Microsoft.ServiceFabric clusters template reference

Template format

To create a Microsoft.ServiceFabric/clusters resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.ServiceFabric/clusters",
  "apiVersion": "2019-03-01",
  "location": "string",
  "tags": {},
  "properties": {
    "addOnFeatures": [
      "string"
    ],
    "azureActiveDirectory": {
      "tenantId": "string",
      "clusterApplication": "string",
      "clientApplication": "string"
    },
    "certificate": {
      "thumbprint": "string",
      "thumbprintSecondary": "string",
      "x509StoreName": "string"
    },
    "certificateCommonNames": {
      "commonNames": [
        {
          "certificateCommonName": "string",
          "certificateIssuerThumbprint": "string"
        }
      ],
      "x509StoreName": "string"
    },
    "clientCertificateCommonNames": [
      {
        "isAdmin": "boolean",
        "certificateCommonName": "string",
        "certificateIssuerThumbprint": "string"
      }
    ],
    "clientCertificateThumbprints": [
      {
        "isAdmin": "boolean",
        "certificateThumbprint": "string"
      }
    ],
    "clusterCodeVersion": "string",
    "diagnosticsStorageAccountConfig": {
      "storageAccountName": "string",
      "protectedAccountKeyName": "string",
      "blobEndpoint": "string",
      "queueEndpoint": "string",
      "tableEndpoint": "string"
    },
    "eventStoreServiceEnabled": "boolean",
    "fabricSettings": [
      {
        "name": "string",
        "parameters": [
          {
            "name": "string",
            "value": "string"
          }
        ]
      }
    ],
    "managementEndpoint": "string",
    "nodeTypes": [
      {
        "name": "string",
        "placementProperties": {},
        "capacities": {},
        "clientConnectionEndpointPort": "integer",
        "httpGatewayEndpointPort": "integer",
        "durabilityLevel": "string",
        "applicationPorts": {
          "startPort": "integer",
          "endPort": "integer"
        },
        "ephemeralPorts": {
          "startPort": "integer",
          "endPort": "integer"
        },
        "isPrimary": "boolean",
        "vmInstanceCount": "integer",
        "reverseProxyEndpointPort": "integer"
      }
    ],
    "reliabilityLevel": "string",
    "reverseProxyCertificate": {
      "thumbprint": "string",
      "thumbprintSecondary": "string",
      "x509StoreName": "string"
    },
    "reverseProxyCertificateCommonNames": {
      "commonNames": [
        {
          "certificateCommonName": "string",
          "certificateIssuerThumbprint": "string"
        }
      ],
      "x509StoreName": "string"
    },
    "upgradeDescription": {
      "forceRestart": "boolean",
      "upgradeReplicaSetCheckTimeout": "string",
      "healthCheckWaitDuration": "string",
      "healthCheckStableDuration": "string",
      "healthCheckRetryTimeout": "string",
      "upgradeTimeout": "string",
      "upgradeDomainTimeout": "string",
      "healthPolicy": {
        "maxPercentUnhealthyNodes": "integer",
        "maxPercentUnhealthyApplications": "integer",
        "applicationHealthPolicies": {}
      },
      "deltaHealthPolicy": {
        "maxPercentDeltaUnhealthyNodes": "integer",
        "maxPercentUpgradeDomainDeltaUnhealthyNodes": "integer",
        "maxPercentDeltaUnhealthyApplications": "integer",
        "applicationDeltaHealthPolicies": {}
      }
    },
    "upgradeMode": "string",
    "vmImage": "string"
  }
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.ServiceFabric/clusters object

Name Type Required Value
name string Yes The name of the cluster resource.
type enum Yes Microsoft.ServiceFabric/clusters
apiVersion enum Yes 2019-03-01
location string Yes Azure resource location.
tags object No Azure resource tags.
properties object Yes The cluster resource properties - ClusterProperties object

ClusterProperties object

Name Type Required Value
addOnFeatures array No The list of add-on features to enable in the cluster. - RepairManager, DnsService, BackupRestoreService, ResourceMonitorService
azureActiveDirectory object No The AAD authentication settings of the cluster. - AzureActiveDirectory object
certificate object No The certificate to use for securing the cluster. The certificate provided will be used for node to node security within the cluster, SSL certificate for cluster management endpoint and default admin client. - CertificateDescription object
certificateCommonNames object No Describes a list of server certificates referenced by common name that are used to secure the cluster. - ServerCertificateCommonNames object
clientCertificateCommonNames array No The list of client certificates referenced by common name that are allowed to manage the cluster. - ClientCertificateCommonName object
clientCertificateThumbprints array No The list of client certificates referenced by thumbprint that are allowed to manage the cluster. - ClientCertificateThumbprint object
clusterCodeVersion string No The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to 'Manual'. To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions.
diagnosticsStorageAccountConfig object No The storage account information for storing Service Fabric diagnostic logs. - DiagnosticsStorageAccountConfig object
eventStoreServiceEnabled boolean No Indicates if the event store service is enabled.
fabricSettings array No The list of custom fabric settings to configure the cluster. - SettingsSectionDescription object
managementEndpoint string Yes The http management endpoint of the cluster.
nodeTypes array Yes The list of node types in the cluster. - NodeTypeDescription object
reliabilityLevel enum No The reliability level sets the replica set size of system services. Learn about ReliabilityLevel. - None - Run the System services with a target replica set count of 1. This should only be used for test clusters. - Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters. - Silver - Run the System services with a target replica set count of 5. - Gold - Run the System services with a target replica set count of 7. - Platinum - Run the System services with a target replica set count of 9.. - None, Bronze, Silver, Gold, Platinum
reverseProxyCertificate object No The server certificate used by reverse proxy. - CertificateDescription object
reverseProxyCertificateCommonNames object No Describes a list of server certificates referenced by common name that are used to secure the cluster. - ServerCertificateCommonNames object
upgradeDescription object No The policy to use when upgrading the cluster. - ClusterUpgradePolicy object
upgradeMode enum No The upgrade mode of the cluster when new Service Fabric runtime version is available. - Automatic - The cluster will be automatically upgraded to the latest Service Fabric runtime version as soon as it is available. - Manual - The cluster will not be automatically upgraded to the latest Service Fabric runtime version. The cluster is upgraded by setting the clusterCodeVersion property in the cluster resource.. - Automatic or Manual
vmImage string No The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used.

AzureActiveDirectory object

Name Type Required Value
tenantId string No Azure active directory tenant id.
clusterApplication string No Azure active directory cluster application id.
clientApplication string No Azure active directory client application id.

CertificateDescription object

Name Type Required Value
thumbprint string Yes Thumbprint of the primary certificate.
thumbprintSecondary string No Thumbprint of the secondary certificate.
x509StoreName enum No The local certificate store location. - AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople, TrustedPublisher

ServerCertificateCommonNames object

Name Type Required Value
commonNames array No The list of server certificates referenced by common name that are used to secure the cluster. - ServerCertificateCommonName object
x509StoreName enum No The local certificate store location. - AddressBook, AuthRoot, CertificateAuthority, Disallowed, My, Root, TrustedPeople, TrustedPublisher

ClientCertificateCommonName object

Name Type Required Value
isAdmin boolean Yes Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster.
certificateCommonName string Yes The common name of the client certificate.
certificateIssuerThumbprint string Yes The issuer thumbprint of the client certificate.

ClientCertificateThumbprint object

Name Type Required Value
isAdmin boolean Yes Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster.
certificateThumbprint string Yes The thumbprint of the client certificate.

DiagnosticsStorageAccountConfig object

Name Type Required Value
storageAccountName string Yes The Azure storage account name.
protectedAccountKeyName string Yes The protected diagnostics storage key name.
blobEndpoint string Yes The blob endpoint of the azure storage account.
queueEndpoint string Yes The queue endpoint of the azure storage account.
tableEndpoint string Yes The table endpoint of the azure storage account.

SettingsSectionDescription object

Name Type Required Value
name string Yes The section name of the fabric settings.
parameters array Yes The collection of parameters in the section. - SettingsParameterDescription object

NodeTypeDescription object

Name Type Required Value
name string Yes The name of the node type.
placementProperties object No The placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run.
capacities object No The capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has.
clientConnectionEndpointPort integer Yes The TCP cluster management endpoint port.
httpGatewayEndpointPort integer Yes The HTTP cluster management endpoint port.
durabilityLevel enum No The durability level of the node type. Learn about DurabilityLevel. - Bronze - No privileges. This is the default. - Silver - The infrastructure jobs can be paused for a duration of 10 minutes per UD. - Gold - The infrastructure jobs can be paused for a duration of 2 hours per UD. Gold durability can be enabled only on full node VM skus like D15_V2, G5 etc.. - Bronze, Silver, Gold
applicationPorts object No The range of ports from which cluster assigned port to Service Fabric applications. - EndpointRangeDescription object
ephemeralPorts object No The range of ephemeral ports that nodes in this node type should be configured with. - EndpointRangeDescription object
isPrimary boolean Yes The node type on which system services will run. Only one node type should be marked as primary. Primary node type cannot be deleted or changed for existing clusters.
vmInstanceCount integer Yes The number of nodes in the node type. This count should match the capacity property in the corresponding VirtualMachineScaleSet resource.
reverseProxyEndpointPort integer No The endpoint used by reverse proxy.

ClusterUpgradePolicy object

Name Type Required Value
forceRestart boolean No If true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data).
upgradeReplicaSetCheckTimeout string Yes The maximum amount of time to block processing of an upgrade domain and prevent loss of availability when there are unexpected issues. When this timeout expires, processing of the upgrade domain will proceed regardless of availability loss issues. The timeout is reset at the start of each upgrade domain. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format.
healthCheckWaitDuration string Yes The length of time to wait after completing an upgrade domain before performing health checks. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format.
healthCheckStableDuration string Yes The amount of time that the application or cluster must remain healthy before the upgrade proceeds to the next upgrade domain. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format.
healthCheckRetryTimeout string Yes The amount of time to retry health evaluation when the application or cluster is unhealthy before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format.
upgradeTimeout string Yes The amount of time the overall upgrade has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format.
upgradeDomainTimeout string Yes The amount of time each upgrade domain has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format.
healthPolicy object Yes The cluster health policy used when upgrading the cluster. - ClusterHealthPolicy object
deltaHealthPolicy object No The cluster delta health policy used when upgrading the cluster. - ClusterUpgradeDeltaHealthPolicy object

ServerCertificateCommonName object

Name Type Required Value
certificateCommonName string Yes The common name of the server certificate.
certificateIssuerThumbprint string Yes The issuer thumbprint of the server certificate.

SettingsParameterDescription object

Name Type Required Value
name string Yes The parameter name of fabric setting.
value string Yes The parameter value of fabric setting.

EndpointRangeDescription object

Name Type Required Value
startPort integer Yes Starting port of a range of ports
endPort integer Yes End port of a range of ports

ClusterHealthPolicy object

Name Type Required Value
maxPercentUnhealthyNodes integer No The maximum allowed percentage of unhealthy nodes before reporting an error. For example, to allow 10% of nodes to be unhealthy, this value would be 10.The percentage represents the maximum tolerated percentage of nodes that can be unhealthy before the cluster is considered in error.If the percentage is respected but there is at least one unhealthy node, the health is evaluated as Warning.The percentage is calculated by dividing the number of unhealthy nodes over the total number of nodes in the cluster.The computation rounds up to tolerate one failure on small numbers of nodes. Default percentage is zero.In large clusters, some nodes will always be down or out for repairs, so this percentage should be configured to tolerate that.
maxPercentUnhealthyApplications integer No The maximum allowed percentage of unhealthy applications before reporting an error. For example, to allow 10% of applications to be unhealthy, this value would be 10.The percentage represents the maximum tolerated percentage of applications that can be unhealthy before the cluster is considered in error.If the percentage is respected but there is at least one unhealthy application, the health is evaluated as Warning.This is calculated by dividing the number of unhealthy applications over the total number of application instances in the cluster, excluding applications of application types that are included in the ApplicationTypeHealthPolicyMap.The computation rounds up to tolerate one failure on small numbers of applications. Default percentage is zero.
applicationHealthPolicies object No Defines the application health policy map used to evaluate the health of an application or one of its children entities.

ClusterUpgradeDeltaHealthPolicy object

Name Type Required Value
maxPercentDeltaUnhealthyNodes integer Yes The maximum allowed percentage of nodes health degradation allowed during cluster upgrades.The delta is measured between the state of the nodes at the beginning of upgrade and the state of the nodes at the time of the health evaluation.The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits.
maxPercentUpgradeDomainDeltaUnhealthyNodes integer Yes The maximum allowed percentage of upgrade domain nodes health degradation allowed during cluster upgrades.The delta is measured between the state of the upgrade domain nodes at the beginning of upgrade and the state of the upgrade domain nodes at the time of the health evaluation.The check is performed after every upgrade domain upgrade completion for all completed upgrade domains to make sure the state of the upgrade domains is within tolerated limits.
maxPercentDeltaUnhealthyApplications integer Yes The maximum allowed percentage of applications health degradation allowed during cluster upgrades.The delta is measured between the state of the applications at the beginning of upgrade and the state of the applications at the time of the health evaluation.The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. System services are not included in this.
applicationDeltaHealthPolicies object No Defines the application delta health policy map used to evaluate the health of an application or one of its child entities when upgrading the cluster.

Quickstart templates

The following quickstart templates deploy this resource type.