is in a stable state. |
'AutoScale' 'BaselineUpgrade' 'Deploying' 'EnforcingClusterVersion' 'Ready' 'UpdatingInfrastructure' 'UpdatingUserCertificate' 'UpdatingUserConfiguration' 'UpgradeServiceUnreachable' 'WaitingForNodes' |
diagnosticsStorageAccountConfig | The storage account information for storing Service Fabric diagnostic logs. | DiagnosticsStorageAccountConfig |
fabricSettings | The list of custom fabric settings to configure the cluster. | SettingsSectionDescription[] |
managementEndpoint | The http management endpoint of the cluster. | string (required) |
nodeTypes | The list of node types in the cluster. | NodeTypeDescription[] (required) |
reliabilityLevel | The reliability level sets the replica set size of system services. Learn about ReliabilityLevel. - None - Run the System services with a target replica set count of 1. This should only be used for test clusters. - Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters. - Silver - Run the System services with a target replica set count of 5. - Gold - Run the System services with a target replica set count of 7. - Platinum - Run the System services with a target replica set count of 9. |
'Bronze' 'Gold' 'None' 'Platinum' 'Silver' |
reverseProxyCertificate | The server certificate used by reverse proxy. | CertificateDescription |
upgradeDescription | The policy to use when upgrading the cluster. | ClusterUpgradePolicy |
upgradeMode | The upgrade mode of the cluster when new Service Fabric runtime version is available. - Automatic - The cluster will be automatically upgraded to the latest Service Fabric runtime version as soon as it is available. - Manual - The cluster will not be automatically upgraded to the latest Service Fabric runtime version. The cluster is upgraded by setting the clusterCodeVersion property in the cluster resource. |
'Automatic' 'Manual' |
vmImage | The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used. | string |
ClusterUpgradeDeltaHealthPolicy
Name | Description | Value |
---|---|---|
maxPercentDeltaUnhealthyApplications | The maximum allowed percentage of applications health degradation allowed during cluster upgrades. The delta is measured between the state of the applications at the beginning of upgrade and the state of the applications at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. System services are not included in this. | int Constraints: Min value = 0 Max value = 100 (required) |
maxPercentDeltaUnhealthyNodes | The maximum allowed percentage of nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the nodes at the beginning of upgrade and the state of the nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. | int Constraints: Min value = 0 Max value = 100 (required) |
maxPercentUpgradeDomainDeltaUnhealthyNodes | The maximum allowed percentage of upgrade domain nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the upgrade domain nodes at the beginning of upgrade and the state of the upgrade domain nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion for all completed upgrade domains to make sure the state of the upgrade domains is within tolerated limits. | int Constraints: Min value = 0 Max value = 100 (required) |
ClusterUpgradePolicy
Name | Description | Value |
---|---|---|
deltaHealthPolicy | The delta health policy used when upgrading the cluster. | ClusterUpgradeDeltaHealthPolicy |
forceRestart | If true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data). | bool |
healthCheckRetryTimeout | The amount of time to retry health evaluation when the application or cluster is unhealthy before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
healthCheckStableDuration | The amount of time that the application or cluster must remain healthy before the upgrade proceeds to the next upgrade domain. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
healthCheckWaitDuration | The length of time to wait after completing an upgrade domain before performing health checks. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
healthPolicy | The cluster health policy used when upgrading the cluster. | ClusterHealthPolicy (required) |
upgradeDomainTimeout | The amount of time each upgrade domain has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
upgradeReplicaSetCheckTimeout | The maximum amount of time to block processing of an upgrade domain and prevent loss of availability when there are unexpected issues. When this timeout expires, processing of the upgrade domain will proceed regardless of availability loss issues. The timeout is reset at the start of each upgrade domain. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
upgradeTimeout | The amount of time the overall upgrade has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
ClusterVersionDetails
Name | Description | Value |
---|---|---|
codeVersion | The Service Fabric runtime version of the cluster. | string |
environment | Indicates if this version is for Windows or Linux operating system. | 'Linux' 'Windows' |
supportExpiryUtc | The date of expiry of support of the version. | string |
DiagnosticsStorageAccountConfig
Name | Description | Value |
---|---|---|
blobEndpoint | The blob endpoint of the azure storage account. | string (required) |
protectedAccountKeyName | The protected diagnostics storage key name. | string (required) |
queueEndpoint | The queue endpoint of the azure storage account. | string (required) |
storageAccountName | The Azure storage account name. | string (required) |
tableEndpoint | The table endpoint of the azure storage account. | string (required) |
EndpointRangeDescription
Name | Description | Value |
---|---|---|
endPort | End port of a range of ports | int (required) |
startPort | Starting port of a range of ports | int (required) |
Microsoft.ServiceFabric/clusters
Name | Description | Value |
---|---|---|
location | Resource location. | string (required) |
name | The resource name | string (required) |
properties | The cluster resource properties | ClusterProperties |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
NodeTypeDescription
Name | Description | Value |
---|---|---|
applicationPorts | The range of ports from which cluster assigned port to Service Fabric applications. | EndpointRangeDescription |
capacities | The capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has. | NodeTypeDescriptionCapacities |
clientConnectionEndpointPort | The TCP cluster management endpoint port. | int (required) |
durabilityLevel | The durability level of the node type. Learn about DurabilityLevel. - Bronze - No privileges. This is the default. - Silver - The infrastructure jobs can be paused for a duration of 30 minutes per UD. - Gold - The infrastructure jobs can be paused for a duration of 2 hours per UD. Gold durability can be enabled only on full node VM skus like D15_V2, G5 etc. |
'Bronze' 'Gold' 'Silver' |
ephemeralPorts | The range of ephemeral ports that nodes in this node type should be configured with. | EndpointRangeDescription |
httpGatewayEndpointPort | The HTTP cluster management endpoint port. | int (required) |
isPrimary | The node type on which system services will run. Only one node type should be marked as primary. Primary node type cannot be deleted or changed for existing clusters. | bool (required) |
name | The name of the node type. | string (required) |
placementProperties | The placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run. | NodeTypeDescriptionPlacementProperties |
reverseProxyEndpointPort | The endpoint used by reverse proxy. | int |
vmInstanceCount | The number of nodes in the node type. This count should match the capacity property in the corresponding VirtualMachineScaleSet resource. | int Constraints: Min value = 1 Max value = 2147483647 (required) |
NodeTypeDescriptionCapacities
Name | Description | Value |
---|
NodeTypeDescriptionPlacementProperties
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
SettingsParameterDescription
Name | Description | Value |
---|---|---|
name | The parameter name of fabric setting. | string (required) |
value | The parameter value of fabric setting. | string (required) |
SettingsSectionDescription
Name | Description | Value |
---|---|---|
name | The section name of the fabric settings. | string (required) |
parameters | The collection of parameters in the section. | SettingsParameterDescription[] (required) |
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
Deploy a 5 Node Secure Cluster | This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS. |
ARM template resource definition
The clusters resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ServiceFabric/clusters resource, add the following JSON to your template.
{
"type": "Microsoft.ServiceFabric/clusters",
"apiVersion": "2017-07-01-preview",
"name": "string",
"location": "string",
"properties": {
"addOnFeatures": [ "string" ],
"availableClusterVersions": [
{
"codeVersion": "string",
"environment": "string",
"supportExpiryUtc": "string"
}
],
"azureActiveDirectory": {
"clientApplication": "string",
"clusterApplication": "string",
"tenantId": "string"
},
"certificate": {
"thumbprint": "string",
"thumbprintSecondary": "string",
"x509StoreName": "string"
},
"clientCertificateCommonNames": [
{
"certificateCommonName": "string",
"certificateIssuerThumbprint": "string",
"isAdmin": "bool"
}
],
"clientCertificateThumbprints": [
{
"certificateThumbprint": "string",
"isAdmin": "bool"
}
],
"clusterCodeVersion": "string",
"clusterState": "string",
"diagnosticsStorageAccountConfig": {
"blobEndpoint": "string",
"protectedAccountKeyName": "string",
"queueEndpoint": "string",
"storageAccountName": "string",
"tableEndpoint": "string"
},
"fabricSettings": [
{
"name": "string",
"parameters": [
{
"name": "string",
"value": "string"
}
]
}
],
"managementEndpoint": "string",
"nodeTypes": [
{
"applicationPorts": {
"endPort": "int",
"startPort": "int"
},
"capacities": {
"{customized property}": "string"
},
"clientConnectionEndpointPort": "int",
"durabilityLevel": "string",
"ephemeralPorts": {
"endPort": "int",
"startPort": "int"
},
"httpGatewayEndpointPort": "int",
"isPrimary": "bool",
"name": "string",
"placementProperties": {
"{customized property}": "string"
},
"reverseProxyEndpointPort": "int",
"vmInstanceCount": "int"
}
],
"reliabilityLevel": "string",
"reverseProxyCertificate": {
"thumbprint": "string",
"thumbprintSecondary": "string",
"x509StoreName": "string"
},
"upgradeDescription": {
"deltaHealthPolicy": {
"maxPercentDeltaUnhealthyApplications": "int",
"maxPercentDeltaUnhealthyNodes": "int",
"maxPercentUpgradeDomainDeltaUnhealthyNodes": "int"
},
"forceRestart": "bool",
"healthCheckRetryTimeout": "string",
"healthCheckStableDuration": "string",
"healthCheckWaitDuration": "string",
"healthPolicy": {
"maxPercentUnhealthyApplications": "int",
"maxPercentUnhealthyNodes": "int"
},
"upgradeDomainTimeout": "string",
"upgradeReplicaSetCheckTimeout": "string",
"upgradeTimeout": "string"
},
"upgradeMode": "string",
"vmImage": "string"
},
"tags": {
"{customized property}": "string"
}
}
Property values
AzureActiveDirectory
Name | Description | Value |
---|---|---|
clientApplication | Azure active directory client application id. | string |
clusterApplication | Azure active directory cluster application id. | string |
tenantId | Azure active directory tenant id. | string |
CertificateDescription
Name | Description | Value |
---|---|---|
thumbprint | Thumbprint of the primary certificate. | string (required) |
thumbprintSecondary | Thumbprint of the secondary certificate. | string |
x509StoreName | The local certificate store location. | 'AddressBook' 'AuthRoot' 'CertificateAuthority' 'Disallowed' 'My' 'Root' 'TrustedPeople' 'TrustedPublisher' |
ClientCertificateCommonName
Name | Description | Value |
---|---|---|
certificateCommonName | The common name of the client certificate. | string (required) |
certificateIssuerThumbprint | The issuer thumbprint of the client certificate. | string (required) |
isAdmin | Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. | bool (required) |
ClientCertificateThumbprint
Name | Description | Value |
---|---|---|
certificateThumbprint | The thumbprint of the client certificate. | string (required) |
isAdmin | Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. | bool (required) |
ClusterHealthPolicy
Name | Description | Value |
---|---|---|
maxPercentUnhealthyApplications | The maximum allowed percentage of unhealthy applications before reporting an error. For example, to allow 10% of applications to be unhealthy, this value would be 10. | int Constraints: Min value = 0 Max value = 100 |
maxPercentUnhealthyNodes | The maximum allowed percentage of unhealthy nodes before reporting an error. For example, to allow 10% of nodes to be unhealthy, this value would be 10. | int Constraints: Min value = 0 Max value = 100 |
ClusterProperties
Name | Description | Value |
---|---|---|
addOnFeatures | The list of add-on features to enable in the cluster. | String array containing any of: 'BackupRestoreService' 'DnsService' 'RepairManager' |
availableClusterVersions | The Service Fabric runtime versions available for this cluster. | ClusterVersionDetails[] |
azureActiveDirectory | The AAD authentication settings of the cluster. | AzureActiveDirectory |
certificate | The certificate to use for securing the cluster. The certificate provided will be used for node to node security within the cluster, SSL certificate for cluster management endpoint and default admin client. | CertificateDescription |
clientCertificateCommonNames | The list of client certificates referenced by common name that are allowed to manage the cluster. | ClientCertificateCommonName[] |
clientCertificateThumbprints | The list of client certificates referenced by thumbprint that are allowed to manage the cluster. | ClientCertificateThumbprint[] |
clusterCodeVersion | The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to 'Manual'. To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. | string |
clusterState | The current state of the cluster. - WaitingForNodes - Indicates that the cluster resource is created and the resource provider is waiting for Service Fabric VM extension to boot up and report to it. - Deploying - Indicates that the Service Fabric runtime is being installed on the VMs. Cluster resource will be in this state until the cluster boots up and system services are up. - BaselineUpgrade - Indicates that the cluster is upgrading to establishes the cluster version. This upgrade is automatically initiated when the cluster boots up for the first time. - UpdatingUserConfiguration - Indicates that the cluster is being upgraded with the user provided configuration. - UpdatingUserCertificate - Indicates that the cluster is being upgraded with the user provided certificate. - UpdatingInfrastructure - Indicates that the cluster is being upgraded with the latest Service Fabric runtime version. This happens only when the upgradeMode is set to 'Automatic'. - EnforcingClusterVersion - Indicates that cluster is on a different version than expected and the cluster is being upgraded to the expected version. - UpgradeServiceUnreachable - Indicates that the system service in the cluster is no longer polling the Resource Provider. Clusters in this state cannot be managed by the Resource Provider. - AutoScale - Indicates that the ReliabilityLevel of the cluster is being adjusted. - Ready - Indicates that the cluster is in a stable state. |
'AutoScale' 'BaselineUpgrade' 'Deploying' 'EnforcingClusterVersion' 'Ready' 'UpdatingInfrastructure' 'UpdatingUserCertificate' 'UpdatingUserConfiguration' 'UpgradeServiceUnreachable' 'WaitingForNodes' |
diagnosticsStorageAccountConfig | The storage account information for storing Service Fabric diagnostic logs. | DiagnosticsStorageAccountConfig |
fabricSettings | The list of custom fabric settings to configure the cluster. | SettingsSectionDescription[] |
managementEndpoint | The http management endpoint of the cluster. | string (required) |
nodeTypes | The list of node types in the cluster. | NodeTypeDescription[] (required) |
reliabilityLevel | The reliability level sets the replica set size of system services. Learn about ReliabilityLevel. - None - Run the System services with a target replica set count of 1. This should only be used for test clusters. - Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters. - Silver - Run the System services with a target replica set count of 5. - Gold - Run the System services with a target replica set count of 7. - Platinum - Run the System services with a target replica set count of 9. |
'Bronze' 'Gold' 'None' 'Platinum' 'Silver' |
reverseProxyCertificate | The server certificate used by reverse proxy. | CertificateDescription |
upgradeDescription | The policy to use when upgrading the cluster. | ClusterUpgradePolicy |
upgradeMode | The upgrade mode of the cluster when new Service Fabric runtime version is available. - Automatic - The cluster will be automatically upgraded to the latest Service Fabric runtime version as soon as it is available. - Manual - The cluster will not be automatically upgraded to the latest Service Fabric runtime version. The cluster is upgraded by setting the clusterCodeVersion property in the cluster resource. |
'Automatic' 'Manual' |
vmImage | The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used. | string |
ClusterUpgradeDeltaHealthPolicy
Name | Description | Value |
---|---|---|
maxPercentDeltaUnhealthyApplications | The maximum allowed percentage of applications health degradation allowed during cluster upgrades. The delta is measured between the state of the applications at the beginning of upgrade and the state of the applications at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. System services are not included in this. | int Constraints: Min value = 0 Max value = 100 (required) |
maxPercentDeltaUnhealthyNodes | The maximum allowed percentage of nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the nodes at the beginning of upgrade and the state of the nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. | int Constraints: Min value = 0 Max value = 100 (required) |
maxPercentUpgradeDomainDeltaUnhealthyNodes | The maximum allowed percentage of upgrade domain nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the upgrade domain nodes at the beginning of upgrade and the state of the upgrade domain nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion for all completed upgrade domains to make sure the state of the upgrade domains is within tolerated limits. | int Constraints: Min value = 0 Max value = 100 (required) |
ClusterUpgradePolicy
Name | Description | Value |
---|---|---|
deltaHealthPolicy | The delta health policy used when upgrading the cluster. | ClusterUpgradeDeltaHealthPolicy |
forceRestart | If true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data). | bool |
healthCheckRetryTimeout | The amount of time to retry health evaluation when the application or cluster is unhealthy before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
healthCheckStableDuration | The amount of time that the application or cluster must remain healthy before the upgrade proceeds to the next upgrade domain. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
healthCheckWaitDuration | The length of time to wait after completing an upgrade domain before performing health checks. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
healthPolicy | The cluster health policy used when upgrading the cluster. | ClusterHealthPolicy (required) |
upgradeDomainTimeout | The amount of time each upgrade domain has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
upgradeReplicaSetCheckTimeout | The maximum amount of time to block processing of an upgrade domain and prevent loss of availability when there are unexpected issues. When this timeout expires, processing of the upgrade domain will proceed regardless of availability loss issues. The timeout is reset at the start of each upgrade domain. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
upgradeTimeout | The amount of time the overall upgrade has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
ClusterVersionDetails
Name | Description | Value |
---|---|---|
codeVersion | The Service Fabric runtime version of the cluster. | string |
environment | Indicates if this version is for Windows or Linux operating system. | 'Linux' 'Windows' |
supportExpiryUtc | The date of expiry of support of the version. | string |
DiagnosticsStorageAccountConfig
Name | Description | Value |
---|---|---|
blobEndpoint | The blob endpoint of the azure storage account. | string (required) |
protectedAccountKeyName | The protected diagnostics storage key name. | string (required) |
queueEndpoint | The queue endpoint of the azure storage account. | string (required) |
storageAccountName | The Azure storage account name. | string (required) |
tableEndpoint | The table endpoint of the azure storage account. | string (required) |
EndpointRangeDescription
Name | Description | Value |
---|---|---|
endPort | End port of a range of ports | int (required) |
startPort | Starting port of a range of ports | int (required) |
Microsoft.ServiceFabric/clusters
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2017-07-01-preview' |
location | Resource location. | string (required) |
name | The resource name | string (required) |
properties | The cluster resource properties | ClusterProperties |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.ServiceFabric/clusters' |
NodeTypeDescription
Name | Description | Value |
---|---|---|
applicationPorts | The range of ports from which cluster assigned port to Service Fabric applications. | EndpointRangeDescription |
capacities | The capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has. | NodeTypeDescriptionCapacities |
clientConnectionEndpointPort | The TCP cluster management endpoint port. | int (required) |
durabilityLevel | The durability level of the node type. Learn about DurabilityLevel. - Bronze - No privileges. This is the default. - Silver - The infrastructure jobs can be paused for a duration of 30 minutes per UD. - Gold - The infrastructure jobs can be paused for a duration of 2 hours per UD. Gold durability can be enabled only on full node VM skus like D15_V2, G5 etc. |
'Bronze' 'Gold' 'Silver' |
ephemeralPorts | The range of ephemeral ports that nodes in this node type should be configured with. | EndpointRangeDescription |
httpGatewayEndpointPort | The HTTP cluster management endpoint port. | int (required) |
isPrimary | The node type on which system services will run. Only one node type should be marked as primary. Primary node type cannot be deleted or changed for existing clusters. | bool (required) |
name | The name of the node type. | string (required) |
placementProperties | The placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run. | NodeTypeDescriptionPlacementProperties |
reverseProxyEndpointPort | The endpoint used by reverse proxy. | int |
vmInstanceCount | The number of nodes in the node type. This count should match the capacity property in the corresponding VirtualMachineScaleSet resource. | int Constraints: Min value = 1 Max value = 2147483647 (required) |
NodeTypeDescriptionCapacities
Name | Description | Value |
---|
NodeTypeDescriptionPlacementProperties
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
SettingsParameterDescription
Name | Description | Value |
---|---|---|
name | The parameter name of fabric setting. | string (required) |
value | The parameter value of fabric setting. | string (required) |
SettingsSectionDescription
Name | Description | Value |
---|---|---|
name | The section name of the fabric settings. | string (required) |
parameters | The collection of parameters in the section. | SettingsParameterDescription[] (required) |
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Deploy a 3 Nodetype Secure Cluster with NSGs enabled |
This template allows you to deploy a secure 3 nodetype Service fabric Cluster running Windows server 2016 Data center on a Standard_D2 Size VMs. Use this template allows you ro control the inbound and outbound network traffic using Network Security Groups. |
Deploy a 5 Node Secure Cluster |
This template allows you to deploy a secure 5 node Service Fabric Cluster running Windows Server 2019 Datacenter on a Standard_D2_v2 Size VMSS. |
Deploy a 5 Node Ubuntu Service Fabric Cluster |
This template allows you to deploy a secure 5 node Service Fabric Cluster running Ubuntu on a Standard_D2_V2 Size VMSS. |
Terraform (AzAPI provider) resource definition
The clusters resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.ServiceFabric/clusters resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.ServiceFabric/clusters@2017-07-01-preview"
name = "string"
location = "string"
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
addOnFeatures = [
"string"
]
availableClusterVersions = [
{
codeVersion = "string"
environment = "string"
supportExpiryUtc = "string"
}
]
azureActiveDirectory = {
clientApplication = "string"
clusterApplication = "string"
tenantId = "string"
}
certificate = {
thumbprint = "string"
thumbprintSecondary = "string"
x509StoreName = "string"
}
clientCertificateCommonNames = [
{
certificateCommonName = "string"
certificateIssuerThumbprint = "string"
isAdmin = bool
}
]
clientCertificateThumbprints = [
{
certificateThumbprint = "string"
isAdmin = bool
}
]
clusterCodeVersion = "string"
clusterState = "string"
diagnosticsStorageAccountConfig = {
blobEndpoint = "string"
protectedAccountKeyName = "string"
queueEndpoint = "string"
storageAccountName = "string"
tableEndpoint = "string"
}
fabricSettings = [
{
name = "string"
parameters = [
{
name = "string"
value = "string"
}
]
}
]
managementEndpoint = "string"
nodeTypes = [
{
applicationPorts = {
endPort = int
startPort = int
}
capacities = {
{customized property} = "string"
}
clientConnectionEndpointPort = int
durabilityLevel = "string"
ephemeralPorts = {
endPort = int
startPort = int
}
httpGatewayEndpointPort = int
isPrimary = bool
name = "string"
placementProperties = {
{customized property} = "string"
}
reverseProxyEndpointPort = int
vmInstanceCount = int
}
]
reliabilityLevel = "string"
reverseProxyCertificate = {
thumbprint = "string"
thumbprintSecondary = "string"
x509StoreName = "string"
}
upgradeDescription = {
deltaHealthPolicy = {
maxPercentDeltaUnhealthyApplications = int
maxPercentDeltaUnhealthyNodes = int
maxPercentUpgradeDomainDeltaUnhealthyNodes = int
}
forceRestart = bool
healthCheckRetryTimeout = "string"
healthCheckStableDuration = "string"
healthCheckWaitDuration = "string"
healthPolicy = {
maxPercentUnhealthyApplications = int
maxPercentUnhealthyNodes = int
}
upgradeDomainTimeout = "string"
upgradeReplicaSetCheckTimeout = "string"
upgradeTimeout = "string"
}
upgradeMode = "string"
vmImage = "string"
}
})
}
Property values
AzureActiveDirectory
Name | Description | Value |
---|---|---|
clientApplication | Azure active directory client application id. | string |
clusterApplication | Azure active directory cluster application id. | string |
tenantId | Azure active directory tenant id. | string |
CertificateDescription
Name | Description | Value |
---|---|---|
thumbprint | Thumbprint of the primary certificate. | string (required) |
thumbprintSecondary | Thumbprint of the secondary certificate. | string |
x509StoreName | The local certificate store location. | 'AddressBook' 'AuthRoot' 'CertificateAuthority' 'Disallowed' 'My' 'Root' 'TrustedPeople' 'TrustedPublisher' |
ClientCertificateCommonName
Name | Description | Value |
---|---|---|
certificateCommonName | The common name of the client certificate. | string (required) |
certificateIssuerThumbprint | The issuer thumbprint of the client certificate. | string (required) |
isAdmin | Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. | bool (required) |
ClientCertificateThumbprint
Name | Description | Value |
---|---|---|
certificateThumbprint | The thumbprint of the client certificate. | string (required) |
isAdmin | Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. | bool (required) |
ClusterHealthPolicy
Name | Description | Value |
---|---|---|
maxPercentUnhealthyApplications | The maximum allowed percentage of unhealthy applications before reporting an error. For example, to allow 10% of applications to be unhealthy, this value would be 10. | int Constraints: Min value = 0 Max value = 100 |
maxPercentUnhealthyNodes | The maximum allowed percentage of unhealthy nodes before reporting an error. For example, to allow 10% of nodes to be unhealthy, this value would be 10. | int Constraints: Min value = 0 Max value = 100 |
ClusterProperties
Name | Description | Value |
---|---|---|
addOnFeatures | The list of add-on features to enable in the cluster. | String array containing any of: 'BackupRestoreService' 'DnsService' 'RepairManager' |
availableClusterVersions | The Service Fabric runtime versions available for this cluster. | ClusterVersionDetails[] |
azureActiveDirectory | The AAD authentication settings of the cluster. | AzureActiveDirectory |
certificate | The certificate to use for securing the cluster. The certificate provided will be used for node to node security within the cluster, SSL certificate for cluster management endpoint and default admin client. | CertificateDescription |
clientCertificateCommonNames | The list of client certificates referenced by common name that are allowed to manage the cluster. | ClientCertificateCommonName[] |
clientCertificateThumbprints | The list of client certificates referenced by thumbprint that are allowed to manage the cluster. | ClientCertificateThumbprint[] |
clusterCodeVersion | The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to 'Manual'. To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. | string |
clusterState | The current state of the cluster. - WaitingForNodes - Indicates that the cluster resource is created and the resource provider is waiting for Service Fabric VM extension to boot up and report to it. - Deploying - Indicates that the Service Fabric runtime is being installed on the VMs. Cluster resource will be in this state until the cluster boots up and system services are up. - BaselineUpgrade - Indicates that the cluster is upgrading to establishes the cluster version. This upgrade is automatically initiated when the cluster boots up for the first time. - UpdatingUserConfiguration - Indicates that the cluster is being upgraded with the user provided configuration. - UpdatingUserCertificate - Indicates that the cluster is being upgraded with the user provided certificate. - UpdatingInfrastructure - Indicates that the cluster is being upgraded with the latest Service Fabric runtime version. This happens only when the upgradeMode is set to 'Automatic'. - EnforcingClusterVersion - Indicates that cluster is on a different version than expected and the cluster is being upgraded to the expected version. - UpgradeServiceUnreachable - Indicates that the system service in the cluster is no longer polling the Resource Provider. Clusters in this state cannot be managed by the Resource Provider. - AutoScale - Indicates that the ReliabilityLevel of the cluster is being adjusted. - Ready - Indicates that the cluster is in a stable state. |
'AutoScale' 'BaselineUpgrade' 'Deploying' 'EnforcingClusterVersion' 'Ready' 'UpdatingInfrastructure' 'UpdatingUserCertificate' 'UpdatingUserConfiguration' 'UpgradeServiceUnreachable' 'WaitingForNodes' |
diagnosticsStorageAccountConfig | The storage account information for storing Service Fabric diagnostic logs. | DiagnosticsStorageAccountConfig |
fabricSettings | The list of custom fabric settings to configure the cluster. | SettingsSectionDescription[] |
managementEndpoint | The http management endpoint of the cluster. | string (required) |
nodeTypes | The list of node types in the cluster. | NodeTypeDescription[] (required) |
reliabilityLevel | The reliability level sets the replica set size of system services. Learn about ReliabilityLevel. - None - Run the System services with a target replica set count of 1. This should only be used for test clusters. - Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters. - Silver - Run the System services with a target replica set count of 5. - Gold - Run the System services with a target replica set count of 7. - Platinum - Run the System services with a target replica set count of 9. |
'Bronze' 'Gold' 'None' 'Platinum' 'Silver' |
reverseProxyCertificate | The server certificate used by reverse proxy. | CertificateDescription |
upgradeDescription | The policy to use when upgrading the cluster. | ClusterUpgradePolicy |
upgradeMode | The upgrade mode of the cluster when new Service Fabric runtime version is available. - Automatic - The cluster will be automatically upgraded to the latest Service Fabric runtime version as soon as it is available. - Manual - The cluster will not be automatically upgraded to the latest Service Fabric runtime version. The cluster is upgraded by setting the clusterCodeVersion property in the cluster resource. |
'Automatic' 'Manual' |
vmImage | The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used. | string |
ClusterUpgradeDeltaHealthPolicy
Name | Description | Value |
---|---|---|
maxPercentDeltaUnhealthyApplications | The maximum allowed percentage of applications health degradation allowed during cluster upgrades. The delta is measured between the state of the applications at the beginning of upgrade and the state of the applications at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. System services are not included in this. | int Constraints: Min value = 0 Max value = 100 (required) |
maxPercentDeltaUnhealthyNodes | The maximum allowed percentage of nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the nodes at the beginning of upgrade and the state of the nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. | int Constraints: Min value = 0 Max value = 100 (required) |
maxPercentUpgradeDomainDeltaUnhealthyNodes | The maximum allowed percentage of upgrade domain nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the upgrade domain nodes at the beginning of upgrade and the state of the upgrade domain nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion for all completed upgrade domains to make sure the state of the upgrade domains is within tolerated limits. | int Constraints: Min value = 0 Max value = 100 (required) |
ClusterUpgradePolicy
Name | Description | Value |
---|---|---|
deltaHealthPolicy | The delta health policy used when upgrading the cluster. | ClusterUpgradeDeltaHealthPolicy |
forceRestart | If true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data). | bool |
healthCheckRetryTimeout | The amount of time to retry health evaluation when the application or cluster is unhealthy before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
healthCheckStableDuration | The amount of time that the application or cluster must remain healthy before the upgrade proceeds to the next upgrade domain. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
healthCheckWaitDuration | The length of time to wait after completing an upgrade domain before performing health checks. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
healthPolicy | The cluster health policy used when upgrading the cluster. | ClusterHealthPolicy (required) |
upgradeDomainTimeout | The amount of time each upgrade domain has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
upgradeReplicaSetCheckTimeout | The maximum amount of time to block processing of an upgrade domain and prevent loss of availability when there are unexpected issues. When this timeout expires, processing of the upgrade domain will proceed regardless of availability loss issues. The timeout is reset at the start of each upgrade domain. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
upgradeTimeout | The amount of time the overall upgrade has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format. | string (required) |
ClusterVersionDetails
Name | Description | Value |
---|---|---|
codeVersion | The Service Fabric runtime version of the cluster. | string |
environment | Indicates if this version is for Windows or Linux operating system. | 'Linux' 'Windows' |
supportExpiryUtc | The date of expiry of support of the version. | string |
DiagnosticsStorageAccountConfig
Name | Description | Value |
---|---|---|
blobEndpoint | The blob endpoint of the azure storage account. | string (required) |
protectedAccountKeyName | The protected diagnostics storage key name. | string (required) |
queueEndpoint | The queue endpoint of the azure storage account. | string (required) |
storageAccountName | The Azure storage account name. | string (required) |
tableEndpoint | The table endpoint of the azure storage account. | string (required) |
EndpointRangeDescription
Name | Description | Value |
---|---|---|
endPort | End port of a range of ports | int (required) |
startPort | Starting port of a range of ports | int (required) |
Microsoft.ServiceFabric/clusters
Name | Description | Value |
---|---|---|
location | Resource location. | string (required) |
name | The resource name | string (required) |
properties | The cluster resource properties | ClusterProperties |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.ServiceFabric/clusters@2017-07-01-preview" |
NodeTypeDescription
Name | Description | Value |
---|---|---|
applicationPorts | The range of ports from which cluster assigned port to Service Fabric applications. | EndpointRangeDescription |
capacities | The capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has. | NodeTypeDescriptionCapacities |
clientConnectionEndpointPort | The TCP cluster management endpoint port. | int (required) |
durabilityLevel | The durability level of the node type. Learn about DurabilityLevel. - Bronze - No privileges. This is the default. - Silver - The infrastructure jobs can be paused for a duration of 30 minutes per UD. - Gold - The infrastructure jobs can be paused for a duration of 2 hours per UD. Gold durability can be enabled only on full node VM skus like D15_V2, G5 etc. |
'Bronze' 'Gold' 'Silver' |
ephemeralPorts | The range of ephemeral ports that nodes in this node type should be configured with. | EndpointRangeDescription |
httpGatewayEndpointPort | The HTTP cluster management endpoint port. | int (required) |
isPrimary | The node type on which system services will run. Only one node type should be marked as primary. Primary node type cannot be deleted or changed for existing clusters. | bool (required) |
name | The name of the node type. | string (required) |
placementProperties | The placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run. | NodeTypeDescriptionPlacementProperties |
reverseProxyEndpointPort | The endpoint used by reverse proxy. | int |
vmInstanceCount | The number of nodes in the node type. This count should match the capacity property in the corresponding VirtualMachineScaleSet resource. | int Constraints: Min value = 1 Max value = 2147483647 (required) |
NodeTypeDescriptionCapacities
Name | Description | Value |
---|
NodeTypeDescriptionPlacementProperties
Name | Description | Value |
---|
ResourceTags
Name | Description | Value |
---|
SettingsParameterDescription
Name | Description | Value |
---|---|---|
name | The parameter name of fabric setting. | string (required) |
value | The parameter value of fabric setting. | string (required) |
SettingsSectionDescription
Name | Description | Value |
---|---|---|
name | The section name of the fabric settings. | string (required) |
parameters | The collection of parameters in the section. | SettingsParameterDescription[] (required) |