Microsoft.ServiceFabric managedClusters/nodeTypes 2023-02-01-preview

Bicep resource definition

The managedClusters/nodeTypes resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ServiceFabric/managedClusters/nodeTypes resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.ServiceFabric/managedClusters/nodeTypes@2023-02-01-preview' = {
  name: 'string'
  properties: {
    additionalDataDisks: [
      {
        diskLetter: 'string'
        diskSizeGB: int
        diskType: 'string'
        lun: int
      }
    ]
    applicationPorts: {
      endPort: int
      startPort: int
    }
    capacities: {
      {customized property}: 'string'
    }
    dataDiskLetter: 'string'
    dataDiskSizeGB: int
    dataDiskType: 'string'
    enableAcceleratedNetworking: bool
    enableEncryptionAtHost: bool
    enableNodePublicIP: bool
    enableOverProvisioning: bool
    ephemeralPorts: {
      endPort: int
      startPort: int
    }
    evictionPolicy: 'string'
    frontendConfigurations: [
      {
        applicationGatewayBackendAddressPoolId: 'string'
        ipAddressType: 'string'
        loadBalancerBackendAddressPoolId: 'string'
        loadBalancerInboundNatPoolId: 'string'
      }
    ]
    hostGroupId: 'string'
    isPrimary: bool
    isSpotVM: bool
    isStateless: bool
    multiplePlacementGroups: bool
    networkSecurityRules: [
      {
        access: 'string'
        description: 'string'
        destinationAddressPrefix: 'string'
        destinationAddressPrefixes: [
          'string'
        ]
        destinationPortRange: 'string'
        destinationPortRanges: [
          'string'
        ]
        direction: 'string'
        name: 'string'
        priority: int
        protocol: 'string'
        sourceAddressPrefix: 'string'
        sourceAddressPrefixes: [
          'string'
        ]
        sourcePortRange: 'string'
        sourcePortRanges: [
          'string'
        ]
      }
    ]
    placementProperties: {
      {customized property}: 'string'
    }
    secureBootEnabled: bool
    securityType: 'string'
    spotRestoreTimeout: 'string'
    subnetId: 'string'
    useDefaultPublicLoadBalancer: bool
    useEphemeralOSDisk: bool
    useTempDataDisk: bool
    vmExtensions: [
      {
        name: 'string'
        properties: {
          autoUpgradeMinorVersion: bool
          enableAutomaticUpgrade: bool
          forceUpdateTag: 'string'
          protectedSettings: any(Azure.Bicep.Types.Concrete.AnyType)
          provisionAfterExtensions: [
            'string'
          ]
          publisher: 'string'
          settings: any(Azure.Bicep.Types.Concrete.AnyType)
          type: 'string'
          typeHandlerVersion: 'string'
        }
      }
    ]
    vmImageOffer: 'string'
    vmImagePublisher: 'string'
    vmImageResourceId: 'string'
    vmImageSku: 'string'
    vmImageVersion: 'string'
    vmInstanceCount: int
    vmManagedIdentity: {
      userAssignedIdentities: [
        'string'
      ]
    }
    vmSecrets: [
      {
        sourceVault: {
          id: 'string'
        }
        vaultCertificates: [
          {
            certificateStore: 'string'
            certificateUrl: 'string'
          }
        ]
      }
    ]
    vmSetupActions: [
      'string'
    ]
    VmSharedGalleryImageId: 'string'
    vmSize: 'string'
    zones: [
      'string'
    ]
  }
  sku: {
    capacity: int
    name: 'string'
    tier: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

EndpointRangeDescription

Name Description Value
endPort End port of a range of ports int (required)
startPort Starting port of a range of ports int (required)

FrontendConfiguration

Name Description Value
applicationGatewayBackendAddressPoolId The resource Id of application gateway backend address pool. The format of the resource Id is '/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/applicationGateways/<applicationGatewayName>/backendAddressPools/<backendAddressPoolName>'. string
ipAddressType The IP address type of this frontend configuration. If omitted the default value is IPv4. 'IPv4'
'IPv6'
loadBalancerBackendAddressPoolId The resource Id of the Load Balancer backend address pool that the VM instances of the node type are associated with. The format of the resource Id is '/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/loadBalancers/<loadBalancerName>/backendAddressPools/<backendAddressPoolName>'. string
loadBalancerInboundNatPoolId The resource Id of the Load Balancer inbound NAT pool that the VM instances of the node type are associated with. The format of the resource Id is '/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/loadBalancers/<loadBalancerName>/inboundNatPools/<inboundNatPoolName>'. string

ManagedProxyResourceTags

Name Description Value

Microsoft.ServiceFabric/managedClusters/nodeTypes

Name Description Value
name The resource name string (required)
parent In Bicep, you can specify the parent resource for a child resource. You only need to add this property when the child resource is declared outside of the parent resource.

For more information, see Child resource outside parent resource.
Symbolic name for resource of type: managedClusters
properties The node type properties NodeTypeProperties
sku The node type sku. NodeTypeSku
tags Resource tags Dictionary of tag names and values. See Tags in templates

NetworkSecurityRule

Name Description Value
access The network traffic is allowed or denied. 'allow'
'deny' (required)
description Network security rule description. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationPortRange he destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction Network security rule direction. 'inbound'
'outbound' (required)
name Network security rule name. string (required)
priority The priority of the rule. The value can be in the range 1000 to 3000. Values outside this range are reserved for Service Fabric ManagerCluster Resource Provider. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int

Constraints:
Min value = 1000
Max value = 3000 (required)
protocol Network protocol this rule applies to. 'ah'
'esp'
'http'
'https'
'icmp'
'tcp'
'udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]

NodeTypeProperties

Name Description Value
additionalDataDisks Additional managed data disks. VmssDataDisk[]
applicationPorts The range of ports from which cluster assigned port to Service Fabric applications. EndpointRangeDescription
capacities The capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has. NodeTypePropertiesCapacities
dataDiskLetter Managed data disk letter. It can not use the reserved letter C or D and it can not change after created. string

Constraints:
Pattern = ^[a-zA-Z]{1}$
dataDiskSizeGB Disk size for the managed disk attached to the vms on the node type in GBs. int
dataDiskType Managed data disk type. Specifies the storage account type for the managed disk 'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS'
enableAcceleratedNetworking Specifies whether the network interface is accelerated networking-enabled. bool
enableEncryptionAtHost Enable or disable the Host Encryption for the virtual machines on the node type. This will enable the encryption for all the disks including Resource/Temp disk at host itself. Default: The Encryption at host will be disabled unless this property is set to true for the resource. bool
enableNodePublicIP Specifies whether each node is allocated its own public IP address. This is only supported on secondary node types with custom Load Balancers. bool
enableOverProvisioning Specifies whether the node type should be overprovisioned. It is only allowed for stateless node types. bool
ephemeralPorts The range of ephemeral ports that nodes in this node type should be configured with. EndpointRangeDescription
evictionPolicy Specifies the eviction policy for virtual machines in a SPOT node type. Default is Delete. 'Deallocate'
'Delete'
frontendConfigurations Indicates the node type uses its own frontend configurations instead of the default one for the cluster. This setting can only be specified for non-primary node types and can not be added or removed after the node type is created. FrontendConfiguration[]
hostGroupId Specifies the full host group resource Id. This property is used for deploying on azure dedicated hosts. string
isPrimary Indicates the Service Fabric system services for the cluster will run on this node type. This setting cannot be changed once the node type is created. bool (required)
isSpotVM Indicates whether the node type will be Spot Virtual Machines. Azure will allocate the VMs if there is capacity available and the VMs can be evicted at any time. bool
isStateless Indicates if the node type can only host Stateless workloads. bool
multiplePlacementGroups Indicates if scale set associated with the node type can be composed of multiple placement groups. bool
networkSecurityRules The Network Security Rules for this node type. This setting can only be specified for node types that are configured with frontend configurations. NetworkSecurityRule[]
placementProperties The placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run. NodeTypePropertiesPlacementProperties
secureBootEnabled Specifies whether secure boot should be enabled on the nodeType. Can only be used with TrustedLaunch SecurityType bool
securityType Specifies the security type of the nodeType. Only TrustedLaunch is currently supported 'TrustedLaunch'
spotRestoreTimeout Indicates the time duration after which the platform will not try to restore the VMSS SPOT instances specified as ISO 8601. string
subnetId Indicates the resource id of the subnet for the node type. string
useDefaultPublicLoadBalancer Specifies whether the use public load balancer. If not specified and the node type doesn't have its own frontend configuration, it will be attached to the default load balancer. If the node type uses its own Load balancer and useDefaultPublicLoadBalancer is true, then the frontend has to be an Internal Load Balancer. If the node type uses its own Load balancer and useDefaultPublicLoadBalancer is false or not set, then the custom load balancer must include a public load balancer to provide outbound connectivity. bool
useEphemeralOSDisk Indicates whether to use ephemeral os disk. The sku selected on the vmSize property needs to support this feature. bool
useTempDataDisk Specifies whether to use the temporary disk for the service fabric data root, in which case no managed data disk will be attached and the temporary disk will be used. It is only allowed for stateless node types. bool
vmExtensions Set of extensions that should be installed onto the virtual machines. VmssExtension[]
vmImageOffer The offer type of the Azure Virtual Machines Marketplace image. For example, UbuntuServer or WindowsServer. string
vmImagePublisher The publisher of the Azure Virtual Machines Marketplace image. For example, Canonical or MicrosoftWindowsServer. string
vmImageResourceId Indicates the resource id of the vm image. This parameter is used for custom vm image. string
vmImageSku The SKU of the Azure Virtual Machines Marketplace image. For example, 14.04.0-LTS or 2012-R2-Datacenter. string
vmImageVersion The version of the Azure Virtual Machines Marketplace image. A value of 'latest' can be specified to select the latest version of an image. If omitted, the default is 'latest'. string
vmInstanceCount The number of nodes in the node type.

Values:
-1 - Use when auto scale rules are configured or sku.capacity is defined
0 - Not supported
>0 - Use for manual scale.
int

Constraints:
Min value = -1
Max value = 2147483647 (required)
vmManagedIdentity Identities to assign to the virtual machine scale set under the node type. VmManagedIdentity
vmSecrets The secrets to install in the virtual machines. VaultSecretGroup[]
vmSetupActions Specifies the actions to be performed on the vms before bootstrapping the service fabric runtime. String array containing any of:
'EnableContainers'
'EnableHyperV'
VmSharedGalleryImageId Indicates the resource id of the vm shared galleries image. This parameter is used for custom vm image. string
vmSize The size of virtual machines in the pool. All virtual machines in a pool are the same size. For example, Standard_D3. string
zones Specifies the availability zones where the node type would span across. If the cluster is not spanning across availability zones, initiates az migration for the cluster. string[]

NodeTypePropertiesCapacities

Name Description Value

NodeTypePropertiesPlacementProperties

Name Description Value

NodeTypeSku

Name Description Value
capacity The number of nodes in the node type.

If present in request it will override properties.vmInstanceCount.
int

Constraints:
Min value = 1
Max value = 2147483647 (required)
name The sku name.

Name is internally generated and is used in auto-scale scenarios.
Property does not allow to be changed to other values than generated.
To avoid deployment errors please omit the property.
string
tier Specifies the tier of the node type.

Possible Values:
Standard
string

SubResource

Name Description Value
id Azure resource identifier. string

VaultCertificate

Name Description Value
certificateStore For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account.

For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted.
string (required)
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
string (required)

VaultSecretGroup

Name Description Value
sourceVault The relative URL of the Key Vault containing all of the certificates in VaultCertificates. SubResource (required)
vaultCertificates The list of key vault references in SourceVault which contain certificates. VaultCertificate[] (required)

VmManagedIdentity

Name Description Value
userAssignedIdentities The list of user identities associated with the virtual machine scale set under the node type. Each entry will be an ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. string[]

VmssDataDisk

Name Description Value
diskLetter Managed data disk letter. It can not use the reserved letter C or D and it can not change after created. string

Constraints:
Pattern = ^[a-zA-Z]{1}$ (required)
diskSizeGB Disk size for each vm in the node type in GBs. int (required)
diskType Managed data disk type. Specifies the storage account type for the managed disk 'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS' (required)
lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. Lun 0 is reserved for the service fabric data disk. int

Constraints:
Min value = 1 (required)

VmssExtension

Name Description Value
name The name of the extension. string (required)
properties Describes the properties of a Virtual Machine Scale Set Extension. VmssExtensionProperties (required)

VmssExtensionProperties

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
enableAutomaticUpgrade Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. bool
forceUpdateTag If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. string
protectedSettings The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. any
provisionAfterExtensions Collection of extension names after which this extension needs to be provisioned. string[]
publisher The name of the extension handler publisher. string (required)
settings Json formatted public settings for the extension. any
type Specifies the type of the extension; an example is "CustomScriptExtension". string (required)
typeHandlerVersion Specifies the version of the script handler. string (required)

ARM template resource definition

The managedClusters/nodeTypes resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ServiceFabric/managedClusters/nodeTypes resource, add the following JSON to your template.

{
  "type": "Microsoft.ServiceFabric/managedClusters/nodeTypes",
  "apiVersion": "2023-02-01-preview",
  "name": "string",
  "properties": {
    "additionalDataDisks": [
      {
        "diskLetter": "string",
        "diskSizeGB": "int",
        "diskType": "string",
        "lun": "int"
      }
    ],
    "applicationPorts": {
      "endPort": "int",
      "startPort": "int"
    },
    "capacities": {
      "{customized property}": "string"
    },
    "dataDiskLetter": "string",
    "dataDiskSizeGB": "int",
    "dataDiskType": "string",
    "enableAcceleratedNetworking": "bool",
    "enableEncryptionAtHost": "bool",
    "enableNodePublicIP": "bool",
    "enableOverProvisioning": "bool",
    "ephemeralPorts": {
      "endPort": "int",
      "startPort": "int"
    },
    "evictionPolicy": "string",
    "frontendConfigurations": [
      {
        "applicationGatewayBackendAddressPoolId": "string",
        "ipAddressType": "string",
        "loadBalancerBackendAddressPoolId": "string",
        "loadBalancerInboundNatPoolId": "string"
      }
    ],
    "hostGroupId": "string",
    "isPrimary": "bool",
    "isSpotVM": "bool",
    "isStateless": "bool",
    "multiplePlacementGroups": "bool",
    "networkSecurityRules": [
      {
        "access": "string",
        "description": "string",
        "destinationAddressPrefix": "string",
        "destinationAddressPrefixes": [ "string" ],
        "destinationPortRange": "string",
        "destinationPortRanges": [ "string" ],
        "direction": "string",
        "name": "string",
        "priority": "int",
        "protocol": "string",
        "sourceAddressPrefix": "string",
        "sourceAddressPrefixes": [ "string" ],
        "sourcePortRange": "string",
        "sourcePortRanges": [ "string" ]
      }
    ],
    "placementProperties": {
      "{customized property}": "string"
    },
    "secureBootEnabled": "bool",
    "securityType": "string",
    "spotRestoreTimeout": "string",
    "subnetId": "string",
    "useDefaultPublicLoadBalancer": "bool",
    "useEphemeralOSDisk": "bool",
    "useTempDataDisk": "bool",
    "vmExtensions": [
      {
        "name": "string",
        "properties": {
          "autoUpgradeMinorVersion": "bool",
          "enableAutomaticUpgrade": "bool",
          "forceUpdateTag": "string",
          "protectedSettings": {},
          "provisionAfterExtensions": [ "string" ],
          "publisher": "string",
          "settings": {},
          "type": "string",
          "typeHandlerVersion": "string"
        }
      }
    ],
    "vmImageOffer": "string",
    "vmImagePublisher": "string",
    "vmImageResourceId": "string",
    "vmImageSku": "string",
    "vmImageVersion": "string",
    "vmInstanceCount": "int",
    "vmManagedIdentity": {
      "userAssignedIdentities": [ "string" ]
    },
    "vmSecrets": [
      {
        "sourceVault": {
          "id": "string"
        },
        "vaultCertificates": [
          {
            "certificateStore": "string",
            "certificateUrl": "string"
          }
        ]
      }
    ],
    "vmSetupActions": [ "string" ],
    "VmSharedGalleryImageId": "string",
    "vmSize": "string",
    "zones": [ "string" ]
  },
  "sku": {
    "capacity": "int",
    "name": "string",
    "tier": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

EndpointRangeDescription

Name Description Value
endPort End port of a range of ports int (required)
startPort Starting port of a range of ports int (required)

FrontendConfiguration

Name Description Value
applicationGatewayBackendAddressPoolId The resource Id of application gateway backend address pool. The format of the resource Id is '/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/applicationGateways/<applicationGatewayName>/backendAddressPools/<backendAddressPoolName>'. string
ipAddressType The IP address type of this frontend configuration. If omitted the default value is IPv4. 'IPv4'
'IPv6'
loadBalancerBackendAddressPoolId The resource Id of the Load Balancer backend address pool that the VM instances of the node type are associated with. The format of the resource Id is '/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/loadBalancers/<loadBalancerName>/backendAddressPools/<backendAddressPoolName>'. string
loadBalancerInboundNatPoolId The resource Id of the Load Balancer inbound NAT pool that the VM instances of the node type are associated with. The format of the resource Id is '/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/loadBalancers/<loadBalancerName>/inboundNatPools/<inboundNatPoolName>'. string

ManagedProxyResourceTags

Name Description Value

Microsoft.ServiceFabric/managedClusters/nodeTypes

Name Description Value
apiVersion The api version '2023-02-01-preview'
name The resource name string (required)
properties The node type properties NodeTypeProperties
sku The node type sku. NodeTypeSku
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.ServiceFabric/managedClusters/nodeTypes'

NetworkSecurityRule

Name Description Value
access The network traffic is allowed or denied. 'allow'
'deny' (required)
description Network security rule description. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationPortRange he destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction Network security rule direction. 'inbound'
'outbound' (required)
name Network security rule name. string (required)
priority The priority of the rule. The value can be in the range 1000 to 3000. Values outside this range are reserved for Service Fabric ManagerCluster Resource Provider. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int

Constraints:
Min value = 1000
Max value = 3000 (required)
protocol Network protocol this rule applies to. 'ah'
'esp'
'http'
'https'
'icmp'
'tcp'
'udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]

NodeTypeProperties

Name Description Value
additionalDataDisks Additional managed data disks. VmssDataDisk[]
applicationPorts The range of ports from which cluster assigned port to Service Fabric applications. EndpointRangeDescription
capacities The capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has. NodeTypePropertiesCapacities
dataDiskLetter Managed data disk letter. It can not use the reserved letter C or D and it can not change after created. string

Constraints:
Pattern = ^[a-zA-Z]{1}$
dataDiskSizeGB Disk size for the managed disk attached to the vms on the node type in GBs. int
dataDiskType Managed data disk type. Specifies the storage account type for the managed disk 'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS'
enableAcceleratedNetworking Specifies whether the network interface is accelerated networking-enabled. bool
enableEncryptionAtHost Enable or disable the Host Encryption for the virtual machines on the node type. This will enable the encryption for all the disks including Resource/Temp disk at host itself. Default: The Encryption at host will be disabled unless this property is set to true for the resource. bool
enableNodePublicIP Specifies whether each node is allocated its own public IP address. This is only supported on secondary node types with custom Load Balancers. bool
enableOverProvisioning Specifies whether the node type should be overprovisioned. It is only allowed for stateless node types. bool
ephemeralPorts The range of ephemeral ports that nodes in this node type should be configured with. EndpointRangeDescription
evictionPolicy Specifies the eviction policy for virtual machines in a SPOT node type. Default is Delete. 'Deallocate'
'Delete'
frontendConfigurations Indicates the node type uses its own frontend configurations instead of the default one for the cluster. This setting can only be specified for non-primary node types and can not be added or removed after the node type is created. FrontendConfiguration[]
hostGroupId Specifies the full host group resource Id. This property is used for deploying on azure dedicated hosts. string
isPrimary Indicates the Service Fabric system services for the cluster will run on this node type. This setting cannot be changed once the node type is created. bool (required)
isSpotVM Indicates whether the node type will be Spot Virtual Machines. Azure will allocate the VMs if there is capacity available and the VMs can be evicted at any time. bool
isStateless Indicates if the node type can only host Stateless workloads. bool
multiplePlacementGroups Indicates if scale set associated with the node type can be composed of multiple placement groups. bool
networkSecurityRules The Network Security Rules for this node type. This setting can only be specified for node types that are configured with frontend configurations. NetworkSecurityRule[]
placementProperties The placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run. NodeTypePropertiesPlacementProperties
secureBootEnabled Specifies whether secure boot should be enabled on the nodeType. Can only be used with TrustedLaunch SecurityType bool
securityType Specifies the security type of the nodeType. Only TrustedLaunch is currently supported 'TrustedLaunch'
spotRestoreTimeout Indicates the time duration after which the platform will not try to restore the VMSS SPOT instances specified as ISO 8601. string
subnetId Indicates the resource id of the subnet for the node type. string
useDefaultPublicLoadBalancer Specifies whether the use public load balancer. If not specified and the node type doesn't have its own frontend configuration, it will be attached to the default load balancer. If the node type uses its own Load balancer and useDefaultPublicLoadBalancer is true, then the frontend has to be an Internal Load Balancer. If the node type uses its own Load balancer and useDefaultPublicLoadBalancer is false or not set, then the custom load balancer must include a public load balancer to provide outbound connectivity. bool
useEphemeralOSDisk Indicates whether to use ephemeral os disk. The sku selected on the vmSize property needs to support this feature. bool
useTempDataDisk Specifies whether to use the temporary disk for the service fabric data root, in which case no managed data disk will be attached and the temporary disk will be used. It is only allowed for stateless node types. bool
vmExtensions Set of extensions that should be installed onto the virtual machines. VmssExtension[]
vmImageOffer The offer type of the Azure Virtual Machines Marketplace image. For example, UbuntuServer or WindowsServer. string
vmImagePublisher The publisher of the Azure Virtual Machines Marketplace image. For example, Canonical or MicrosoftWindowsServer. string
vmImageResourceId Indicates the resource id of the vm image. This parameter is used for custom vm image. string
vmImageSku The SKU of the Azure Virtual Machines Marketplace image. For example, 14.04.0-LTS or 2012-R2-Datacenter. string
vmImageVersion The version of the Azure Virtual Machines Marketplace image. A value of 'latest' can be specified to select the latest version of an image. If omitted, the default is 'latest'. string
vmInstanceCount The number of nodes in the node type.

Values:
-1 - Use when auto scale rules are configured or sku.capacity is defined
0 - Not supported
>0 - Use for manual scale.
int

Constraints:
Min value = -1
Max value = 2147483647 (required)
vmManagedIdentity Identities to assign to the virtual machine scale set under the node type. VmManagedIdentity
vmSecrets The secrets to install in the virtual machines. VaultSecretGroup[]
vmSetupActions Specifies the actions to be performed on the vms before bootstrapping the service fabric runtime. String array containing any of:
'EnableContainers'
'EnableHyperV'
VmSharedGalleryImageId Indicates the resource id of the vm shared galleries image. This parameter is used for custom vm image. string
vmSize The size of virtual machines in the pool. All virtual machines in a pool are the same size. For example, Standard_D3. string
zones Specifies the availability zones where the node type would span across. If the cluster is not spanning across availability zones, initiates az migration for the cluster. string[]

NodeTypePropertiesCapacities

Name Description Value

NodeTypePropertiesPlacementProperties

Name Description Value

NodeTypeSku

Name Description Value
capacity The number of nodes in the node type.

If present in request it will override properties.vmInstanceCount.
int

Constraints:
Min value = 1
Max value = 2147483647 (required)
name The sku name.

Name is internally generated and is used in auto-scale scenarios.
Property does not allow to be changed to other values than generated.
To avoid deployment errors please omit the property.
string
tier Specifies the tier of the node type.

Possible Values:
Standard
string

SubResource

Name Description Value
id Azure resource identifier. string

VaultCertificate

Name Description Value
certificateStore For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account.

For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted.
string (required)
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
string (required)

VaultSecretGroup

Name Description Value
sourceVault The relative URL of the Key Vault containing all of the certificates in VaultCertificates. SubResource (required)
vaultCertificates The list of key vault references in SourceVault which contain certificates. VaultCertificate[] (required)

VmManagedIdentity

Name Description Value
userAssignedIdentities The list of user identities associated with the virtual machine scale set under the node type. Each entry will be an ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. string[]

VmssDataDisk

Name Description Value
diskLetter Managed data disk letter. It can not use the reserved letter C or D and it can not change after created. string

Constraints:
Pattern = ^[a-zA-Z]{1}$ (required)
diskSizeGB Disk size for each vm in the node type in GBs. int (required)
diskType Managed data disk type. Specifies the storage account type for the managed disk 'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS' (required)
lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. Lun 0 is reserved for the service fabric data disk. int

Constraints:
Min value = 1 (required)

VmssExtension

Name Description Value
name The name of the extension. string (required)
properties Describes the properties of a Virtual Machine Scale Set Extension. VmssExtensionProperties (required)

VmssExtensionProperties

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
enableAutomaticUpgrade Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. bool
forceUpdateTag If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. string
protectedSettings The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. any
provisionAfterExtensions Collection of extension names after which this extension needs to be provisioned. string[]
publisher The name of the extension handler publisher. string (required)
settings Json formatted public settings for the extension. any
type Specifies the type of the extension; an example is "CustomScriptExtension". string (required)
typeHandlerVersion Specifies the version of the script handler. string (required)

Terraform (AzAPI provider) resource definition

The managedClusters/nodeTypes resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ServiceFabric/managedClusters/nodeTypes resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.ServiceFabric/managedClusters/nodeTypes@2023-02-01-preview"
  name = "string"
  body = jsonencode({
    properties = {
      additionalDataDisks = [
        {
          diskLetter = "string"
          diskSizeGB = int
          diskType = "string"
          lun = int
        }
      ]
      applicationPorts = {
        endPort = int
        startPort = int
      }
      capacities = {
        {customized property} = "string"
      }
      dataDiskLetter = "string"
      dataDiskSizeGB = int
      dataDiskType = "string"
      enableAcceleratedNetworking = bool
      enableEncryptionAtHost = bool
      enableNodePublicIP = bool
      enableOverProvisioning = bool
      ephemeralPorts = {
        endPort = int
        startPort = int
      }
      evictionPolicy = "string"
      frontendConfigurations = [
        {
          applicationGatewayBackendAddressPoolId = "string"
          ipAddressType = "string"
          loadBalancerBackendAddressPoolId = "string"
          loadBalancerInboundNatPoolId = "string"
        }
      ]
      hostGroupId = "string"
      isPrimary = bool
      isSpotVM = bool
      isStateless = bool
      multiplePlacementGroups = bool
      networkSecurityRules = [
        {
          access = "string"
          description = "string"
          destinationAddressPrefix = "string"
          destinationAddressPrefixes = [
            "string"
          ]
          destinationPortRange = "string"
          destinationPortRanges = [
            "string"
          ]
          direction = "string"
          name = "string"
          priority = int
          protocol = "string"
          sourceAddressPrefix = "string"
          sourceAddressPrefixes = [
            "string"
          ]
          sourcePortRange = "string"
          sourcePortRanges = [
            "string"
          ]
        }
      ]
      placementProperties = {
        {customized property} = "string"
      }
      secureBootEnabled = bool
      securityType = "string"
      spotRestoreTimeout = "string"
      subnetId = "string"
      useDefaultPublicLoadBalancer = bool
      useEphemeralOSDisk = bool
      useTempDataDisk = bool
      vmExtensions = [
        {
          name = "string"
          properties = {
            autoUpgradeMinorVersion = bool
            enableAutomaticUpgrade = bool
            forceUpdateTag = "string"
            protectedSettings = ?
            provisionAfterExtensions = [
              "string"
            ]
            publisher = "string"
            settings = ?
            type = "string"
            typeHandlerVersion = "string"
          }
        }
      ]
      vmImageOffer = "string"
      vmImagePublisher = "string"
      vmImageResourceId = "string"
      vmImageSku = "string"
      vmImageVersion = "string"
      vmInstanceCount = int
      vmManagedIdentity = {
        userAssignedIdentities = [
          "string"
        ]
      }
      vmSecrets = [
        {
          sourceVault = {
            id = "string"
          }
          vaultCertificates = [
            {
              certificateStore = "string"
              certificateUrl = "string"
            }
          ]
        }
      ]
      vmSetupActions = [
        "string"
      ]
      VmSharedGalleryImageId = "string"
      vmSize = "string"
      zones = [
        "string"
      ]
    }
  })
  sku = {
    capacity = int
    name = "string"
    tier = "string"
  }
  tags = {
    {customized property} = "string"
  }
}

Property values

EndpointRangeDescription

Name Description Value
endPort End port of a range of ports int (required)
startPort Starting port of a range of ports int (required)

FrontendConfiguration

Name Description Value
applicationGatewayBackendAddressPoolId The resource Id of application gateway backend address pool. The format of the resource Id is '/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/applicationGateways/<applicationGatewayName>/backendAddressPools/<backendAddressPoolName>'. string
ipAddressType The IP address type of this frontend configuration. If omitted the default value is IPv4. 'IPv4'
'IPv6'
loadBalancerBackendAddressPoolId The resource Id of the Load Balancer backend address pool that the VM instances of the node type are associated with. The format of the resource Id is '/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/loadBalancers/<loadBalancerName>/backendAddressPools/<backendAddressPoolName>'. string
loadBalancerInboundNatPoolId The resource Id of the Load Balancer inbound NAT pool that the VM instances of the node type are associated with. The format of the resource Id is '/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Network/loadBalancers/<loadBalancerName>/inboundNatPools/<inboundNatPoolName>'. string

ManagedProxyResourceTags

Name Description Value

Microsoft.ServiceFabric/managedClusters/nodeTypes

Name Description Value
name The resource name string (required)
parent_id The ID of the resource that is the parent for this resource. ID for resource of type: managedClusters
properties The node type properties NodeTypeProperties
sku The node type sku. NodeTypeSku
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.ServiceFabric/managedClusters/nodeTypes@2023-02-01-preview"

NetworkSecurityRule

Name Description Value
access The network traffic is allowed or denied. 'allow'
'deny' (required)
description Network security rule description. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationPortRange he destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction Network security rule direction. 'inbound'
'outbound' (required)
name Network security rule name. string (required)
priority The priority of the rule. The value can be in the range 1000 to 3000. Values outside this range are reserved for Service Fabric ManagerCluster Resource Provider. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int

Constraints:
Min value = 1000
Max value = 3000 (required)
protocol Network protocol this rule applies to. 'ah'
'esp'
'http'
'https'
'icmp'
'tcp'
'udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]

NodeTypeProperties

Name Description Value
additionalDataDisks Additional managed data disks. VmssDataDisk[]
applicationPorts The range of ports from which cluster assigned port to Service Fabric applications. EndpointRangeDescription
capacities The capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has. NodeTypePropertiesCapacities
dataDiskLetter Managed data disk letter. It can not use the reserved letter C or D and it can not change after created. string

Constraints:
Pattern = ^[a-zA-Z]{1}$
dataDiskSizeGB Disk size for the managed disk attached to the vms on the node type in GBs. int
dataDiskType Managed data disk type. Specifies the storage account type for the managed disk 'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS'
enableAcceleratedNetworking Specifies whether the network interface is accelerated networking-enabled. bool
enableEncryptionAtHost Enable or disable the Host Encryption for the virtual machines on the node type. This will enable the encryption for all the disks including Resource/Temp disk at host itself. Default: The Encryption at host will be disabled unless this property is set to true for the resource. bool
enableNodePublicIP Specifies whether each node is allocated its own public IP address. This is only supported on secondary node types with custom Load Balancers. bool
enableOverProvisioning Specifies whether the node type should be overprovisioned. It is only allowed for stateless node types. bool
ephemeralPorts The range of ephemeral ports that nodes in this node type should be configured with. EndpointRangeDescription
evictionPolicy Specifies the eviction policy for virtual machines in a SPOT node type. Default is Delete. 'Deallocate'
'Delete'
frontendConfigurations Indicates the node type uses its own frontend configurations instead of the default one for the cluster. This setting can only be specified for non-primary node types and can not be added or removed after the node type is created. FrontendConfiguration[]
hostGroupId Specifies the full host group resource Id. This property is used for deploying on azure dedicated hosts. string
isPrimary Indicates the Service Fabric system services for the cluster will run on this node type. This setting cannot be changed once the node type is created. bool (required)
isSpotVM Indicates whether the node type will be Spot Virtual Machines. Azure will allocate the VMs if there is capacity available and the VMs can be evicted at any time. bool
isStateless Indicates if the node type can only host Stateless workloads. bool
multiplePlacementGroups Indicates if scale set associated with the node type can be composed of multiple placement groups. bool
networkSecurityRules The Network Security Rules for this node type. This setting can only be specified for node types that are configured with frontend configurations. NetworkSecurityRule[]
placementProperties The placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run. NodeTypePropertiesPlacementProperties
secureBootEnabled Specifies whether secure boot should be enabled on the nodeType. Can only be used with TrustedLaunch SecurityType bool
securityType Specifies the security type of the nodeType. Only TrustedLaunch is currently supported 'TrustedLaunch'
spotRestoreTimeout Indicates the time duration after which the platform will not try to restore the VMSS SPOT instances specified as ISO 8601. string
subnetId Indicates the resource id of the subnet for the node type. string
useDefaultPublicLoadBalancer Specifies whether the use public load balancer. If not specified and the node type doesn't have its own frontend configuration, it will be attached to the default load balancer. If the node type uses its own Load balancer and useDefaultPublicLoadBalancer is true, then the frontend has to be an Internal Load Balancer. If the node type uses its own Load balancer and useDefaultPublicLoadBalancer is false or not set, then the custom load balancer must include a public load balancer to provide outbound connectivity. bool
useEphemeralOSDisk Indicates whether to use ephemeral os disk. The sku selected on the vmSize property needs to support this feature. bool
useTempDataDisk Specifies whether to use the temporary disk for the service fabric data root, in which case no managed data disk will be attached and the temporary disk will be used. It is only allowed for stateless node types. bool
vmExtensions Set of extensions that should be installed onto the virtual machines. VmssExtension[]
vmImageOffer The offer type of the Azure Virtual Machines Marketplace image. For example, UbuntuServer or WindowsServer. string
vmImagePublisher The publisher of the Azure Virtual Machines Marketplace image. For example, Canonical or MicrosoftWindowsServer. string
vmImageResourceId Indicates the resource id of the vm image. This parameter is used for custom vm image. string
vmImageSku The SKU of the Azure Virtual Machines Marketplace image. For example, 14.04.0-LTS or 2012-R2-Datacenter. string
vmImageVersion The version of the Azure Virtual Machines Marketplace image. A value of 'latest' can be specified to select the latest version of an image. If omitted, the default is 'latest'. string
vmInstanceCount The number of nodes in the node type.

Values:
-1 - Use when auto scale rules are configured or sku.capacity is defined
0 - Not supported
>0 - Use for manual scale.
int

Constraints:
Min value = -1
Max value = 2147483647 (required)
vmManagedIdentity Identities to assign to the virtual machine scale set under the node type. VmManagedIdentity
vmSecrets The secrets to install in the virtual machines. VaultSecretGroup[]
vmSetupActions Specifies the actions to be performed on the vms before bootstrapping the service fabric runtime. String array containing any of:
'EnableContainers'
'EnableHyperV'
VmSharedGalleryImageId Indicates the resource id of the vm shared galleries image. This parameter is used for custom vm image. string
vmSize The size of virtual machines in the pool. All virtual machines in a pool are the same size. For example, Standard_D3. string
zones Specifies the availability zones where the node type would span across. If the cluster is not spanning across availability zones, initiates az migration for the cluster. string[]

NodeTypePropertiesCapacities

Name Description Value

NodeTypePropertiesPlacementProperties

Name Description Value

NodeTypeSku

Name Description Value
capacity The number of nodes in the node type.

If present in request it will override properties.vmInstanceCount.
int

Constraints:
Min value = 1
Max value = 2147483647 (required)
name The sku name.

Name is internally generated and is used in auto-scale scenarios.
Property does not allow to be changed to other values than generated.
To avoid deployment errors please omit the property.
string
tier Specifies the tier of the node type.

Possible Values:
Standard
string

SubResource

Name Description Value
id Azure resource identifier. string

VaultCertificate

Name Description Value
certificateStore For Windows VMs, specifies the certificate store on the Virtual Machine to which the certificate should be added. The specified certificate store is implicitly in the LocalMachine account.

For Linux VMs, the certificate file is placed under the /var/lib/waagent directory, with the file name <UppercaseThumbprint>.crt for the X509 certificate file and <UppercaseThumbprint>.prv for private key. Both of these files are .pem formatted.
string (required)
certificateUrl This is the URL of a certificate that has been uploaded to Key Vault as a secret. For adding a secret to the Key Vault, see Add a key or secret to the key vault. In this case, your certificate needs to be It is the Base64 encoding of the following JSON Object which is encoded in UTF-8:

{
"data":"<Base64-encoded-certificate>",
"dataType":"pfx",
"password":"<pfx-file-password>"
}
string (required)

VaultSecretGroup

Name Description Value
sourceVault The relative URL of the Key Vault containing all of the certificates in VaultCertificates. SubResource (required)
vaultCertificates The list of key vault references in SourceVault which contain certificates. VaultCertificate[] (required)

VmManagedIdentity

Name Description Value
userAssignedIdentities The list of user identities associated with the virtual machine scale set under the node type. Each entry will be an ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}'. string[]

VmssDataDisk

Name Description Value
diskLetter Managed data disk letter. It can not use the reserved letter C or D and it can not change after created. string

Constraints:
Pattern = ^[a-zA-Z]{1}$ (required)
diskSizeGB Disk size for each vm in the node type in GBs. int (required)
diskType Managed data disk type. Specifies the storage account type for the managed disk 'Premium_LRS'
'StandardSSD_LRS'
'Standard_LRS' (required)
lun Specifies the logical unit number of the data disk. This value is used to identify data disks within the VM and therefore must be unique for each data disk attached to a VM. Lun 0 is reserved for the service fabric data disk. int

Constraints:
Min value = 1 (required)

VmssExtension

Name Description Value
name The name of the extension. string (required)
properties Describes the properties of a Virtual Machine Scale Set Extension. VmssExtensionProperties (required)

VmssExtensionProperties

Name Description Value
autoUpgradeMinorVersion Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. bool
enableAutomaticUpgrade Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. bool
forceUpdateTag If a value is provided and is different from the previous value, the extension handler will be forced to update even if the extension configuration has not changed. string
protectedSettings The extension can contain either protectedSettings or protectedSettingsFromKeyVault or no protected settings at all. any
provisionAfterExtensions Collection of extension names after which this extension needs to be provisioned. string[]
publisher The name of the extension handler publisher. string (required)
settings Json formatted public settings for the extension. any
type Specifies the type of the extension; an example is "CustomScriptExtension". string (required)
typeHandlerVersion Specifies the version of the script handler. string (required)