Microsoft.ServiceFabric managedClusters 2023-09-01-preview

Bicep resource definition

The managedClusters resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ServiceFabric/managedClusters resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.ServiceFabric/managedClusters@2023-09-01-preview' = {
  location: 'string'
  name: 'string'
  properties: {
    addonFeatures: [
      'string'
    ]
    adminPassword: 'string'
    adminUserName: 'string'
    allowRdpAccess: bool
    applicationTypeVersionsCleanupPolicy: {
      maxUnusedVersionsToKeep: int
    }
    auxiliarySubnets: [
      {
        enableIpv6: bool
        name: 'string'
        networkSecurityGroupId: 'string'
        privateEndpointNetworkPolicies: 'string'
        privateLinkServiceNetworkPolicies: 'string'
      }
    ]
    azureActiveDirectory: {
      clientApplication: 'string'
      clusterApplication: 'string'
      tenantId: 'string'
    }
    clientConnectionPort: int
    clients: [
      {
        commonName: 'string'
        isAdmin: bool
        issuerThumbprint: 'string'
        thumbprint: 'string'
      }
    ]
    clusterCodeVersion: 'string'
    clusterUpgradeCadence: 'string'
    clusterUpgradeMode: 'string'
    ddosProtectionPlanId: 'string'
    dnsName: 'string'
    enableAutoOSUpgrade: bool
    enableIpv6: bool
    enableServicePublicIP: bool
    fabricSettings: [
      {
        name: 'string'
        parameters: [
          {
            name: 'string'
            value: 'string'
          }
        ]
      }
    ]
    httpGatewayConnectionPort: int
    ipTags: [
      {
        ipTagType: 'string'
        tag: 'string'
      }
    ]
    loadBalancingRules: [
      {
        backendPort: int
        frontendPort: int
        loadDistribution: 'string'
        probePort: int
        probeProtocol: 'string'
        probeRequestPath: 'string'
        protocol: 'string'
      }
    ]
    networkSecurityRules: [
      {
        access: 'string'
        description: 'string'
        destinationAddressPrefix: 'string'
        destinationAddressPrefixes: [
          'string'
        ]
        destinationPortRange: 'string'
        destinationPortRanges: [
          'string'
        ]
        direction: 'string'
        name: 'string'
        priority: int
        protocol: 'string'
        sourceAddressPrefix: 'string'
        sourceAddressPrefixes: [
          'string'
        ]
        sourcePortRange: 'string'
        sourcePortRanges: [
          'string'
        ]
      }
    ]
    publicIPPrefixId: 'string'
    serviceEndpoints: [
      {
        locations: [
          'string'
        ]
        service: 'string'
      }
    ]
    subnetId: 'string'
    useCustomVnet: bool
    zonalResiliency: bool
    zonalUpdateMode: 'string'
  }
  sku: {
    name: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

ApplicationTypeVersionsCleanupPolicy

Name Description Value
maxUnusedVersionsToKeep Number of unused versions per application type to keep. int

Constraints:
Min value = 0 (required)

AzureActiveDirectory

Name Description Value
clientApplication Azure active directory client application id. string
clusterApplication Azure active directory cluster application id. string
tenantId Azure active directory tenant id. string

ClientCertificate

Name Description Value
commonName Certificate common name. string
isAdmin Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. bool (required)
issuerThumbprint Issuer thumbprint for the certificate. Only used together with CommonName. string
thumbprint Certificate thumbprint. string

IPTag

Name Description Value
ipTagType The IP tag type. string (required)
tag The value of the IP tag. string (required)

LoadBalancingRule

Name Description Value
backendPort The port used for internal connections on the endpoint. Acceptable values are between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65534 (required)
frontendPort The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values are between 1 and 65534. int

Constraints:
Min value = 1
Max value = 65534 (required)
loadDistribution The load distribution policy for this rule. string
probePort The prob port used by the load balancing rule. Acceptable values are between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65534
probeProtocol the reference to the load balancer probe used by the load balancing rule. 'http'
'https'
'tcp' (required)
probeRequestPath The probe request path. Only supported for HTTP/HTTPS probes. string
protocol The reference to the transport protocol used by the load balancing rule. 'tcp'
'udp' (required)

ManagedClusterProperties

Name Description Value
addonFeatures List of add-on features to enable on the cluster. String array containing any of:
'BackupRestoreService'
'DnsService'
'ResourceMonitorService'
adminPassword VM admin user password. string

Constraints:
Sensitive value. Pass in as a secure parameter.
adminUserName VM admin user name. string (required)
allowRdpAccess Setting this to true enables RDP access to the VM. The default NSG rule opens RDP port to Internet which can be overridden with custom Network Security Rules. The default value for this setting is false. bool
applicationTypeVersionsCleanupPolicy The policy used to clean up unused versions. ApplicationTypeVersionsCleanupPolicy
auxiliarySubnets Auxiliary subnets for the cluster. Subnet[]
azureActiveDirectory The AAD authentication settings of the cluster. AzureActiveDirectory
clientConnectionPort The port used for client connections to the cluster. int
clients Client certificates that are allowed to manage the cluster. ClientCertificate[]
clusterCodeVersion The Service Fabric runtime version of the cluster. This property is required when clusterUpgradeMode is set to 'Manual'. To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. string
clusterUpgradeCadence Indicates when new cluster runtime version upgrades will be applied after they are released. By default is Wave0. Only applies when clusterUpgradeMode is set to 'Automatic'. 'Wave0'
'Wave1'
'Wave2'
clusterUpgradeMode The upgrade mode of the cluster when new Service Fabric runtime version is available. 'Automatic'
'Manual'
ddosProtectionPlanId Specify the resource id of a DDoS network protection plan that will be associated with the virtual network of the cluster. string
dnsName The cluster dns name. string (required)
enableAutoOSUpgrade Setting this to true enables automatic OS upgrade for the node types that are created using any platform OS image with version 'latest'. The default value for this setting is false. bool
enableIpv6 Setting this to true creates IPv6 address space for the default VNet used by the cluster. This setting cannot be changed once the cluster is created. The default value for this setting is false. bool
enableServicePublicIP Setting this to true will link the IPv4 address as the ServicePublicIP of the IPv6 address. It can only be set to True if IPv6 is enabled on the cluster. bool
fabricSettings The list of custom fabric settings to configure the cluster. SettingsSectionDescription[]
httpGatewayConnectionPort The port used for HTTP connections to the cluster. int
ipTags The list of IP tags associated with the default public IP address of the cluster. IPTag[]
loadBalancingRules Load balancing rules that are applied to the public load balancer of the cluster. LoadBalancingRule[]
networkSecurityRules Custom Network Security Rules that are applied to the Virtual Network of the cluster. NetworkSecurityRule[]
publicIPPrefixId Specify the resource id of a public IP prefix that the load balancer will allocate a public IP address from. Only supports IPv4. string
serviceEndpoints Service endpoints for subnets in the cluster. ServiceEndpoint[]
subnetId If specified, the node types for the cluster are created in this subnet instead of the default VNet. The networkSecurityRules specified for the cluster are also applied to this subnet. This setting cannot be changed once the cluster is created. string
useCustomVnet For new clusters, this parameter indicates that it uses Bring your own VNet, but the subnet is specified at node type level; and for such clusters, the subnetId property is required for node types. bool
zonalResiliency Indicates if the cluster has zone resiliency. bool
zonalUpdateMode Indicates the update mode for Cross Az clusters. 'Fast'
'Standard'

Microsoft.ServiceFabric/managedClusters

Name Description Value
location Azure resource location. string (required)
name The resource name string (required)
properties The managed cluster resource properties ManagedClusterProperties
sku The sku of the managed cluster Sku (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates

NetworkSecurityRule

Name Description Value
access The network traffic is allowed or denied. 'allow'
'deny' (required)
description Network security rule description. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationPortRange he destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction Network security rule direction. 'inbound'
'outbound' (required)
name Network security rule name. string (required)
priority The priority of the rule. The value can be in the range 1000 to 3000. Values outside this range are reserved for Service Fabric ManagerCluster Resource Provider. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int

Constraints:
Min value = 1000
Max value = 3000 (required)
protocol Network protocol this rule applies to. 'ah'
'esp'
'http'
'https'
'icmp'
'tcp'
'udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]

ResourceTags

Name Description Value

ServiceEndpoint

Name Description Value
locations A list of locations. string[]
service The type of the endpoint service. string (required)

SettingsParameterDescription

Name Description Value
name The parameter name of fabric setting. string (required)
value The parameter value of fabric setting. string (required)

SettingsSectionDescription

Name Description Value
name The section name of the fabric settings. string (required)
parameters The collection of parameters in the section. SettingsParameterDescription[] (required)

Sku

Name Description Value
name Sku Name. 'Basic'
'Standard' (required)

Subnet

Name Description Value
enableIpv6 Indicates wether to enable Ipv6 or not. If not provided, it will take the same configuration as the cluster. bool
name Subnet name. string (required)
networkSecurityGroupId Full resource id for the network security group. string
privateEndpointNetworkPolicies Enable or Disable apply network policies on private end point in the subnet. 'disabled'
'enabled'
privateLinkServiceNetworkPolicies Enable or Disable apply network policies on private link service in the subnet. 'disabled'
'enabled'

ARM template resource definition

The managedClusters resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ServiceFabric/managedClusters resource, add the following JSON to your template.

{
  "type": "Microsoft.ServiceFabric/managedClusters",
  "apiVersion": "2023-09-01-preview",
  "name": "string",
  "location": "string",
  "properties": {
    "addonFeatures": [ "string" ],
    "adminPassword": "string",
    "adminUserName": "string",
    "allowRdpAccess": "bool",
    "applicationTypeVersionsCleanupPolicy": {
      "maxUnusedVersionsToKeep": "int"
    },
    "auxiliarySubnets": [
      {
        "enableIpv6": "bool",
        "name": "string",
        "networkSecurityGroupId": "string",
        "privateEndpointNetworkPolicies": "string",
        "privateLinkServiceNetworkPolicies": "string"
      }
    ],
    "azureActiveDirectory": {
      "clientApplication": "string",
      "clusterApplication": "string",
      "tenantId": "string"
    },
    "clientConnectionPort": "int",
    "clients": [
      {
        "commonName": "string",
        "isAdmin": "bool",
        "issuerThumbprint": "string",
        "thumbprint": "string"
      }
    ],
    "clusterCodeVersion": "string",
    "clusterUpgradeCadence": "string",
    "clusterUpgradeMode": "string",
    "ddosProtectionPlanId": "string",
    "dnsName": "string",
    "enableAutoOSUpgrade": "bool",
    "enableIpv6": "bool",
    "enableServicePublicIP": "bool",
    "fabricSettings": [
      {
        "name": "string",
        "parameters": [
          {
            "name": "string",
            "value": "string"
          }
        ]
      }
    ],
    "httpGatewayConnectionPort": "int",
    "ipTags": [
      {
        "ipTagType": "string",
        "tag": "string"
      }
    ],
    "loadBalancingRules": [
      {
        "backendPort": "int",
        "frontendPort": "int",
        "loadDistribution": "string",
        "probePort": "int",
        "probeProtocol": "string",
        "probeRequestPath": "string",
        "protocol": "string"
      }
    ],
    "networkSecurityRules": [
      {
        "access": "string",
        "description": "string",
        "destinationAddressPrefix": "string",
        "destinationAddressPrefixes": [ "string" ],
        "destinationPortRange": "string",
        "destinationPortRanges": [ "string" ],
        "direction": "string",
        "name": "string",
        "priority": "int",
        "protocol": "string",
        "sourceAddressPrefix": "string",
        "sourceAddressPrefixes": [ "string" ],
        "sourcePortRange": "string",
        "sourcePortRanges": [ "string" ]
      }
    ],
    "publicIPPrefixId": "string",
    "serviceEndpoints": [
      {
        "locations": [ "string" ],
        "service": "string"
      }
    ],
    "subnetId": "string",
    "useCustomVnet": "bool",
    "zonalResiliency": "bool",
    "zonalUpdateMode": "string"
  },
  "sku": {
    "name": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

ApplicationTypeVersionsCleanupPolicy

Name Description Value
maxUnusedVersionsToKeep Number of unused versions per application type to keep. int

Constraints:
Min value = 0 (required)

AzureActiveDirectory

Name Description Value
clientApplication Azure active directory client application id. string
clusterApplication Azure active directory cluster application id. string
tenantId Azure active directory tenant id. string

ClientCertificate

Name Description Value
commonName Certificate common name. string
isAdmin Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. bool (required)
issuerThumbprint Issuer thumbprint for the certificate. Only used together with CommonName. string
thumbprint Certificate thumbprint. string

IPTag

Name Description Value
ipTagType The IP tag type. string (required)
tag The value of the IP tag. string (required)

LoadBalancingRule

Name Description Value
backendPort The port used for internal connections on the endpoint. Acceptable values are between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65534 (required)
frontendPort The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values are between 1 and 65534. int

Constraints:
Min value = 1
Max value = 65534 (required)
loadDistribution The load distribution policy for this rule. string
probePort The prob port used by the load balancing rule. Acceptable values are between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65534
probeProtocol the reference to the load balancer probe used by the load balancing rule. 'http'
'https'
'tcp' (required)
probeRequestPath The probe request path. Only supported for HTTP/HTTPS probes. string
protocol The reference to the transport protocol used by the load balancing rule. 'tcp'
'udp' (required)

ManagedClusterProperties

Name Description Value
addonFeatures List of add-on features to enable on the cluster. String array containing any of:
'BackupRestoreService'
'DnsService'
'ResourceMonitorService'
adminPassword VM admin user password. string

Constraints:
Sensitive value. Pass in as a secure parameter.
adminUserName VM admin user name. string (required)
allowRdpAccess Setting this to true enables RDP access to the VM. The default NSG rule opens RDP port to Internet which can be overridden with custom Network Security Rules. The default value for this setting is false. bool
applicationTypeVersionsCleanupPolicy The policy used to clean up unused versions. ApplicationTypeVersionsCleanupPolicy
auxiliarySubnets Auxiliary subnets for the cluster. Subnet[]
azureActiveDirectory The AAD authentication settings of the cluster. AzureActiveDirectory
clientConnectionPort The port used for client connections to the cluster. int
clients Client certificates that are allowed to manage the cluster. ClientCertificate[]
clusterCodeVersion The Service Fabric runtime version of the cluster. This property is required when clusterUpgradeMode is set to 'Manual'. To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. string
clusterUpgradeCadence Indicates when new cluster runtime version upgrades will be applied after they are released. By default is Wave0. Only applies when clusterUpgradeMode is set to 'Automatic'. 'Wave0'
'Wave1'
'Wave2'
clusterUpgradeMode The upgrade mode of the cluster when new Service Fabric runtime version is available. 'Automatic'
'Manual'
ddosProtectionPlanId Specify the resource id of a DDoS network protection plan that will be associated with the virtual network of the cluster. string
dnsName The cluster dns name. string (required)
enableAutoOSUpgrade Setting this to true enables automatic OS upgrade for the node types that are created using any platform OS image with version 'latest'. The default value for this setting is false. bool
enableIpv6 Setting this to true creates IPv6 address space for the default VNet used by the cluster. This setting cannot be changed once the cluster is created. The default value for this setting is false. bool
enableServicePublicIP Setting this to true will link the IPv4 address as the ServicePublicIP of the IPv6 address. It can only be set to True if IPv6 is enabled on the cluster. bool
fabricSettings The list of custom fabric settings to configure the cluster. SettingsSectionDescription[]
httpGatewayConnectionPort The port used for HTTP connections to the cluster. int
ipTags The list of IP tags associated with the default public IP address of the cluster. IPTag[]
loadBalancingRules Load balancing rules that are applied to the public load balancer of the cluster. LoadBalancingRule[]
networkSecurityRules Custom Network Security Rules that are applied to the Virtual Network of the cluster. NetworkSecurityRule[]
publicIPPrefixId Specify the resource id of a public IP prefix that the load balancer will allocate a public IP address from. Only supports IPv4. string
serviceEndpoints Service endpoints for subnets in the cluster. ServiceEndpoint[]
subnetId If specified, the node types for the cluster are created in this subnet instead of the default VNet. The networkSecurityRules specified for the cluster are also applied to this subnet. This setting cannot be changed once the cluster is created. string
useCustomVnet For new clusters, this parameter indicates that it uses Bring your own VNet, but the subnet is specified at node type level; and for such clusters, the subnetId property is required for node types. bool
zonalResiliency Indicates if the cluster has zone resiliency. bool
zonalUpdateMode Indicates the update mode for Cross Az clusters. 'Fast'
'Standard'

Microsoft.ServiceFabric/managedClusters

Name Description Value
apiVersion The api version '2023-09-01-preview'
location Azure resource location. string (required)
name The resource name string (required)
properties The managed cluster resource properties ManagedClusterProperties
sku The sku of the managed cluster Sku (required)
tags Resource tags Dictionary of tag names and values. See Tags in templates
type The resource type 'Microsoft.ServiceFabric/managedClusters'

NetworkSecurityRule

Name Description Value
access The network traffic is allowed or denied. 'allow'
'deny' (required)
description Network security rule description. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationPortRange he destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction Network security rule direction. 'inbound'
'outbound' (required)
name Network security rule name. string (required)
priority The priority of the rule. The value can be in the range 1000 to 3000. Values outside this range are reserved for Service Fabric ManagerCluster Resource Provider. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int

Constraints:
Min value = 1000
Max value = 3000 (required)
protocol Network protocol this rule applies to. 'ah'
'esp'
'http'
'https'
'icmp'
'tcp'
'udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]

ResourceTags

Name Description Value

ServiceEndpoint

Name Description Value
locations A list of locations. string[]
service The type of the endpoint service. string (required)

SettingsParameterDescription

Name Description Value
name The parameter name of fabric setting. string (required)
value The parameter value of fabric setting. string (required)

SettingsSectionDescription

Name Description Value
name The section name of the fabric settings. string (required)
parameters The collection of parameters in the section. SettingsParameterDescription[] (required)

Sku

Name Description Value
name Sku Name. 'Basic'
'Standard' (required)

Subnet

Name Description Value
enableIpv6 Indicates wether to enable Ipv6 or not. If not provided, it will take the same configuration as the cluster. bool
name Subnet name. string (required)
networkSecurityGroupId Full resource id for the network security group. string
privateEndpointNetworkPolicies Enable or Disable apply network policies on private end point in the subnet. 'disabled'
'enabled'
privateLinkServiceNetworkPolicies Enable or Disable apply network policies on private link service in the subnet. 'disabled'
'enabled'

Terraform (AzAPI provider) resource definition

The managedClusters resource type can be deployed with operations that target:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.ServiceFabric/managedClusters resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.ServiceFabric/managedClusters@2023-09-01-preview"
  name = "string"
  location = "string"
  body = jsonencode({
    properties = {
      addonFeatures = [
        "string"
      ]
      adminPassword = "string"
      adminUserName = "string"
      allowRdpAccess = bool
      applicationTypeVersionsCleanupPolicy = {
        maxUnusedVersionsToKeep = int
      }
      auxiliarySubnets = [
        {
          enableIpv6 = bool
          name = "string"
          networkSecurityGroupId = "string"
          privateEndpointNetworkPolicies = "string"
          privateLinkServiceNetworkPolicies = "string"
        }
      ]
      azureActiveDirectory = {
        clientApplication = "string"
        clusterApplication = "string"
        tenantId = "string"
      }
      clientConnectionPort = int
      clients = [
        {
          commonName = "string"
          isAdmin = bool
          issuerThumbprint = "string"
          thumbprint = "string"
        }
      ]
      clusterCodeVersion = "string"
      clusterUpgradeCadence = "string"
      clusterUpgradeMode = "string"
      ddosProtectionPlanId = "string"
      dnsName = "string"
      enableAutoOSUpgrade = bool
      enableIpv6 = bool
      enableServicePublicIP = bool
      fabricSettings = [
        {
          name = "string"
          parameters = [
            {
              name = "string"
              value = "string"
            }
          ]
        }
      ]
      httpGatewayConnectionPort = int
      ipTags = [
        {
          ipTagType = "string"
          tag = "string"
        }
      ]
      loadBalancingRules = [
        {
          backendPort = int
          frontendPort = int
          loadDistribution = "string"
          probePort = int
          probeProtocol = "string"
          probeRequestPath = "string"
          protocol = "string"
        }
      ]
      networkSecurityRules = [
        {
          access = "string"
          description = "string"
          destinationAddressPrefix = "string"
          destinationAddressPrefixes = [
            "string"
          ]
          destinationPortRange = "string"
          destinationPortRanges = [
            "string"
          ]
          direction = "string"
          name = "string"
          priority = int
          protocol = "string"
          sourceAddressPrefix = "string"
          sourceAddressPrefixes = [
            "string"
          ]
          sourcePortRange = "string"
          sourcePortRanges = [
            "string"
          ]
        }
      ]
      publicIPPrefixId = "string"
      serviceEndpoints = [
        {
          locations = [
            "string"
          ]
          service = "string"
        }
      ]
      subnetId = "string"
      useCustomVnet = bool
      zonalResiliency = bool
      zonalUpdateMode = "string"
    }
  })
  sku = {
    name = "string"
  }
  tags = {
    {customized property} = "string"
  }
}

Property values

ApplicationTypeVersionsCleanupPolicy

Name Description Value
maxUnusedVersionsToKeep Number of unused versions per application type to keep. int

Constraints:
Min value = 0 (required)

AzureActiveDirectory

Name Description Value
clientApplication Azure active directory client application id. string
clusterApplication Azure active directory cluster application id. string
tenantId Azure active directory tenant id. string

ClientCertificate

Name Description Value
commonName Certificate common name. string
isAdmin Indicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster. bool (required)
issuerThumbprint Issuer thumbprint for the certificate. Only used together with CommonName. string
thumbprint Certificate thumbprint. string

IPTag

Name Description Value
ipTagType The IP tag type. string (required)
tag The value of the IP tag. string (required)

LoadBalancingRule

Name Description Value
backendPort The port used for internal connections on the endpoint. Acceptable values are between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65534 (required)
frontendPort The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. Acceptable values are between 1 and 65534. int

Constraints:
Min value = 1
Max value = 65534 (required)
loadDistribution The load distribution policy for this rule. string
probePort The prob port used by the load balancing rule. Acceptable values are between 1 and 65535. int

Constraints:
Min value = 1
Max value = 65534
probeProtocol the reference to the load balancer probe used by the load balancing rule. 'http'
'https'
'tcp' (required)
probeRequestPath The probe request path. Only supported for HTTP/HTTPS probes. string
protocol The reference to the transport protocol used by the load balancing rule. 'tcp'
'udp' (required)

ManagedClusterProperties

Name Description Value
addonFeatures List of add-on features to enable on the cluster. String array containing any of:
'BackupRestoreService'
'DnsService'
'ResourceMonitorService'
adminPassword VM admin user password. string

Constraints:
Sensitive value. Pass in as a secure parameter.
adminUserName VM admin user name. string (required)
allowRdpAccess Setting this to true enables RDP access to the VM. The default NSG rule opens RDP port to Internet which can be overridden with custom Network Security Rules. The default value for this setting is false. bool
applicationTypeVersionsCleanupPolicy The policy used to clean up unused versions. ApplicationTypeVersionsCleanupPolicy
auxiliarySubnets Auxiliary subnets for the cluster. Subnet[]
azureActiveDirectory The AAD authentication settings of the cluster. AzureActiveDirectory
clientConnectionPort The port used for client connections to the cluster. int
clients Client certificates that are allowed to manage the cluster. ClientCertificate[]
clusterCodeVersion The Service Fabric runtime version of the cluster. This property is required when clusterUpgradeMode is set to 'Manual'. To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. string
clusterUpgradeCadence Indicates when new cluster runtime version upgrades will be applied after they are released. By default is Wave0. Only applies when clusterUpgradeMode is set to 'Automatic'. 'Wave0'
'Wave1'
'Wave2'
clusterUpgradeMode The upgrade mode of the cluster when new Service Fabric runtime version is available. 'Automatic'
'Manual'
ddosProtectionPlanId Specify the resource id of a DDoS network protection plan that will be associated with the virtual network of the cluster. string
dnsName The cluster dns name. string (required)
enableAutoOSUpgrade Setting this to true enables automatic OS upgrade for the node types that are created using any platform OS image with version 'latest'. The default value for this setting is false. bool
enableIpv6 Setting this to true creates IPv6 address space for the default VNet used by the cluster. This setting cannot be changed once the cluster is created. The default value for this setting is false. bool
enableServicePublicIP Setting this to true will link the IPv4 address as the ServicePublicIP of the IPv6 address. It can only be set to True if IPv6 is enabled on the cluster. bool
fabricSettings The list of custom fabric settings to configure the cluster. SettingsSectionDescription[]
httpGatewayConnectionPort The port used for HTTP connections to the cluster. int
ipTags The list of IP tags associated with the default public IP address of the cluster. IPTag[]
loadBalancingRules Load balancing rules that are applied to the public load balancer of the cluster. LoadBalancingRule[]
networkSecurityRules Custom Network Security Rules that are applied to the Virtual Network of the cluster. NetworkSecurityRule[]
publicIPPrefixId Specify the resource id of a public IP prefix that the load balancer will allocate a public IP address from. Only supports IPv4. string
serviceEndpoints Service endpoints for subnets in the cluster. ServiceEndpoint[]
subnetId If specified, the node types for the cluster are created in this subnet instead of the default VNet. The networkSecurityRules specified for the cluster are also applied to this subnet. This setting cannot be changed once the cluster is created. string
useCustomVnet For new clusters, this parameter indicates that it uses Bring your own VNet, but the subnet is specified at node type level; and for such clusters, the subnetId property is required for node types. bool
zonalResiliency Indicates if the cluster has zone resiliency. bool
zonalUpdateMode Indicates the update mode for Cross Az clusters. 'Fast'
'Standard'

Microsoft.ServiceFabric/managedClusters

Name Description Value
location Azure resource location. string (required)
name The resource name string (required)
properties The managed cluster resource properties ManagedClusterProperties
sku The sku of the managed cluster Sku (required)
tags Resource tags Dictionary of tag names and values.
type The resource type "Microsoft.ServiceFabric/managedClusters@2023-09-01-preview"

NetworkSecurityRule

Name Description Value
access The network traffic is allowed or denied. 'allow'
'deny' (required)
description Network security rule description. string
destinationAddressPrefix The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. string
destinationAddressPrefixes The destination address prefixes. CIDR or destination IP ranges. string[]
destinationPortRange he destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
destinationPortRanges The destination port ranges. string[]
direction Network security rule direction. 'inbound'
'outbound' (required)
name Network security rule name. string (required)
priority The priority of the rule. The value can be in the range 1000 to 3000. Values outside this range are reserved for Service Fabric ManagerCluster Resource Provider. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. int

Constraints:
Min value = 1000
Max value = 3000 (required)
protocol Network protocol this rule applies to. 'ah'
'esp'
'http'
'https'
'icmp'
'tcp'
'udp' (required)
sourceAddressPrefix The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from. string
sourceAddressPrefixes The CIDR or source IP ranges. string[]
sourcePortRange The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports. string
sourcePortRanges The source port ranges. string[]

ResourceTags

Name Description Value

ServiceEndpoint

Name Description Value
locations A list of locations. string[]
service The type of the endpoint service. string (required)

SettingsParameterDescription

Name Description Value
name The parameter name of fabric setting. string (required)
value The parameter value of fabric setting. string (required)

SettingsSectionDescription

Name Description Value
name The section name of the fabric settings. string (required)
parameters The collection of parameters in the section. SettingsParameterDescription[] (required)

Sku

Name Description Value
name Sku Name. 'Basic'
'Standard' (required)

Subnet

Name Description Value
enableIpv6 Indicates wether to enable Ipv6 or not. If not provided, it will take the same configuration as the cluster. bool
name Subnet name. string (required)
networkSecurityGroupId Full resource id for the network security group. string
privateEndpointNetworkPolicies Enable or Disable apply network policies on private end point in the subnet. 'disabled'
'enabled'
privateLinkServiceNetworkPolicies Enable or Disable apply network policies on private link service in the subnet. 'disabled'
'enabled'