The azure-native:servicefabric:NodeType resource, part of the Pulumi Azure Native provider, defines a node type within a Service Fabric managed cluster: the VM configuration, scaling behavior, networking, and storage that determines how nodes in that type are provisioned and managed. This guide focuses on four capabilities: basic node type creation with required properties, auto-scaling with placement constraints, stateless workloads with temporary disk storage, and advanced networking and security configuration.
Node types belong to a Service Fabric managed cluster and reference virtual networks, subnets, load balancers, managed identities, and Key Vault certificates. The examples are intentionally small. Combine them with your own cluster infrastructure and networking resources.
Create a basic node type with required properties
Most Service Fabric deployments start by defining a node type with the essential properties: VM image, instance count, disk size, and whether it hosts system services.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const nodeType = new azure_native.servicefabric.NodeType("nodeType", {
clusterName: "myCluster",
dataDiskSizeGB: 200,
isPrimary: false,
nodeTypeName: "BE",
resourceGroupName: "resRg",
vmImageOffer: "WindowsServer",
vmImagePublisher: "MicrosoftWindowsServer",
vmImageSku: "2016-Datacenter-Server-Core",
vmImageVersion: "latest",
vmInstanceCount: 10,
vmSize: "Standard_D3",
});
import pulumi
import pulumi_azure_native as azure_native
node_type = azure_native.servicefabric.NodeType("nodeType",
cluster_name="myCluster",
data_disk_size_gb=200,
is_primary=False,
node_type_name="BE",
resource_group_name="resRg",
vm_image_offer="WindowsServer",
vm_image_publisher="MicrosoftWindowsServer",
vm_image_sku="2016-Datacenter-Server-Core",
vm_image_version="latest",
vm_instance_count=10,
vm_size="Standard_D3")
package main
import (
servicefabric "github.com/pulumi/pulumi-azure-native-sdk/servicefabric/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := servicefabric.NewNodeType(ctx, "nodeType", &servicefabric.NodeTypeArgs{
ClusterName: pulumi.String("myCluster"),
DataDiskSizeGB: pulumi.Int(200),
IsPrimary: pulumi.Bool(false),
NodeTypeName: pulumi.String("BE"),
ResourceGroupName: pulumi.String("resRg"),
VmImageOffer: pulumi.String("WindowsServer"),
VmImagePublisher: pulumi.String("MicrosoftWindowsServer"),
VmImageSku: pulumi.String("2016-Datacenter-Server-Core"),
VmImageVersion: pulumi.String("latest"),
VmInstanceCount: pulumi.Int(10),
VmSize: pulumi.String("Standard_D3"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var nodeType = new AzureNative.ServiceFabric.NodeType("nodeType", new()
{
ClusterName = "myCluster",
DataDiskSizeGB = 200,
IsPrimary = false,
NodeTypeName = "BE",
ResourceGroupName = "resRg",
VmImageOffer = "WindowsServer",
VmImagePublisher = "MicrosoftWindowsServer",
VmImageSku = "2016-Datacenter-Server-Core",
VmImageVersion = "latest",
VmInstanceCount = 10,
VmSize = "Standard_D3",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.servicefabric.NodeType;
import com.pulumi.azurenative.servicefabric.NodeTypeArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var nodeType = new NodeType("nodeType", NodeTypeArgs.builder()
.clusterName("myCluster")
.dataDiskSizeGB(200)
.isPrimary(false)
.nodeTypeName("BE")
.resourceGroupName("resRg")
.vmImageOffer("WindowsServer")
.vmImagePublisher("MicrosoftWindowsServer")
.vmImageSku("2016-Datacenter-Server-Core")
.vmImageVersion("latest")
.vmInstanceCount(10)
.vmSize("Standard_D3")
.build());
}
}
resources:
nodeType:
type: azure-native:servicefabric:NodeType
properties:
clusterName: myCluster
dataDiskSizeGB: 200
isPrimary: false
nodeTypeName: BE
resourceGroupName: resRg
vmImageOffer: WindowsServer
vmImagePublisher: MicrosoftWindowsServer
vmImageSku: 2016-Datacenter-Server-Core
vmImageVersion: latest
vmInstanceCount: 10
vmSize: Standard_D3
The vmImagePublisher, vmImageOffer, vmImageSku, and vmImageVersion properties specify the Windows Server marketplace image. The vmInstanceCount sets a fixed number of nodes (10), while vmSize determines the VM SKU. The dataDiskSizeGB allocates a 200 GB managed disk for Service Fabric data. Setting isPrimary to false indicates this node type won’t host system services.
Configure auto-scaling with placement properties and managed identity
Applications often need to scale dynamically based on demand while maintaining specific placement constraints for workload distribution.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const nodeType = new azure_native.servicefabric.NodeType("nodeType", {
capacities: {
ClientConnections: "65536",
},
clusterName: "myCluster",
dataDiskSizeGB: 200,
dataDiskType: azure_native.servicefabric.DiskType.Premium_LRS,
isPrimary: false,
isStateless: true,
multiplePlacementGroups: true,
nodeTypeName: "BE",
placementProperties: {
HasSSD: "true",
NodeColor: "green",
SomeProperty: "5",
},
resourceGroupName: "resRg",
vmExtensions: [{
autoUpgradeMinorVersion: true,
name: "Microsoft.Azure.Geneva.GenevaMonitoring",
publisher: "Microsoft.Azure.Geneva",
settings: {},
type: "GenevaMonitoring",
typeHandlerVersion: "2.0",
}],
vmImageOffer: "WindowsServer",
vmImagePublisher: "MicrosoftWindowsServer",
vmImageSku: "2016-Datacenter-Server-Core",
vmImageVersion: "latest",
vmInstanceCount: -1,
vmManagedIdentity: {
userAssignedIdentities: [
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity",
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity2",
],
},
vmSecrets: [{
sourceVault: {
id: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.KeyVault/vaults/myVault",
},
vaultCertificates: [{
certificateStore: "My",
certificateUrl: "https://myVault.vault.azure.net:443/secrets/myCert/ef1a31d39e1f46bca33def54b6cda54c",
}],
}],
vmSize: "Standard_DS3",
});
import pulumi
import pulumi_azure_native as azure_native
node_type = azure_native.servicefabric.NodeType("nodeType",
capacities={
"ClientConnections": "65536",
},
cluster_name="myCluster",
data_disk_size_gb=200,
data_disk_type=azure_native.servicefabric.DiskType.PREMIUM_LRS,
is_primary=False,
is_stateless=True,
multiple_placement_groups=True,
node_type_name="BE",
placement_properties={
"HasSSD": "true",
"NodeColor": "green",
"SomeProperty": "5",
},
resource_group_name="resRg",
vm_extensions=[{
"auto_upgrade_minor_version": True,
"name": "Microsoft.Azure.Geneva.GenevaMonitoring",
"publisher": "Microsoft.Azure.Geneva",
"settings": {},
"type": "GenevaMonitoring",
"type_handler_version": "2.0",
}],
vm_image_offer="WindowsServer",
vm_image_publisher="MicrosoftWindowsServer",
vm_image_sku="2016-Datacenter-Server-Core",
vm_image_version="latest",
vm_instance_count=-1,
vm_managed_identity={
"user_assigned_identities": [
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity",
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity2",
],
},
vm_secrets=[{
"source_vault": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.KeyVault/vaults/myVault",
},
"vault_certificates": [{
"certificate_store": "My",
"certificate_url": "https://myVault.vault.azure.net:443/secrets/myCert/ef1a31d39e1f46bca33def54b6cda54c",
}],
}],
vm_size="Standard_DS3")
package main
import (
servicefabric "github.com/pulumi/pulumi-azure-native-sdk/servicefabric/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := servicefabric.NewNodeType(ctx, "nodeType", &servicefabric.NodeTypeArgs{
Capacities: pulumi.StringMap{
"ClientConnections": pulumi.String("65536"),
},
ClusterName: pulumi.String("myCluster"),
DataDiskSizeGB: pulumi.Int(200),
DataDiskType: pulumi.String(servicefabric.DiskType_Premium_LRS),
IsPrimary: pulumi.Bool(false),
IsStateless: pulumi.Bool(true),
MultiplePlacementGroups: pulumi.Bool(true),
NodeTypeName: pulumi.String("BE"),
PlacementProperties: pulumi.StringMap{
"HasSSD": pulumi.String("true"),
"NodeColor": pulumi.String("green"),
"SomeProperty": pulumi.String("5"),
},
ResourceGroupName: pulumi.String("resRg"),
VmExtensions: servicefabric.VMSSExtensionArray{
&servicefabric.VMSSExtensionArgs{
AutoUpgradeMinorVersion: pulumi.Bool(true),
Name: pulumi.String("Microsoft.Azure.Geneva.GenevaMonitoring"),
Publisher: pulumi.String("Microsoft.Azure.Geneva"),
Settings: pulumi.Any(map[string]interface{}{}),
Type: pulumi.String("GenevaMonitoring"),
TypeHandlerVersion: pulumi.String("2.0"),
},
},
VmImageOffer: pulumi.String("WindowsServer"),
VmImagePublisher: pulumi.String("MicrosoftWindowsServer"),
VmImageSku: pulumi.String("2016-Datacenter-Server-Core"),
VmImageVersion: pulumi.String("latest"),
VmInstanceCount: pulumi.Int(-1),
VmManagedIdentity: &servicefabric.VmManagedIdentityArgs{
UserAssignedIdentities: pulumi.StringArray{
pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity"),
pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity2"),
},
},
VmSecrets: servicefabric.VaultSecretGroupArray{
&servicefabric.VaultSecretGroupArgs{
SourceVault: &servicefabric.SubResourceArgs{
Id: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.KeyVault/vaults/myVault"),
},
VaultCertificates: servicefabric.VaultCertificateArray{
&servicefabric.VaultCertificateArgs{
CertificateStore: pulumi.String("My"),
CertificateUrl: pulumi.String("https://myVault.vault.azure.net:443/secrets/myCert/ef1a31d39e1f46bca33def54b6cda54c"),
},
},
},
},
VmSize: pulumi.String("Standard_DS3"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var nodeType = new AzureNative.ServiceFabric.NodeType("nodeType", new()
{
Capacities =
{
{ "ClientConnections", "65536" },
},
ClusterName = "myCluster",
DataDiskSizeGB = 200,
DataDiskType = AzureNative.ServiceFabric.DiskType.Premium_LRS,
IsPrimary = false,
IsStateless = true,
MultiplePlacementGroups = true,
NodeTypeName = "BE",
PlacementProperties =
{
{ "HasSSD", "true" },
{ "NodeColor", "green" },
{ "SomeProperty", "5" },
},
ResourceGroupName = "resRg",
VmExtensions = new[]
{
new AzureNative.ServiceFabric.Inputs.VMSSExtensionArgs
{
AutoUpgradeMinorVersion = true,
Name = "Microsoft.Azure.Geneva.GenevaMonitoring",
Publisher = "Microsoft.Azure.Geneva",
Settings = null,
Type = "GenevaMonitoring",
TypeHandlerVersion = "2.0",
},
},
VmImageOffer = "WindowsServer",
VmImagePublisher = "MicrosoftWindowsServer",
VmImageSku = "2016-Datacenter-Server-Core",
VmImageVersion = "latest",
VmInstanceCount = -1,
VmManagedIdentity = new AzureNative.ServiceFabric.Inputs.VmManagedIdentityArgs
{
UserAssignedIdentities = new[]
{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity",
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity2",
},
},
VmSecrets = new[]
{
new AzureNative.ServiceFabric.Inputs.VaultSecretGroupArgs
{
SourceVault = new AzureNative.ServiceFabric.Inputs.SubResourceArgs
{
Id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.KeyVault/vaults/myVault",
},
VaultCertificates = new[]
{
new AzureNative.ServiceFabric.Inputs.VaultCertificateArgs
{
CertificateStore = "My",
CertificateUrl = "https://myVault.vault.azure.net:443/secrets/myCert/ef1a31d39e1f46bca33def54b6cda54c",
},
},
},
},
VmSize = "Standard_DS3",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.servicefabric.NodeType;
import com.pulumi.azurenative.servicefabric.NodeTypeArgs;
import com.pulumi.azurenative.servicefabric.inputs.VMSSExtensionArgs;
import com.pulumi.azurenative.servicefabric.inputs.VmManagedIdentityArgs;
import com.pulumi.azurenative.servicefabric.inputs.VaultSecretGroupArgs;
import com.pulumi.azurenative.servicefabric.inputs.SubResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var nodeType = new NodeType("nodeType", NodeTypeArgs.builder()
.capacities(Map.of("ClientConnections", "65536"))
.clusterName("myCluster")
.dataDiskSizeGB(200)
.dataDiskType("Premium_LRS")
.isPrimary(false)
.isStateless(true)
.multiplePlacementGroups(true)
.nodeTypeName("BE")
.placementProperties(Map.ofEntries(
Map.entry("HasSSD", "true"),
Map.entry("NodeColor", "green"),
Map.entry("SomeProperty", "5")
))
.resourceGroupName("resRg")
.vmExtensions(VMSSExtensionArgs.builder()
.autoUpgradeMinorVersion(true)
.name("Microsoft.Azure.Geneva.GenevaMonitoring")
.publisher("Microsoft.Azure.Geneva")
.settings(Map.ofEntries(
))
.type("GenevaMonitoring")
.typeHandlerVersion("2.0")
.build())
.vmImageOffer("WindowsServer")
.vmImagePublisher("MicrosoftWindowsServer")
.vmImageSku("2016-Datacenter-Server-Core")
.vmImageVersion("latest")
.vmInstanceCount(-1)
.vmManagedIdentity(VmManagedIdentityArgs.builder()
.userAssignedIdentities(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity",
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity2")
.build())
.vmSecrets(VaultSecretGroupArgs.builder()
.sourceVault(SubResourceArgs.builder()
.id("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.KeyVault/vaults/myVault")
.build())
.vaultCertificates(VaultCertificateArgs.builder()
.certificateStore("My")
.certificateUrl("https://myVault.vault.azure.net:443/secrets/myCert/ef1a31d39e1f46bca33def54b6cda54c")
.build())
.build())
.vmSize("Standard_DS3")
.build());
}
}
resources:
nodeType:
type: azure-native:servicefabric:NodeType
properties:
capacities:
ClientConnections: '65536'
clusterName: myCluster
dataDiskSizeGB: 200
dataDiskType: Premium_LRS
isPrimary: false
isStateless: true
multiplePlacementGroups: true
nodeTypeName: BE
placementProperties:
HasSSD: 'true'
NodeColor: green
SomeProperty: '5'
resourceGroupName: resRg
vmExtensions:
- autoUpgradeMinorVersion: true
name: Microsoft.Azure.Geneva.GenevaMonitoring
publisher: Microsoft.Azure.Geneva
settings: {}
type: GenevaMonitoring
typeHandlerVersion: '2.0'
vmImageOffer: WindowsServer
vmImagePublisher: MicrosoftWindowsServer
vmImageSku: 2016-Datacenter-Server-Core
vmImageVersion: latest
vmInstanceCount: -1
vmManagedIdentity:
userAssignedIdentities:
- /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity
- /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity2
vmSecrets:
- sourceVault:
id: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.KeyVault/vaults/myVault
vaultCertificates:
- certificateStore: My
certificateUrl: https://myVault.vault.azure.net:443/secrets/myCert/ef1a31d39e1f46bca33def54b6cda54c
vmSize: Standard_DS3
Setting vmInstanceCount to -1 enables auto-scaling when combined with Azure Monitor rules or SKU capacity settings. The capacities property defines resource limits (like ClientConnections: 65536) that the cluster resource manager uses for placement decisions. The placementProperties map (HasSSD, NodeColor, SomeProperty) lets you constrain which services run on these nodes. The vmManagedIdentity block assigns user-assigned identities for accessing Azure resources without storing credentials. Setting isStateless to true and multiplePlacementGroups to true allows the node type to scale beyond 100 instances across multiple placement groups.
Use temporary disk storage for stateless workloads
Stateless services that don’t require persistent storage can use the VM’s temporary disk instead of managed disks, reducing costs and simplifying configuration.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const nodeType = new azure_native.servicefabric.NodeType("nodeType", {
clusterName: "myCluster",
enableEncryptionAtHost: true,
isPrimary: false,
isStateless: true,
multiplePlacementGroups: true,
nodeTypeName: "BE",
resourceGroupName: "resRg",
useTempDataDisk: true,
vmExtensions: [{
autoUpgradeMinorVersion: true,
name: "Microsoft.Azure.Geneva.GenevaMonitoring",
publisher: "Microsoft.Azure.Geneva",
settings: {},
type: "GenevaMonitoring",
typeHandlerVersion: "2.0",
}],
vmImageOffer: "WindowsServer",
vmImagePublisher: "MicrosoftWindowsServer",
vmImageSku: "2016-Datacenter-Server-Core",
vmImageVersion: "latest",
vmInstanceCount: 10,
vmSize: "Standard_DS3",
});
import pulumi
import pulumi_azure_native as azure_native
node_type = azure_native.servicefabric.NodeType("nodeType",
cluster_name="myCluster",
enable_encryption_at_host=True,
is_primary=False,
is_stateless=True,
multiple_placement_groups=True,
node_type_name="BE",
resource_group_name="resRg",
use_temp_data_disk=True,
vm_extensions=[{
"auto_upgrade_minor_version": True,
"name": "Microsoft.Azure.Geneva.GenevaMonitoring",
"publisher": "Microsoft.Azure.Geneva",
"settings": {},
"type": "GenevaMonitoring",
"type_handler_version": "2.0",
}],
vm_image_offer="WindowsServer",
vm_image_publisher="MicrosoftWindowsServer",
vm_image_sku="2016-Datacenter-Server-Core",
vm_image_version="latest",
vm_instance_count=10,
vm_size="Standard_DS3")
package main
import (
servicefabric "github.com/pulumi/pulumi-azure-native-sdk/servicefabric/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := servicefabric.NewNodeType(ctx, "nodeType", &servicefabric.NodeTypeArgs{
ClusterName: pulumi.String("myCluster"),
EnableEncryptionAtHost: pulumi.Bool(true),
IsPrimary: pulumi.Bool(false),
IsStateless: pulumi.Bool(true),
MultiplePlacementGroups: pulumi.Bool(true),
NodeTypeName: pulumi.String("BE"),
ResourceGroupName: pulumi.String("resRg"),
UseTempDataDisk: pulumi.Bool(true),
VmExtensions: servicefabric.VMSSExtensionArray{
&servicefabric.VMSSExtensionArgs{
AutoUpgradeMinorVersion: pulumi.Bool(true),
Name: pulumi.String("Microsoft.Azure.Geneva.GenevaMonitoring"),
Publisher: pulumi.String("Microsoft.Azure.Geneva"),
Settings: pulumi.Any(map[string]interface{}{}),
Type: pulumi.String("GenevaMonitoring"),
TypeHandlerVersion: pulumi.String("2.0"),
},
},
VmImageOffer: pulumi.String("WindowsServer"),
VmImagePublisher: pulumi.String("MicrosoftWindowsServer"),
VmImageSku: pulumi.String("2016-Datacenter-Server-Core"),
VmImageVersion: pulumi.String("latest"),
VmInstanceCount: pulumi.Int(10),
VmSize: pulumi.String("Standard_DS3"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var nodeType = new AzureNative.ServiceFabric.NodeType("nodeType", new()
{
ClusterName = "myCluster",
EnableEncryptionAtHost = true,
IsPrimary = false,
IsStateless = true,
MultiplePlacementGroups = true,
NodeTypeName = "BE",
ResourceGroupName = "resRg",
UseTempDataDisk = true,
VmExtensions = new[]
{
new AzureNative.ServiceFabric.Inputs.VMSSExtensionArgs
{
AutoUpgradeMinorVersion = true,
Name = "Microsoft.Azure.Geneva.GenevaMonitoring",
Publisher = "Microsoft.Azure.Geneva",
Settings = null,
Type = "GenevaMonitoring",
TypeHandlerVersion = "2.0",
},
},
VmImageOffer = "WindowsServer",
VmImagePublisher = "MicrosoftWindowsServer",
VmImageSku = "2016-Datacenter-Server-Core",
VmImageVersion = "latest",
VmInstanceCount = 10,
VmSize = "Standard_DS3",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.servicefabric.NodeType;
import com.pulumi.azurenative.servicefabric.NodeTypeArgs;
import com.pulumi.azurenative.servicefabric.inputs.VMSSExtensionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var nodeType = new NodeType("nodeType", NodeTypeArgs.builder()
.clusterName("myCluster")
.enableEncryptionAtHost(true)
.isPrimary(false)
.isStateless(true)
.multiplePlacementGroups(true)
.nodeTypeName("BE")
.resourceGroupName("resRg")
.useTempDataDisk(true)
.vmExtensions(VMSSExtensionArgs.builder()
.autoUpgradeMinorVersion(true)
.name("Microsoft.Azure.Geneva.GenevaMonitoring")
.publisher("Microsoft.Azure.Geneva")
.settings(Map.ofEntries(
))
.type("GenevaMonitoring")
.typeHandlerVersion("2.0")
.build())
.vmImageOffer("WindowsServer")
.vmImagePublisher("MicrosoftWindowsServer")
.vmImageSku("2016-Datacenter-Server-Core")
.vmImageVersion("latest")
.vmInstanceCount(10)
.vmSize("Standard_DS3")
.build());
}
}
resources:
nodeType:
type: azure-native:servicefabric:NodeType
properties:
clusterName: myCluster
enableEncryptionAtHost: true
isPrimary: false
isStateless: true
multiplePlacementGroups: true
nodeTypeName: BE
resourceGroupName: resRg
useTempDataDisk: true
vmExtensions:
- autoUpgradeMinorVersion: true
name: Microsoft.Azure.Geneva.GenevaMonitoring
publisher: Microsoft.Azure.Geneva
settings: {}
type: GenevaMonitoring
typeHandlerVersion: '2.0'
vmImageOffer: WindowsServer
vmImagePublisher: MicrosoftWindowsServer
vmImageSku: 2016-Datacenter-Server-Core
vmImageVersion: latest
vmInstanceCount: 10
vmSize: Standard_DS3
Setting useTempDataDisk to true directs Service Fabric to use the VM’s temporary disk for its data root, eliminating the need for a managed data disk. This only works when isStateless is true, since stateless services don’t persist data. The enableEncryptionAtHost property encrypts all disks (including the temporary disk) at the host level. The multiplePlacementGroups setting allows scaling beyond 100 instances.
Configure advanced networking and security features
Production deployments often require custom networking, multiple data disks, spot VMs, and security features like Trusted Launch and secure boot.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const nodeType = new azure_native.servicefabric.NodeType("nodeType", {
additionalDataDisks: [
{
diskLetter: "F",
diskSizeGB: 256,
diskType: azure_native.servicefabric.DiskType.StandardSSD_LRS,
lun: 1,
},
{
diskLetter: "G",
diskSizeGB: 150,
diskType: azure_native.servicefabric.DiskType.Premium_LRS,
lun: 2,
},
],
additionalNetworkInterfaceConfigurations: [{
dscpConfiguration: {
id: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/dscpConfigurations/myDscpConfig",
},
enableAcceleratedNetworking: true,
ipConfigurations: [{
applicationGatewayBackendAddressPools: [{
id: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/applicationGateways/appgw-test/backendAddressPools/appgwBepoolTest",
}],
loadBalancerBackendAddressPools: [{
id: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/backendAddressPools/LoadBalancerBEAddressPool",
}],
loadBalancerInboundNatPools: [{
id: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/inboundNatPools/LoadBalancerNATPool",
}],
name: "ipconfig-1",
privateIPAddressVersion: azure_native.servicefabric.PrivateIPAddressVersion.IPv4,
publicIPAddressConfiguration: {
ipTags: [{
ipTagType: "RoutingPreference",
tag: "Internet",
}],
name: "publicip-1",
publicIPAddressVersion: azure_native.servicefabric.PublicIPAddressVersion.IPv4,
},
subnet: {
id: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1",
},
}],
name: "nic-1",
}],
capacities: {
ClientConnections: "65536",
},
clusterName: "myCluster",
computerNamePrefix: "BE",
dataDiskLetter: "S",
dataDiskSizeGB: 200,
dataDiskType: azure_native.servicefabric.DiskType.Premium_LRS,
dscpConfigurationId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/dscpConfigurations/myDscpConfig",
enableAcceleratedNetworking: true,
enableEncryptionAtHost: true,
enableNodePublicIP: true,
enableNodePublicIPv6: true,
enableOverProvisioning: false,
evictionPolicy: azure_native.servicefabric.EvictionPolicyType.Deallocate,
frontendConfigurations: [{
applicationGatewayBackendAddressPoolId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/applicationGateways/appgw-test/backendAddressPools/appgwBepoolTest",
loadBalancerBackendAddressPoolId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/backendAddressPools/LoadBalancerBEAddressPool",
loadBalancerInboundNatPoolId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/inboundNatPools/LoadBalancerNATPool",
}],
isPrimary: false,
isSpotVM: true,
isStateless: true,
multiplePlacementGroups: true,
natGatewayId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/natGateways/myNatGateway",
nodeTypeName: "BE-testResourceGroup-testRegion-test",
placementProperties: {
HasSSD: "true",
NodeColor: "green",
SomeProperty: "5",
},
resourceGroupName: "resRg",
secureBootEnabled: true,
securityType: azure_native.servicefabric.SecurityType.TrustedLaunch,
serviceArtifactReferenceId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Compute/galleries/myGallery/serviceArtifacts/myServiceArtifact/vmArtifactsProfiles/myVmArtifactProfile",
spotRestoreTimeout: "PT30M",
subnetId: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1",
useDefaultPublicLoadBalancer: true,
useEphemeralOSDisk: true,
vmExtensions: [{
autoUpgradeMinorVersion: true,
enableAutomaticUpgrade: true,
forceUpdateTag: "v.1.0",
name: "Microsoft.Azure.Geneva.GenevaMonitoring",
publisher: "Microsoft.Azure.Geneva",
settings: {},
setupOrder: [azure_native.servicefabric.VmssExtensionSetupOrder.BeforeSFRuntime],
type: "GenevaMonitoring",
typeHandlerVersion: "2.0",
}],
vmImageOffer: "WindowsServer",
vmImagePublisher: "MicrosoftWindowsServer",
vmImageSku: "2016-Datacenter-Server-Core",
vmImageVersion: "latest",
vmInstanceCount: 10,
vmManagedIdentity: {
userAssignedIdentities: [
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity",
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity2",
],
},
vmSecrets: [{
sourceVault: {
id: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.KeyVault/vaults/myVault",
},
vaultCertificates: [{
certificateStore: "My",
certificateUrl: "https://myVault.vault.azure.net:443/secrets/myCert/ef1a31d39e1f46bca33def54b6cda54c",
}],
}],
vmSetupActions: [
azure_native.servicefabric.VmSetupAction.EnableContainers,
azure_native.servicefabric.VmSetupAction.EnableHyperV,
],
vmSize: "Standard_DS3",
});
import pulumi
import pulumi_azure_native as azure_native
node_type = azure_native.servicefabric.NodeType("nodeType",
additional_data_disks=[
{
"disk_letter": "F",
"disk_size_gb": 256,
"disk_type": azure_native.servicefabric.DiskType.STANDARD_SS_D_LRS,
"lun": 1,
},
{
"disk_letter": "G",
"disk_size_gb": 150,
"disk_type": azure_native.servicefabric.DiskType.PREMIUM_LRS,
"lun": 2,
},
],
additional_network_interface_configurations=[{
"dscp_configuration": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/dscpConfigurations/myDscpConfig",
},
"enable_accelerated_networking": True,
"ip_configurations": [{
"application_gateway_backend_address_pools": [{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/applicationGateways/appgw-test/backendAddressPools/appgwBepoolTest",
}],
"load_balancer_backend_address_pools": [{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/backendAddressPools/LoadBalancerBEAddressPool",
}],
"load_balancer_inbound_nat_pools": [{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/inboundNatPools/LoadBalancerNATPool",
}],
"name": "ipconfig-1",
"private_ip_address_version": azure_native.servicefabric.PrivateIPAddressVersion.I_PV4,
"public_ip_address_configuration": {
"ip_tags": [{
"ip_tag_type": "RoutingPreference",
"tag": "Internet",
}],
"name": "publicip-1",
"public_ip_address_version": azure_native.servicefabric.PublicIPAddressVersion.I_PV4,
},
"subnet": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1",
},
}],
"name": "nic-1",
}],
capacities={
"ClientConnections": "65536",
},
cluster_name="myCluster",
computer_name_prefix="BE",
data_disk_letter="S",
data_disk_size_gb=200,
data_disk_type=azure_native.servicefabric.DiskType.PREMIUM_LRS,
dscp_configuration_id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/dscpConfigurations/myDscpConfig",
enable_accelerated_networking=True,
enable_encryption_at_host=True,
enable_node_public_ip=True,
enable_node_public_i_pv6=True,
enable_over_provisioning=False,
eviction_policy=azure_native.servicefabric.EvictionPolicyType.DEALLOCATE,
frontend_configurations=[{
"application_gateway_backend_address_pool_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/applicationGateways/appgw-test/backendAddressPools/appgwBepoolTest",
"load_balancer_backend_address_pool_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/backendAddressPools/LoadBalancerBEAddressPool",
"load_balancer_inbound_nat_pool_id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/inboundNatPools/LoadBalancerNATPool",
}],
is_primary=False,
is_spot_vm=True,
is_stateless=True,
multiple_placement_groups=True,
nat_gateway_id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/natGateways/myNatGateway",
node_type_name="BE-testResourceGroup-testRegion-test",
placement_properties={
"HasSSD": "true",
"NodeColor": "green",
"SomeProperty": "5",
},
resource_group_name="resRg",
secure_boot_enabled=True,
security_type=azure_native.servicefabric.SecurityType.TRUSTED_LAUNCH,
service_artifact_reference_id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Compute/galleries/myGallery/serviceArtifacts/myServiceArtifact/vmArtifactsProfiles/myVmArtifactProfile",
spot_restore_timeout="PT30M",
subnet_id="/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1",
use_default_public_load_balancer=True,
use_ephemeral_os_disk=True,
vm_extensions=[{
"auto_upgrade_minor_version": True,
"enable_automatic_upgrade": True,
"force_update_tag": "v.1.0",
"name": "Microsoft.Azure.Geneva.GenevaMonitoring",
"publisher": "Microsoft.Azure.Geneva",
"settings": {},
"setup_order": [azure_native.servicefabric.VmssExtensionSetupOrder.BEFORE_SF_RUNTIME],
"type": "GenevaMonitoring",
"type_handler_version": "2.0",
}],
vm_image_offer="WindowsServer",
vm_image_publisher="MicrosoftWindowsServer",
vm_image_sku="2016-Datacenter-Server-Core",
vm_image_version="latest",
vm_instance_count=10,
vm_managed_identity={
"user_assigned_identities": [
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity",
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity2",
],
},
vm_secrets=[{
"source_vault": {
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.KeyVault/vaults/myVault",
},
"vault_certificates": [{
"certificate_store": "My",
"certificate_url": "https://myVault.vault.azure.net:443/secrets/myCert/ef1a31d39e1f46bca33def54b6cda54c",
}],
}],
vm_setup_actions=[
azure_native.servicefabric.VmSetupAction.ENABLE_CONTAINERS,
azure_native.servicefabric.VmSetupAction.ENABLE_HYPER_V,
],
vm_size="Standard_DS3")
package main
import (
servicefabric "github.com/pulumi/pulumi-azure-native-sdk/servicefabric/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := servicefabric.NewNodeType(ctx, "nodeType", &servicefabric.NodeTypeArgs{
AdditionalDataDisks: servicefabric.VmssDataDiskArray{
&servicefabric.VmssDataDiskArgs{
DiskLetter: pulumi.String("F"),
DiskSizeGB: pulumi.Int(256),
DiskType: pulumi.String(servicefabric.DiskType_StandardSSD_LRS),
Lun: pulumi.Int(1),
},
&servicefabric.VmssDataDiskArgs{
DiskLetter: pulumi.String("G"),
DiskSizeGB: pulumi.Int(150),
DiskType: pulumi.String(servicefabric.DiskType_Premium_LRS),
Lun: pulumi.Int(2),
},
},
AdditionalNetworkInterfaceConfigurations: servicefabric.AdditionalNetworkInterfaceConfigurationArray{
&servicefabric.AdditionalNetworkInterfaceConfigurationArgs{
DscpConfiguration: &servicefabric.SubResourceArgs{
Id: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/dscpConfigurations/myDscpConfig"),
},
EnableAcceleratedNetworking: pulumi.Bool(true),
IpConfigurations: servicefabric.IpConfigurationArray{
&servicefabric.IpConfigurationArgs{
ApplicationGatewayBackendAddressPools: servicefabric.SubResourceArray{
&servicefabric.SubResourceArgs{
Id: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/applicationGateways/appgw-test/backendAddressPools/appgwBepoolTest"),
},
},
LoadBalancerBackendAddressPools: servicefabric.SubResourceArray{
&servicefabric.SubResourceArgs{
Id: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/backendAddressPools/LoadBalancerBEAddressPool"),
},
},
LoadBalancerInboundNatPools: servicefabric.SubResourceArray{
&servicefabric.SubResourceArgs{
Id: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/inboundNatPools/LoadBalancerNATPool"),
},
},
Name: pulumi.String("ipconfig-1"),
PrivateIPAddressVersion: pulumi.String(servicefabric.PrivateIPAddressVersionIPv4),
PublicIPAddressConfiguration: &servicefabric.IpConfigurationPublicIPAddressConfigurationArgs{
IpTags: servicefabric.IpTagArray{
&servicefabric.IpTagArgs{
IpTagType: pulumi.String("RoutingPreference"),
Tag: pulumi.String("Internet"),
},
},
Name: pulumi.String("publicip-1"),
PublicIPAddressVersion: pulumi.String(servicefabric.PublicIPAddressVersionIPv4),
},
Subnet: &servicefabric.SubResourceArgs{
Id: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"),
},
},
},
Name: pulumi.String("nic-1"),
},
},
Capacities: pulumi.StringMap{
"ClientConnections": pulumi.String("65536"),
},
ClusterName: pulumi.String("myCluster"),
ComputerNamePrefix: pulumi.String("BE"),
DataDiskLetter: pulumi.String("S"),
DataDiskSizeGB: pulumi.Int(200),
DataDiskType: pulumi.String(servicefabric.DiskType_Premium_LRS),
DscpConfigurationId: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/dscpConfigurations/myDscpConfig"),
EnableAcceleratedNetworking: pulumi.Bool(true),
EnableEncryptionAtHost: pulumi.Bool(true),
EnableNodePublicIP: pulumi.Bool(true),
EnableNodePublicIPv6: pulumi.Bool(true),
EnableOverProvisioning: pulumi.Bool(false),
EvictionPolicy: pulumi.String(servicefabric.EvictionPolicyTypeDeallocate),
FrontendConfigurations: servicefabric.FrontendConfigurationArray{
&servicefabric.FrontendConfigurationArgs{
ApplicationGatewayBackendAddressPoolId: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/applicationGateways/appgw-test/backendAddressPools/appgwBepoolTest"),
LoadBalancerBackendAddressPoolId: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/backendAddressPools/LoadBalancerBEAddressPool"),
LoadBalancerInboundNatPoolId: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/inboundNatPools/LoadBalancerNATPool"),
},
},
IsPrimary: pulumi.Bool(false),
IsSpotVM: pulumi.Bool(true),
IsStateless: pulumi.Bool(true),
MultiplePlacementGroups: pulumi.Bool(true),
NatGatewayId: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/natGateways/myNatGateway"),
NodeTypeName: pulumi.String("BE-testResourceGroup-testRegion-test"),
PlacementProperties: pulumi.StringMap{
"HasSSD": pulumi.String("true"),
"NodeColor": pulumi.String("green"),
"SomeProperty": pulumi.String("5"),
},
ResourceGroupName: pulumi.String("resRg"),
SecureBootEnabled: pulumi.Bool(true),
SecurityType: pulumi.String(servicefabric.SecurityTypeTrustedLaunch),
ServiceArtifactReferenceId: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Compute/galleries/myGallery/serviceArtifacts/myServiceArtifact/vmArtifactsProfiles/myVmArtifactProfile"),
SpotRestoreTimeout: pulumi.String("PT30M"),
SubnetId: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1"),
UseDefaultPublicLoadBalancer: pulumi.Bool(true),
UseEphemeralOSDisk: pulumi.Bool(true),
VmExtensions: servicefabric.VMSSExtensionArray{
&servicefabric.VMSSExtensionArgs{
AutoUpgradeMinorVersion: pulumi.Bool(true),
EnableAutomaticUpgrade: pulumi.Bool(true),
ForceUpdateTag: pulumi.String("v.1.0"),
Name: pulumi.String("Microsoft.Azure.Geneva.GenevaMonitoring"),
Publisher: pulumi.String("Microsoft.Azure.Geneva"),
Settings: pulumi.Any(map[string]interface{}{}),
SetupOrder: pulumi.StringArray{
pulumi.String(servicefabric.VmssExtensionSetupOrderBeforeSFRuntime),
},
Type: pulumi.String("GenevaMonitoring"),
TypeHandlerVersion: pulumi.String("2.0"),
},
},
VmImageOffer: pulumi.String("WindowsServer"),
VmImagePublisher: pulumi.String("MicrosoftWindowsServer"),
VmImageSku: pulumi.String("2016-Datacenter-Server-Core"),
VmImageVersion: pulumi.String("latest"),
VmInstanceCount: pulumi.Int(10),
VmManagedIdentity: &servicefabric.VmManagedIdentityArgs{
UserAssignedIdentities: pulumi.StringArray{
pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity"),
pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity2"),
},
},
VmSecrets: servicefabric.VaultSecretGroupArray{
&servicefabric.VaultSecretGroupArgs{
SourceVault: &servicefabric.SubResourceArgs{
Id: pulumi.String("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.KeyVault/vaults/myVault"),
},
VaultCertificates: servicefabric.VaultCertificateArray{
&servicefabric.VaultCertificateArgs{
CertificateStore: pulumi.String("My"),
CertificateUrl: pulumi.String("https://myVault.vault.azure.net:443/secrets/myCert/ef1a31d39e1f46bca33def54b6cda54c"),
},
},
},
},
VmSetupActions: pulumi.StringArray{
pulumi.String(servicefabric.VmSetupActionEnableContainers),
pulumi.String(servicefabric.VmSetupActionEnableHyperV),
},
VmSize: pulumi.String("Standard_DS3"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var nodeType = new AzureNative.ServiceFabric.NodeType("nodeType", new()
{
AdditionalDataDisks = new[]
{
new AzureNative.ServiceFabric.Inputs.VmssDataDiskArgs
{
DiskLetter = "F",
DiskSizeGB = 256,
DiskType = AzureNative.ServiceFabric.DiskType.StandardSSD_LRS,
Lun = 1,
},
new AzureNative.ServiceFabric.Inputs.VmssDataDiskArgs
{
DiskLetter = "G",
DiskSizeGB = 150,
DiskType = AzureNative.ServiceFabric.DiskType.Premium_LRS,
Lun = 2,
},
},
AdditionalNetworkInterfaceConfigurations = new[]
{
new AzureNative.ServiceFabric.Inputs.AdditionalNetworkInterfaceConfigurationArgs
{
DscpConfiguration = new AzureNative.ServiceFabric.Inputs.SubResourceArgs
{
Id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/dscpConfigurations/myDscpConfig",
},
EnableAcceleratedNetworking = true,
IpConfigurations = new[]
{
new AzureNative.ServiceFabric.Inputs.IpConfigurationArgs
{
ApplicationGatewayBackendAddressPools = new[]
{
new AzureNative.ServiceFabric.Inputs.SubResourceArgs
{
Id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/applicationGateways/appgw-test/backendAddressPools/appgwBepoolTest",
},
},
LoadBalancerBackendAddressPools = new[]
{
new AzureNative.ServiceFabric.Inputs.SubResourceArgs
{
Id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/backendAddressPools/LoadBalancerBEAddressPool",
},
},
LoadBalancerInboundNatPools = new[]
{
new AzureNative.ServiceFabric.Inputs.SubResourceArgs
{
Id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/inboundNatPools/LoadBalancerNATPool",
},
},
Name = "ipconfig-1",
PrivateIPAddressVersion = AzureNative.ServiceFabric.PrivateIPAddressVersion.IPv4,
PublicIPAddressConfiguration = new AzureNative.ServiceFabric.Inputs.IpConfigurationPublicIPAddressConfigurationArgs
{
IpTags = new[]
{
new AzureNative.ServiceFabric.Inputs.IpTagArgs
{
IpTagType = "RoutingPreference",
Tag = "Internet",
},
},
Name = "publicip-1",
PublicIPAddressVersion = AzureNative.ServiceFabric.PublicIPAddressVersion.IPv4,
},
Subnet = new AzureNative.ServiceFabric.Inputs.SubResourceArgs
{
Id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1",
},
},
},
Name = "nic-1",
},
},
Capacities =
{
{ "ClientConnections", "65536" },
},
ClusterName = "myCluster",
ComputerNamePrefix = "BE",
DataDiskLetter = "S",
DataDiskSizeGB = 200,
DataDiskType = AzureNative.ServiceFabric.DiskType.Premium_LRS,
DscpConfigurationId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/dscpConfigurations/myDscpConfig",
EnableAcceleratedNetworking = true,
EnableEncryptionAtHost = true,
EnableNodePublicIP = true,
EnableNodePublicIPv6 = true,
EnableOverProvisioning = false,
EvictionPolicy = AzureNative.ServiceFabric.EvictionPolicyType.Deallocate,
FrontendConfigurations = new[]
{
new AzureNative.ServiceFabric.Inputs.FrontendConfigurationArgs
{
ApplicationGatewayBackendAddressPoolId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/applicationGateways/appgw-test/backendAddressPools/appgwBepoolTest",
LoadBalancerBackendAddressPoolId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/backendAddressPools/LoadBalancerBEAddressPool",
LoadBalancerInboundNatPoolId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/inboundNatPools/LoadBalancerNATPool",
},
},
IsPrimary = false,
IsSpotVM = true,
IsStateless = true,
MultiplePlacementGroups = true,
NatGatewayId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/natGateways/myNatGateway",
NodeTypeName = "BE-testResourceGroup-testRegion-test",
PlacementProperties =
{
{ "HasSSD", "true" },
{ "NodeColor", "green" },
{ "SomeProperty", "5" },
},
ResourceGroupName = "resRg",
SecureBootEnabled = true,
SecurityType = AzureNative.ServiceFabric.SecurityType.TrustedLaunch,
ServiceArtifactReferenceId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Compute/galleries/myGallery/serviceArtifacts/myServiceArtifact/vmArtifactsProfiles/myVmArtifactProfile",
SpotRestoreTimeout = "PT30M",
SubnetId = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1",
UseDefaultPublicLoadBalancer = true,
UseEphemeralOSDisk = true,
VmExtensions = new[]
{
new AzureNative.ServiceFabric.Inputs.VMSSExtensionArgs
{
AutoUpgradeMinorVersion = true,
EnableAutomaticUpgrade = true,
ForceUpdateTag = "v.1.0",
Name = "Microsoft.Azure.Geneva.GenevaMonitoring",
Publisher = "Microsoft.Azure.Geneva",
Settings = null,
SetupOrder = new[]
{
AzureNative.ServiceFabric.VmssExtensionSetupOrder.BeforeSFRuntime,
},
Type = "GenevaMonitoring",
TypeHandlerVersion = "2.0",
},
},
VmImageOffer = "WindowsServer",
VmImagePublisher = "MicrosoftWindowsServer",
VmImageSku = "2016-Datacenter-Server-Core",
VmImageVersion = "latest",
VmInstanceCount = 10,
VmManagedIdentity = new AzureNative.ServiceFabric.Inputs.VmManagedIdentityArgs
{
UserAssignedIdentities = new[]
{
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity",
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity2",
},
},
VmSecrets = new[]
{
new AzureNative.ServiceFabric.Inputs.VaultSecretGroupArgs
{
SourceVault = new AzureNative.ServiceFabric.Inputs.SubResourceArgs
{
Id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.KeyVault/vaults/myVault",
},
VaultCertificates = new[]
{
new AzureNative.ServiceFabric.Inputs.VaultCertificateArgs
{
CertificateStore = "My",
CertificateUrl = "https://myVault.vault.azure.net:443/secrets/myCert/ef1a31d39e1f46bca33def54b6cda54c",
},
},
},
},
VmSetupActions = new[]
{
AzureNative.ServiceFabric.VmSetupAction.EnableContainers,
AzureNative.ServiceFabric.VmSetupAction.EnableHyperV,
},
VmSize = "Standard_DS3",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.servicefabric.NodeType;
import com.pulumi.azurenative.servicefabric.NodeTypeArgs;
import com.pulumi.azurenative.servicefabric.inputs.VmssDataDiskArgs;
import com.pulumi.azurenative.servicefabric.inputs.AdditionalNetworkInterfaceConfigurationArgs;
import com.pulumi.azurenative.servicefabric.inputs.SubResourceArgs;
import com.pulumi.azurenative.servicefabric.inputs.FrontendConfigurationArgs;
import com.pulumi.azurenative.servicefabric.inputs.VMSSExtensionArgs;
import com.pulumi.azurenative.servicefabric.inputs.VmManagedIdentityArgs;
import com.pulumi.azurenative.servicefabric.inputs.VaultSecretGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var nodeType = new NodeType("nodeType", NodeTypeArgs.builder()
.additionalDataDisks(
VmssDataDiskArgs.builder()
.diskLetter("F")
.diskSizeGB(256)
.diskType("StandardSSD_LRS")
.lun(1)
.build(),
VmssDataDiskArgs.builder()
.diskLetter("G")
.diskSizeGB(150)
.diskType("Premium_LRS")
.lun(2)
.build())
.additionalNetworkInterfaceConfigurations(AdditionalNetworkInterfaceConfigurationArgs.builder()
.dscpConfiguration(SubResourceArgs.builder()
.id("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/dscpConfigurations/myDscpConfig")
.build())
.enableAcceleratedNetworking(true)
.ipConfigurations(IpConfigurationArgs.builder()
.applicationGatewayBackendAddressPools(SubResourceArgs.builder()
.id("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/applicationGateways/appgw-test/backendAddressPools/appgwBepoolTest")
.build())
.loadBalancerBackendAddressPools(SubResourceArgs.builder()
.id("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/backendAddressPools/LoadBalancerBEAddressPool")
.build())
.loadBalancerInboundNatPools(SubResourceArgs.builder()
.id("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/inboundNatPools/LoadBalancerNATPool")
.build())
.name("ipconfig-1")
.privateIPAddressVersion("IPv4")
.publicIPAddressConfiguration(IpConfigurationPublicIPAddressConfigurationArgs.builder()
.ipTags(IpTagArgs.builder()
.ipTagType("RoutingPreference")
.tag("Internet")
.build())
.name("publicip-1")
.publicIPAddressVersion("IPv4")
.build())
.subnet(SubResourceArgs.builder()
.id("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1")
.build())
.build())
.name("nic-1")
.build())
.capacities(Map.of("ClientConnections", "65536"))
.clusterName("myCluster")
.computerNamePrefix("BE")
.dataDiskLetter("S")
.dataDiskSizeGB(200)
.dataDiskType("Premium_LRS")
.dscpConfigurationId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/dscpConfigurations/myDscpConfig")
.enableAcceleratedNetworking(true)
.enableEncryptionAtHost(true)
.enableNodePublicIP(true)
.enableNodePublicIPv6(true)
.enableOverProvisioning(false)
.evictionPolicy("Deallocate")
.frontendConfigurations(FrontendConfigurationArgs.builder()
.applicationGatewayBackendAddressPoolId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/applicationGateways/appgw-test/backendAddressPools/appgwBepoolTest")
.loadBalancerBackendAddressPoolId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/backendAddressPools/LoadBalancerBEAddressPool")
.loadBalancerInboundNatPoolId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/inboundNatPools/LoadBalancerNATPool")
.build())
.isPrimary(false)
.isSpotVM(true)
.isStateless(true)
.multiplePlacementGroups(true)
.natGatewayId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/natGateways/myNatGateway")
.nodeTypeName("BE-testResourceGroup-testRegion-test")
.placementProperties(Map.ofEntries(
Map.entry("HasSSD", "true"),
Map.entry("NodeColor", "green"),
Map.entry("SomeProperty", "5")
))
.resourceGroupName("resRg")
.secureBootEnabled(true)
.securityType("TrustedLaunch")
.serviceArtifactReferenceId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Compute/galleries/myGallery/serviceArtifacts/myServiceArtifact/vmArtifactsProfiles/myVmArtifactProfile")
.spotRestoreTimeout("PT30M")
.subnetId("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1")
.useDefaultPublicLoadBalancer(true)
.useEphemeralOSDisk(true)
.vmExtensions(VMSSExtensionArgs.builder()
.autoUpgradeMinorVersion(true)
.enableAutomaticUpgrade(true)
.forceUpdateTag("v.1.0")
.name("Microsoft.Azure.Geneva.GenevaMonitoring")
.publisher("Microsoft.Azure.Geneva")
.settings(Map.ofEntries(
))
.setupOrder("BeforeSFRuntime")
.type("GenevaMonitoring")
.typeHandlerVersion("2.0")
.build())
.vmImageOffer("WindowsServer")
.vmImagePublisher("MicrosoftWindowsServer")
.vmImageSku("2016-Datacenter-Server-Core")
.vmImageVersion("latest")
.vmInstanceCount(10)
.vmManagedIdentity(VmManagedIdentityArgs.builder()
.userAssignedIdentities(
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity",
"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity2")
.build())
.vmSecrets(VaultSecretGroupArgs.builder()
.sourceVault(SubResourceArgs.builder()
.id("/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.KeyVault/vaults/myVault")
.build())
.vaultCertificates(VaultCertificateArgs.builder()
.certificateStore("My")
.certificateUrl("https://myVault.vault.azure.net:443/secrets/myCert/ef1a31d39e1f46bca33def54b6cda54c")
.build())
.build())
.vmSetupActions(
"EnableContainers",
"EnableHyperV")
.vmSize("Standard_DS3")
.build());
}
}
resources:
nodeType:
type: azure-native:servicefabric:NodeType
properties:
additionalDataDisks:
- diskLetter: F
diskSizeGB: 256
diskType: StandardSSD_LRS
lun: 1
- diskLetter: G
diskSizeGB: 150
diskType: Premium_LRS
lun: 2
additionalNetworkInterfaceConfigurations:
- dscpConfiguration:
id: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/dscpConfigurations/myDscpConfig
enableAcceleratedNetworking: true
ipConfigurations:
- applicationGatewayBackendAddressPools:
- id: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/applicationGateways/appgw-test/backendAddressPools/appgwBepoolTest
loadBalancerBackendAddressPools:
- id: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/backendAddressPools/LoadBalancerBEAddressPool
loadBalancerInboundNatPools:
- id: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/inboundNatPools/LoadBalancerNATPool
name: ipconfig-1
privateIPAddressVersion: IPv4
publicIPAddressConfiguration:
ipTags:
- ipTagType: RoutingPreference
tag: Internet
name: publicip-1
publicIPAddressVersion: IPv4
subnet:
id: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1
name: nic-1
capacities:
ClientConnections: '65536'
clusterName: myCluster
computerNamePrefix: BE
dataDiskLetter: S
dataDiskSizeGB: 200
dataDiskType: Premium_LRS
dscpConfigurationId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/dscpConfigurations/myDscpConfig
enableAcceleratedNetworking: true
enableEncryptionAtHost: true
enableNodePublicIP: true
enableNodePublicIPv6: true
enableOverProvisioning: false
evictionPolicy: Deallocate
frontendConfigurations:
- applicationGatewayBackendAddressPoolId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/applicationGateways/appgw-test/backendAddressPools/appgwBepoolTest
loadBalancerBackendAddressPoolId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/backendAddressPools/LoadBalancerBEAddressPool
loadBalancerInboundNatPoolId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/loadBalancers/test-LB/inboundNatPools/LoadBalancerNATPool
isPrimary: false
isSpotVM: true
isStateless: true
multiplePlacementGroups: true
natGatewayId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/natGateways/myNatGateway
nodeTypeName: BE-testResourceGroup-testRegion-test
placementProperties:
HasSSD: 'true'
NodeColor: green
SomeProperty: '5'
resourceGroupName: resRg
secureBootEnabled: true
securityType: TrustedLaunch
serviceArtifactReferenceId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Compute/galleries/myGallery/serviceArtifacts/myServiceArtifact/vmArtifactsProfiles/myVmArtifactProfile
spotRestoreTimeout: PT30M
subnetId: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.Network/virtualNetworks/vnet1/subnets/subnet1
useDefaultPublicLoadBalancer: true
useEphemeralOSDisk: true
vmExtensions:
- autoUpgradeMinorVersion: true
enableAutomaticUpgrade: true
forceUpdateTag: v.1.0
name: Microsoft.Azure.Geneva.GenevaMonitoring
publisher: Microsoft.Azure.Geneva
settings: {}
setupOrder:
- BeforeSFRuntime
type: GenevaMonitoring
typeHandlerVersion: '2.0'
vmImageOffer: WindowsServer
vmImagePublisher: MicrosoftWindowsServer
vmImageSku: 2016-Datacenter-Server-Core
vmImageVersion: latest
vmInstanceCount: 10
vmManagedIdentity:
userAssignedIdentities:
- /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity
- /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/myIdentity2
vmSecrets:
- sourceVault:
id: /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resRg/providers/Microsoft.KeyVault/vaults/myVault
vaultCertificates:
- certificateStore: My
certificateUrl: https://myVault.vault.azure.net:443/secrets/myCert/ef1a31d39e1f46bca33def54b6cda54c
vmSetupActions:
- EnableContainers
- EnableHyperV
vmSize: Standard_DS3
The additionalDataDisks array attaches extra managed disks (F: and G: drives) with specific sizes and types. The additionalNetworkInterfaceConfigurations block defines secondary NICs with their own IP configurations, load balancer pools, and public IP settings. The frontendConfigurations property connects the node type to custom load balancer backends and NAT pools instead of the default load balancer. Setting isSpotVM to true with evictionPolicy: Deallocate uses Azure Spot VMs to reduce costs, accepting that VMs may be evicted when Azure needs capacity. The securityType: TrustedLaunch and secureBootEnabled: true properties enable Trusted Launch security features. The subnetId explicitly places nodes in a specific subnet rather than using default networking.
Beyond these examples
These snippets focus on specific node type features: VM image selection and auto-scaling configuration, stateless workloads with temporary disk storage, custom networking with load balancers and additional NICs, and security features. They’re intentionally minimal rather than full cluster deployments.
The examples reference pre-existing infrastructure such as Service Fabric managed clusters, virtual networks and subnets, load balancers and application gateways, and managed identities and Key Vault certificates. They focus on configuring the node type rather than provisioning the surrounding infrastructure.
To keep things focused, common node type patterns are omitted, including:
- Availability zones and dedicated host groups
- Custom VM images from galleries or resource IDs
- VM image plans for marketplace images
- NAT configurations and network security rules
- Application and ephemeral port ranges
- VM setup actions (EnableContainers, EnableHyperV)
These omissions are intentional: the goal is to illustrate how each node type feature is wired, not provide drop-in cluster modules. See the NodeType resource reference for all available configuration options.
Let's configure Azure Service Fabric Node Types
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Node Type Configuration & Immutability
What properties can't be changed after creating a node type?
Several properties are immutable after creation:
isPrimary (system services designation), nodeTypeName, clusterName, tags, and frontendConfigurations (cannot be added or removed). Plan these settings carefully during initial creation.What's the difference between primary and secondary node types?
Primary node types (
isPrimary: true) run Service Fabric system services for the cluster. Secondary node types have additional capabilities like custom frontend configurations and public IP assignment when using custom load balancers.What features require stateless node types?
Three features require
isStateless: true: using temporary disk for data root (useTempDataDisk), enabling overprovisioning (enableOverProvisioning), and hosting only stateless workloads. Stateless node types cannot run stateful services.VM Scaling & Instance Management
How do I configure auto-scaling for a node type?
Set
vmInstanceCount to -1 when auto-scale rules are configured or sku.capacity is defined. For manual scaling, use a positive integer. Note that vmInstanceCount: 0 is not supported.Can I overprovision VMs in my node type?
Yes, but only for stateless node types. Set
enableOverProvisioning: true and isStateless: true. Overprovisioning is not allowed for stateful node types.Storage & Disk Configuration
What's the difference between useEphemeralOSDisk and useTempDataDisk?
useEphemeralOSDisk uses the VM’s temporary disk for the OS (requires VM SKU support), while useTempDataDisk uses the temporary disk for Service Fabric data root instead of attaching a managed disk. The latter is only allowed for stateless node types.Can I use temporary disk instead of managed disks for data storage?
Yes, set
useTempDataDisk: true, but this is only allowed for stateless node types (isStateless: true). When enabled, no managed data disk will be attached and the temporary disk will be used for Service Fabric data root.How do I add additional data disks to my node type?
Use the
additionalDataDisks property to specify additional managed disks. Each disk requires diskLetter, diskSizeGB, diskType, and lun (logical unit number). The primary data disk is configured separately via dataDiskSizeGB and dataDiskType.Networking & Load Balancing
When can I assign public IPs to individual nodes?
Public IPs (
enableNodePublicIP and enableNodePublicIPv6) are only supported on secondary node types with custom load balancers. Primary node types and those using the default load balancer cannot use this feature.How does useDefaultPublicLoadBalancer work with custom load balancers?
If the node type uses its own load balancer and
useDefaultPublicLoadBalancer: true, the frontend must be an Internal Load Balancer. If false or not set, the custom load balancer must include a public load balancer to provide outbound connectivity.VM Images & Customization
What are my options for VM images?
You have three options:
- Marketplace images - Use
vmImagePublisher,vmImageOffer,vmImageSku, andvmImageVersion - Custom images - Use
vmImageResourceIdpointing to your custom image - Shared gallery images - Use
vmSharedGalleryImageIdfor shared gallery images
When do I need to specify a VM image plan?
Specify
vmImagePlan (with name, product, and publisher) when using marketplace images that require programmatic deployment enablement. This is only needed for marketplace images, not custom or shared gallery images.Security & Encryption
How do I enable encryption for all disks on my node type?
Set
enableEncryptionAtHost: true to enable Host Encryption for all disks, including Resource/Temp disks. This is disabled by default. Note that this is different from individual disk encryption settings.Can I use Secure Boot with my node type?
Yes, set
secureBootEnabled: true, but this can only be used with securityType: TrustedLaunch. Secure Boot is not available with the standard security type.