Microsoft.ServiceFabric managedClusters
The managedClusters resource type can be deployed to: Resource groups.
To learn about resource group deployments, see Bicep or ARM template.
For a list of changed properties in each API version, see change log.
Template format
To create a Microsoft.ServiceFabric/managedClusters resource, add the following Bicep or JSON to your template.
resource symbolicname 'Microsoft.ServiceFabric/managedClusters@2022-06-01-preview' = {
name: 'string'
location: 'string'
tags: {
tagName1: 'tagValue1'
tagName2: 'tagValue2'
}
sku: {
name: 'string'
}
properties: {
addonFeatures: [
'string'
]
adminPassword: 'string'
adminUserName: 'string'
allowRdpAccess: bool
applicationTypeVersionsCleanupPolicy: {
maxUnusedVersionsToKeep: int
}
auxiliarySubnets: [
{
enableIpv6: bool
name: 'string'
networkSecurityGroupId: 'string'
privateEndpointNetworkPolicies: 'string'
privateLinkServiceNetworkPolicies: 'string'
}
]
azureActiveDirectory: {
clientApplication: 'string'
clusterApplication: 'string'
tenantId: 'string'
}
clientConnectionPort: int
clients: [
{
commonName: 'string'
isAdmin: bool
issuerThumbprint: 'string'
thumbprint: 'string'
}
]
clusterCodeVersion: 'string'
clusterUpgradeCadence: 'string'
clusterUpgradeMode: 'string'
dnsName: 'string'
enableAutoOSUpgrade: bool
enableIpv6: bool
enableServicePublicIP: bool
fabricSettings: [
{
name: 'string'
parameters: [
{
name: 'string'
value: 'string'
}
]
}
]
httpGatewayConnectionPort: int
ipTags: [
{
ipTagType: 'string'
tag: 'string'
}
]
loadBalancingRules: [
{
backendPort: int
frontendPort: int
loadDistribution: 'string'
probePort: int
probeProtocol: 'string'
probeRequestPath: 'string'
protocol: 'string'
}
]
networkSecurityRules: [
{
access: 'string'
description: 'string'
destinationAddressPrefix: 'string'
destinationAddressPrefixes: [
'string'
]
destinationPortRange: 'string'
destinationPortRanges: [
'string'
]
direction: 'string'
name: 'string'
priority: int
protocol: 'string'
sourceAddressPrefix: 'string'
sourceAddressPrefixes: [
'string'
]
sourcePortRange: 'string'
sourcePortRanges: [
'string'
]
}
]
serviceEndpoints: [
{
locations: [
'string'
]
service: 'string'
}
]
subnetId: 'string'
zonalResiliency: bool
}
}
Property values
managedClusters
| Name | Description | Value |
|---|---|---|
| type | The resource type For Bicep, set this value in the resource declaration. |
'Microsoft.ServiceFabric/managedClusters' |
| apiVersion | The resource api version For Bicep, set this value in the resource declaration. |
'2022-06-01-preview' |
| name | The resource name | string (required) |
| location | Azure resource location. | string (required) |
| tags | Azure resource tags. | Dictionary of tag names and values. See Tags in templates |
| sku | Service Fabric managed cluster Sku definition | Sku |
| properties | Describes the managed cluster resource properties. | ManagedClusterProperties |
ManagedClusterProperties
| Name | Description | Value |
|---|---|---|
| addonFeatures | List of add-on features to enable on the cluster. | String array containing any of: 'BackupRestoreService' 'DnsService' 'ResourceMonitorService' |
| adminPassword | VM admin user password. | string |
| adminUserName | VM admin user name. | string (required) |
| allowRdpAccess | Setting this to true enables RDP access to the VM. The default NSG rule opens RDP port to Internet which can be overridden with custom Network Security Rules. The default value for this setting is false. | bool |
| applicationTypeVersionsCleanupPolicy | The policy used to clean up unused versions. When the policy is not specified explicitly, the default unused application versions to keep will be 3. | ApplicationTypeVersionsCleanupPolicy |
| auxiliarySubnets | Auxiliary subnets for the cluster. | Subnet[] |
| azureActiveDirectory | The settings to enable AAD authentication on the cluster. | AzureActiveDirectory |
| clientConnectionPort | The port used for client connections to the cluster. | int |
| clients | Client certificates that are allowed to manage the cluster. | ClientCertificate[] |
| clusterCodeVersion | The Service Fabric runtime version of the cluster. This property is required when clusterUpgradeMode is set to 'Manual'. To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. | string |
| clusterUpgradeCadence | Indicates when new cluster runtime version upgrades will be applied after they are released. By default is Wave0. | 'Wave0' 'Wave1' 'Wave2' |
| clusterUpgradeMode | The upgrade mode of the cluster when new Service Fabric runtime version is available. | 'Automatic' 'Manual' |
| dnsName | The cluster dns name. | string (required) |
| enableAutoOSUpgrade | Setting this to true enables automatic OS upgrade for the node types that are created using any platform OS image with version 'latest'. The default value for this setting is false. | bool |
| enableIpv6 | Setting this to true creates IPv6 address space for the default VNet used by the cluster. This setting cannot be changed once the cluster is created. The default value for this setting is false. | bool |
| enableServicePublicIP | Setting this to true will link the IPv4 address as the ServicePublicIP of the IPv6 address. It can only be set to True if IPv6 is enabled on the cluster. | bool |
| fabricSettings | The list of custom fabric settings to configure the cluster. | SettingsSectionDescription[] |
| httpGatewayConnectionPort | The port used for HTTP connections to the cluster. | int |
| ipTags | The list of IP tags associated with the default public IP address of the cluster. | IPTag[] |
| loadBalancingRules | Load balancing rules that are applied to the public load balancer of the cluster. | LoadBalancingRule[] |
| networkSecurityRules | Custom Network Security Rules that are applied to the Virtual Network of the cluster. | NetworkSecurityRule[] |
| serviceEndpoints | Service endpoints for subnets in the cluster. | ServiceEndpoint[] |
| subnetId | If specified, the node types for the cluster are created in this subnet instead of the default VNet. The networkSecurityRules specified for the cluster are also applied to this subnet. This setting cannot be changed once the cluster is created. | string |
| zonalResiliency | Indicates if the cluster has zone resiliency. | bool |
ApplicationTypeVersionsCleanupPolicy
| Name | Description | Value |
|---|---|---|
| maxUnusedVersionsToKeep | Number of unused versions per application type to keep. | int (required) |
Subnet
| Name | Description | Value |
|---|---|---|
| enableIpv6 | Indicates wether to enable Ipv6 or not. If not provided, it will take the same configuration as the cluster. | bool |
| name | Subnet name. | string (required) |
| networkSecurityGroupId | Full resource id for the network security group. | string |
| privateEndpointNetworkPolicies | Enable or Disable apply network policies on private end point in the subnet. | 'disabled' 'enabled' |
| privateLinkServiceNetworkPolicies | Enable or Disable apply network policies on private link service in the subnet. | 'disabled' 'enabled' |
AzureActiveDirectory
| Name | Description | Value |
|---|---|---|
| clientApplication | Azure active directory client application id. | string |
| clusterApplication | Azure active directory cluster application id. | string |
| tenantId | Azure active directory tenant id. | string |
ClientCertificate
| Name | Description | Value |
|---|---|---|
| commonName | Certificate common name. | string |
| isAdmin | Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. | bool (required) |
| issuerThumbprint | Issuer thumbprint for the certificate. Only used together with CommonName. | string |
| thumbprint | Certificate thumbprint. | string |
SettingsSectionDescription
| Name | Description | Value |
|---|---|---|
| name | The section name of the fabric settings. | string (required) |
| parameters | The collection of parameters in the section. | SettingsParameterDescription[] (required) |
SettingsParameterDescription
| Name | Description | Value |
|---|---|---|
| name | The parameter name of fabric setting. | string (required) |
| value | The parameter value of fabric setting. | string (required) |
IPTag
| Name | Description | Value |
|---|---|---|
| ipTagType | The IP tag type. | string (required) |
| tag | The value of the IP tag. | string (required) |
LoadBalancingRule
| Name | Description | Value |
|---|---|---|
| backendPort | The port used for internal connections on the endpoint. Acceptable values are between 1 and 65535. | int (required) |
| frontendPort | The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values are between 1 and 65534. | int (required) |
| loadDistribution | The load distribution policy for this rule. | string |
| probePort | The prob port used by the load balancing rule. Acceptable values are between 1 and 65535. | int |
| probeProtocol | the reference to the load balancer probe used by the load balancing rule. | 'http' 'https' 'tcp' (required) |
| probeRequestPath | The probe request path. Only supported for HTTP/HTTPS probes. | string |
| protocol | The reference to the transport protocol used by the load balancing rule. | 'tcp' 'udp' (required) |
NetworkSecurityRule
| Name | Description | Value |
|---|---|---|
| access | The network traffic is allowed or denied. | 'allow' 'deny' (required) |
| description | Network security rule description. | string |
| destinationAddressPrefix | The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. | string |
| destinationAddressPrefixes | The destination address prefixes. CIDR or destination IP ranges. | string[] |
| destinationPortRange | he destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| destinationPortRanges | The destination port ranges. | string[] |
| direction | Network security rule direction. | 'inbound' 'outbound' (required) |
| name | Network security rule name. | string (required) |
| priority | The priority of the rule. The value can be in the range 1000 to 3000. Values outside this range are reserved for Service Fabric ManagerCluster Resource Provider. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. | int (required) |
| protocol | Network protocol this rule applies to. | 'ah' 'esp' 'http' 'https' 'icmp' 'tcp' 'udp' (required) |
| sourceAddressPrefix | The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. | string |
| sourceAddressPrefixes | The CIDR or source IP ranges. | string[] |
| sourcePortRange | The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. | string |
| sourcePortRanges | The source port ranges. | string[] |
ServiceEndpoint
| Name | Description | Value |
|---|---|---|
| locations | A list of locations. | string[] |
| service | The type of the endpoint service. | string (required) |
Sku
| Name | Description | Value |
|---|---|---|
| name | Sku Name. | 'Basic' 'Standard' (required) |