Azure Service Fabric Cluster
This page shows how to write Terraform and Azure Resource Manager for Service Fabric Cluster and write them securely.
azurerm_service_fabric_cluster (Terraform)
The Cluster in Service Fabric can be configured in Terraform with the resource name azurerm_service_fabric_cluster
. The following sections describe 3 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_service_fabric_cluster" "positive2" {
name = "example-servicefabric"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
reliability_level = "Bronze"
upgrade_mode = "Manual"
resource "azurerm_service_fabric_cluster" "positive1" {
name = "example-servicefabric"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
reliability_level = "Bronze"
upgrade_mode = "Manual"
resource "azurerm_service_fabric_cluster" "negative" {
name = "example-servicefabric"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
reliability_level = "Bronze"
upgrade_mode = "Manual"
Parameters
-
add_on_features
optional - set of string -
cluster_code_version
optional computed - string -
cluster_endpoint
optional computed - string -
id
optional computed - string -
location
required - string -
management_endpoint
required - string -
name
required - string -
reliability_level
required - string -
resource_group_name
required - string -
tags
optional - map from string to string -
upgrade_mode
required - string -
vm_image
required - string -
azure_active_directory
list block-
client_application_id
required - string -
cluster_application_id
required - string -
tenant_id
required - string
-
-
certificate
list block-
thumbprint
required - string -
thumbprint_secondary
optional - string -
x509_store_name
required - string
-
-
certificate_common_names
list block-
x509_store_name
required - string -
common_names
set block-
certificate_common_name
required - string -
certificate_issuer_thumbprint
optional - string
-
-
-
client_certificate_common_name
list block-
common_name
required - string -
is_admin
required - bool -
issuer_thumbprint
optional - string
-
-
client_certificate_thumbprint
list block-
is_admin
required - bool -
thumbprint
required - string
-
-
diagnostics_config
list block-
blob_endpoint
required - string -
protected_account_key_name
required - string -
queue_endpoint
required - string -
storage_account_name
required - string -
table_endpoint
required - string
-
-
fabric_settings
list block-
name
required - string -
parameters
optional - map from string to string
-
-
node_type
list block-
capacities
optional - map from string to string -
client_endpoint_port
required - number -
durability_level
optional - string -
http_endpoint_port
required - number -
instance_count
required - number -
is_primary
required - bool -
name
required - string -
placement_properties
optional - map from string to string -
reverse_proxy_endpoint_port
optional - number -
application_ports
list block-
end_port
required - number -
start_port
required - number
-
-
ephemeral_ports
list block-
end_port
required - number -
start_port
required - number
-
-
-
reverse_proxy_certificate
list block-
thumbprint
required - string -
thumbprint_secondary
optional - string -
x509_store_name
required - string
-
-
reverse_proxy_certificate_common_names
list block-
x509_store_name
required - string -
common_names
set block-
certificate_common_name
required - string -
certificate_issuer_thumbprint
optional - string
-
-
-
timeouts
single block -
upgrade_policy
list block-
force_restart_enabled
optional - bool -
health_check_retry_timeout
optional - string -
health_check_stable_duration
optional - string -
health_check_wait_duration
optional - string -
upgrade_domain_timeout
optional - string -
upgrade_replica_set_check_timeout
optional - string -
upgrade_timeout
optional - string -
delta_health_policy
list block-
max_delta_unhealthy_applications_percent
optional - number -
max_delta_unhealthy_nodes_percent
optional - number -
max_upgrade_domain_delta_unhealthy_nodes_percent
optional - number
-
-
health_policy
list block-
max_unhealthy_applications_percent
optional - number -
max_unhealthy_nodes_percent
optional - number
-
-
Explanation in Terraform Registry
Manages a Service Fabric Cluster.
Microsoft.ServiceFabric/clusters (Azure Resource Manager)
The clusters in Microsoft.ServiceFabric can be configured in Azure Resource Manager with the resource name Microsoft.ServiceFabric/clusters
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
An example could not be found in GitHub.
Parameters
apiVersion
required - stringlocation
required - stringAzure resource location.
name
required - stringThe name of the cluster resource.
properties
requiredaddOnFeatures
optional - arrayThe list of add-on features to enable in the cluster.
applicationTypeVersionsCleanupPolicy
optionalmaxUnusedVersionsToKeep
required - integerNumber of unused versions per application type to keep.
azureActiveDirectory
optionalclientApplication
optional - stringAzure active directory client application id.
clusterApplication
optional - stringAzure active directory cluster application id.
tenantId
optional - stringAzure active directory tenant id.
certificate
optionalthumbprint
required - stringThumbprint of the primary certificate.
thumbprintSecondary
optional - stringThumbprint of the secondary certificate.
x509StoreName
optional - string
certificateCommonNames
optionalcommonNames
optional arraycertificateCommonName
required - stringThe common name of the server certificate.
certificateIssuerThumbprint
required - stringThe issuer thumbprint of the server certificate.
x509StoreName
optional - string
clientCertificateCommonNames
optional arraycertificateCommonName
required - stringThe common name of the client certificate.
certificateIssuerThumbprint
required - stringThe issuer thumbprint of the client certificate.
isAdmin
required - booleanIndicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster.
clientCertificateThumbprints
optional arraycertificateThumbprint
required - stringThe thumbprint of the client certificate.
isAdmin
required - booleanIndicates if the client certificate has admin access to the cluster. Non admin clients can perform only read only operations on the cluster.
clusterCodeVersion
optional - stringThe Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to 'Manual'. To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions.
diagnosticsStorageAccountConfig
optionalblobEndpoint
required - stringThe blob endpoint of the azure storage account.
protectedAccountKeyName
required - stringThe protected diagnostics storage key name.
protectedAccountKeyName2
optional - stringThe protected diagnostics storage key name.
queueEndpoint
required - stringThe queue endpoint of the azure storage account.
storageAccountName
required - stringThe Azure storage account name.
tableEndpoint
required - stringThe table endpoint of the azure storage account.
eventStoreServiceEnabled
optional - booleanIndicates if the event store service is enabled.
fabricSettings
optional arrayname
required - stringThe section name of the fabric settings.
parameters
required arrayname
required - stringThe parameter name of fabric setting.
value
required - stringThe parameter value of fabric setting.
infrastructureServiceManager
optional - booleanIndicates if infrastructure service manager is enabled.
managementEndpoint
required - stringThe http management endpoint of the cluster.
nodeTypes
required arrayapplicationPorts
optionalendPort
required - integerEnd port of a range of ports
startPort
required - integerStarting port of a range of ports
capacities
optional - stringThe capacity tags applied to the nodes in the node type, the cluster resource manager uses these tags to understand how much resource a node has.
clientConnectionEndpointPort
required - integerThe TCP cluster management endpoint port.
durabilityLevel
optional - stringephemeralPorts
optionalendPort
required - integerEnd port of a range of ports
startPort
required - integerStarting port of a range of ports
httpGatewayEndpointPort
required - integerThe HTTP cluster management endpoint port.
isPrimary
required - booleanThe node type on which system services will run. Only one node type should be marked as primary. Primary node type cannot be deleted or changed for existing clusters.
isStateless
optional - booleanIndicates if the node type can only host Stateless workloads.
multipleAvailabilityZones
optional - booleanIndicates if the node type is enabled to support multiple zones.
name
required - stringThe name of the node type.
placementProperties
optional - stringThe placement tags applied to nodes in the node type, which can be used to indicate where certain services (workload) should run.
reverseProxyEndpointPort
optional - integerThe endpoint used by reverse proxy.
vmInstanceCount
required - integerVMInstanceCount should be 1 to n, where n indicates the number of VM instances corresponding to this nodeType. VMInstanceCount = 0 can be done only in these scenarios: NodeType is a secondary nodeType. Durability = Bronze or Durability >= Bronze and InfrastructureServiceManager = true. If VMInstanceCount = 0, implies the VMs for this nodeType will not be used for the initial cluster size computation.
notifications
optional arrayisEnabled
required - booleanIndicates if the notification is enabled.
notificationCategory
required - stringThe category of notification.
notificationLevel
required - stringThe level of notification.
notificationTargets
required arraynotificationChannel
required - stringThe notification channel indicates the type of receivers subscribed to the notification, either user or subscription.
receivers
required - arrayList of targets that subscribe to the notification.
reliabilityLevel
optional - stringreverseProxyCertificate
optionalthumbprint
required - stringThumbprint of the primary certificate.
thumbprintSecondary
optional - stringThumbprint of the secondary certificate.
x509StoreName
optional - string
reverseProxyCertificateCommonNames
optionalcommonNames
optional arraycertificateCommonName
required - stringThe common name of the server certificate.
certificateIssuerThumbprint
required - stringThe issuer thumbprint of the server certificate.
x509StoreName
optional - string
sfZonalUpgradeMode
optional - stringupgradeDescription
optionaldeltaHealthPolicy
optionalapplicationDeltaHealthPolicies
optional - undefinedDefines a map that contains specific application delta health policies for different applications. Each entry specifies as key the application name and as value an ApplicationDeltaHealthPolicy used to evaluate the application health when upgrading the cluster. The application name should include the 'fabric:' URI scheme. The map is empty by default.
maxPercentDeltaUnhealthyApplications
required - integerThe maximum allowed percentage of applications health degradation allowed during cluster upgrades. The delta is measured between the state of the applications at the beginning of upgrade and the state of the applications at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits. System services are not included in this.
maxPercentDeltaUnhealthyNodes
required - integerThe maximum allowed percentage of nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the nodes at the beginning of upgrade and the state of the nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion to make sure the global state of the cluster is within tolerated limits.
maxPercentUpgradeDomainDeltaUnhealthyNodes
required - integerThe maximum allowed percentage of upgrade domain nodes health degradation allowed during cluster upgrades. The delta is measured between the state of the upgrade domain nodes at the beginning of upgrade and the state of the upgrade domain nodes at the time of the health evaluation. The check is performed after every upgrade domain upgrade completion for all completed upgrade domains to make sure the state of the upgrade domains is within tolerated limits.
forceRestart
optional - booleanIf true, then processes are forcefully restarted during upgrade even when the code version has not changed (the upgrade only changes configuration or data).
healthCheckRetryTimeout
required - stringThe amount of time to retry health evaluation when the application or cluster is unhealthy before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format.
healthCheckStableDuration
required - stringThe amount of time that the application or cluster must remain healthy before the upgrade proceeds to the next upgrade domain. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format.
healthCheckWaitDuration
required - stringThe length of time to wait after completing an upgrade domain before performing health checks. The duration can be in either hh:mm:ss or in d.hh:mm:ss.ms format.
healthPolicy
requiredapplicationHealthPolicies
optional - undefinedDefines a map that contains specific application health policies for different applications. Each entry specifies as key the application name and as value an ApplicationHealthPolicy used to evaluate the application health. The application name should include the 'fabric:' URI scheme. The map is empty by default.
maxPercentUnhealthyApplications
optional - integerThe maximum allowed percentage of unhealthy applications before reporting an error. For example, to allow 10% of applications to be unhealthy, this value would be 10. The percentage represents the maximum tolerated percentage of applications that can be unhealthy before the cluster is considered in error. If the percentage is respected but there is at least one unhealthy application, the health is evaluated as Warning. This is calculated by dividing the number of unhealthy applications over the total number of application instances in the cluster, excluding applications of application types that are included in the ApplicationTypeHealthPolicyMap. The computation rounds up to tolerate one failure on small numbers of applications. Default percentage is zero.
maxPercentUnhealthyNodes
optional - integerThe maximum allowed percentage of unhealthy nodes before reporting an error. For example, to allow 10% of nodes to be unhealthy, this value would be 10. The percentage represents the maximum tolerated percentage of nodes that can be unhealthy before the cluster is considered in error. If the percentage is respected but there is at least one unhealthy node, the health is evaluated as Warning. The percentage is calculated by dividing the number of unhealthy nodes over the total number of nodes in the cluster. The computation rounds up to tolerate one failure on small numbers of nodes. Default percentage is zero. In large clusters, some nodes will always be down or out for repairs, so this percentage should be configured to tolerate that.
upgradeDomainTimeout
required - stringThe amount of time each upgrade domain has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format.
upgradeReplicaSetCheckTimeout
required - stringThe maximum amount of time to block processing of an upgrade domain and prevent loss of availability when there are unexpected issues. When this timeout expires, processing of the upgrade domain will proceed regardless of availability loss issues. The timeout is reset at the start of each upgrade domain. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format.
upgradeTimeout
required - stringThe amount of time the overall upgrade has to complete before the upgrade rolls back. The timeout can be in either hh:mm:ss or in d.hh:mm:ss.ms format.
upgradeMode
optional - stringupgradePauseEndTimestampUtc
optional - stringIndicates the end date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC).
upgradePauseStartTimestampUtc
optional - stringIndicates the start date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC).
upgradeWave
optional - stringIndicates when new cluster runtime version upgrades will be applied after they are released. By default is Wave0. Only applies when upgradeMode is set to 'Automatic'.
vmImage
optional - stringThe VM image VMSS has been configured with. Generic names such as Windows or Linux can be used.
vmssZonalUpgradeMode
optional - stringwaveUpgradePaused
optional - booleanBoolean to pause automatic runtime version upgrades to the cluster.
systemData
optionalcreatedAt
optional - stringThe timestamp of resource creation (UTC).
createdBy
optional - stringThe identity that created the resource.
createdByType
optional - stringThe type of identity that created the resource.
lastModifiedAt
optional - stringThe timestamp of resource last modification (UTC).
lastModifiedBy
optional - stringThe identity that last modified the resource.
lastModifiedByType
optional - stringThe type of identity that last modified the resource.
tags
optional - stringAzure resource tags.
type
required - string
Frequently asked questions
What is Azure Service Fabric Cluster?
Azure Service Fabric Cluster is a resource for Service Fabric of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Service Fabric Cluster?
For Terraform, the Checkmarx/kics, Checkmarx/kics and Checkmarx/kics source code examples are useful. See the Terraform Example section for further details.