Template/Windows/template.json

{
  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "clusterLocation": {
      "type": "string",
      "defaultValue": "southcentralus",
      "metadata": {
        "description": "Location of the Cluster"
      }
    },
    "clusterName": {
      "type": "string",
      "metadata": {
        "description": "Name of your cluster - Between 3 and 23 characters. Letters and numbers only"
      }
    },
    "adminUserName": {
      "type": "string",
      "metadata": {
        "description": "Remote desktop user Id"
      }
    },
    "adminPassword": {
      "type": "securestring",
      "metadata": {
        "description": "Remote desktop user password. Must be a strong password"
      }
    },
    "vmImagePublisher": {
      "type": "string",
      "defaultValue": "MicrosoftWindowsServer",
      "metadata": {
        "description": "VM image Publisher"
      }
    },
    "vmImageOffer": {
      "type": "string",
      "defaultValue": "WindowsServer",
      "metadata": {
        "description": "VM image offer"
      }
    },
    "vmImageSku": {
      "type": "string",
      "defaultValue": "2022-datacenter-azure-edition",
      "metadata": {
        "description": "VM image SKU"
      }
    },
    "vmImageVersion": {
      "type": "string",
      "defaultValue": "latest",
      "metadata": {
        "description": "VM image version"
      }
    },
    "loadBalancedAppPort1": {
      "type": "int",
      "defaultValue": 80,
      "metadata": {
        "description": "Input endpoint1 for the application to use. Replace it with what your application uses"
      }
    },
    "loadBalancedAppPort2": {
      "type": "int",
      "defaultValue": 8081,
      "metadata": {
        "description": "Input endpoint2 for the application to use. Replace it with what your application uses"
      }
    },
    "clusterProtectionLevel": {
      "type": "string",
      "allowedValues": [
        "None",
        "Sign",
        "EncryptAndSign"
      ],
      "defaultValue": "EncryptAndSign",
      "metadata": {
        "description": "Protection level.Three values are allowed - EncryptAndSign, Sign, None. It is best to keep the default of EncryptAndSign, unless you have a need not to"
      }
    },
    "certificateStoreValue": {
      "type": "string",
      "allowedValues": [
        "My"
      ],
      "defaultValue": "My",
      "metadata": {
        "description": "The store name where the cert will be deployed in the virtual machine"
      }
    },
    "certificateThumbprint": {
      "type": "string",
      "metadata": {
        "description": "Certificate Thumbprint"
      }
    },
    "sourceVaultValue": {
      "type": "string",
      "metadata": {
        "description": "Resource Id of the key vault, is should be in the format of /subscriptions/<Sub ID>/resourceGroups/<Resource group name>/providers/Microsoft.KeyVault/vaults/<vault name>"
      }
    },
    "certificateUrlValue": {
      "type": "string",
      "metadata": {
        "description": "Refers to the location URL in your key vault where the certificate was uploaded, it is should be in the format of https://<name of the vault>.vault.azure.net:443/secrets/<exact location>"
      }
    },
    "storageAccountType": {
      "type": "string",
      "allowedValues": [
        "Standard_LRS",
        "Standard_GRS"
      ],
      "defaultValue": "Standard_LRS",
      "metadata": {
        "description": "Replication option for the VM image storage account"
      }
    },
    "supportLogStorageAccountType": {
      "type": "string",
      "allowedValues": [
        "Standard_LRS",
        "Standard_GRS"
      ],
      "defaultValue": "Standard_LRS",
      "metadata": {
        "description": "Replication option for the support log storage account"
      }
    },
    "applicationDiagnosticsStorageAccountType": {
      "type": "string",
      "allowedValues": [
        "Standard_LRS",
        "Standard_GRS"
      ],
      "defaultValue": "Standard_LRS",
      "metadata": {
        "description": "Replication option for the application diagnostics storage account"
      }
    },
    "nt0InstanceCount": {
      "type": "int",
      "defaultValue": 5,
      "metadata": {
        "description": "Instance count for node type"
      }
    },
    "vmNodeType0Size": {
      "type": "string",
      "defaultValue": "Standard_D2s_v3"
    },
    "durabilityLevel": {
      "type": "string",
      "allowedValues": [
        "Silver",
        "Gold"
      ],
      "defaultValue": "Silver"
    },
    "reliabilityLevel": {
      "type": "string",
      "allowedValues": [
        "Silver",
        "Gold",
        "Platinum"
      ],
      "defaultValue": "Silver"
    }
  },
  "variables": {
    "computeLocation": "[parameters('clusterLocation')]",
    "dnsName": "[parameters('clusterName')]",
    "vmStorageAccountName": "[toLower(concat( 'sflogs', uniqueString(resourceGroup().id), '1' ))]",
    "vmName": "vm",
    "publicIPAddressName": "PublicIP-VM",
    "publicIPAddressType": "Dynamic",
    "vmStorageAccountContainerName": "vhds",
    "virtualNetworkName": "VNet",
    "addressPrefix": "10.0.0.0/16",
    "nicName": "NIC",
    "lbName": "LoadBalancer",
    "lbIPName": "PublicIP-LB-FE",
    "availSetName": "AvailabilitySet",
    "maxPercentUpgradeDomainDeltaUnhealthyNodes": "100",
    "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]",
    "overProvision": "false",
    "vmssApiVersion": "2023-09-01",
    "sfrpApiVersion": "2023-11-01-preview",
    "lbApiVersion": "2023-09-01",
    "vNetApiVersion": "2023-09-01",
    "storageApiVersion": "2023-01-01",
    "publicIPApiVersion": "2023-09-01",
    "nt0applicationStartPort": "20000",
    "nt0applicationEndPort": "30000",
    "nt0ephemeralStartPort": "49152",
    "nt0ephemeralEndPort": "65534",
    "nt0fabricTcpGatewayPort": "19000",
    "nt0fabricHttpGatewayPort": "19080",
    "subnet0Name": "Subnet-0",
    "subnet0Prefix": "10.0.0.0/24",
    "subnet0Ref": "[concat(variables('vnetID'),'/subnets/',variables('subnet0Name'))]",
    "supportLogStorageAccountName": "[toLower( concat( uniqueString(resourceGroup().id),'2'))]",
    "applicationDiagnosticsStorageAccountName": "[toLower(concat('wad',uniqueString(resourceGroup().id), '3' ))]",
    "lbID0": "[resourceId('Microsoft.Network/loadBalancers',concat('LB','-', parameters('clusterName'),'-',variables('vmNodeType0Name')))]",
    "lbIPConfig0": "[concat(variables('lbID0'),'/frontendIPConfigurations/LoadBalancerIPConfig')]",
    "lbPoolID0": "[concat(variables('lbID0'),'/backendAddressPools/LoadBalancerBEAddressPool')]",
    "lbProbeID0": "[concat(variables('lbID0'),'/probes/FabricGatewayProbe')]",
    "lbHttpProbeID0": "[concat(variables('lbID0'),'/probes/FabricHttpGatewayProbe')]",
    "lbNatPoolID0": "[concat(variables('lbID0'),'/inboundNatPools/LoadBalancerBEAddressNatPool')]",
    "vmNodeType0Name": "[toLower(concat('NT1', variables('vmName')))]",
    "vmStorageAccountName0": "[toLower(concat(uniqueString(resourceGroup().id), '1', '0' ))]"
  },
  "resources": [
    {
      "apiVersion": "[variables('storageApiVersion')]",
      "type": "Microsoft.Storage/storageAccounts",
      "name": "[variables('supportLogStorageAccountName')]",
      "location": "[variables('computeLocation')]",
      "dependsOn": [],
      "properties": {},
      "kind": "Storage",
      "sku": {
        "name": "[parameters('supportLogStorageAccountType')]"
      },
      "tags": {
        "resourceType": "Service Fabric",
        "clusterName": "[parameters('clusterName')]"
      }
    },
    {
      "apiVersion": "[variables('storageApiVersion')]",
      "type": "Microsoft.Storage/storageAccounts",
      "name": "[variables('applicationDiagnosticsStorageAccountName')]",
      "location": "[variables('computeLocation')]",
      "dependsOn": [],
      "properties": {},
      "kind": "Storage",
      "sku": {
        "name": "[parameters('applicationDiagnosticsStorageAccountType')]"
      },
      "tags": {
        "resourceType": "Service Fabric",
        "clusterName": "[parameters('clusterName')]"
      }
    },
    {
      "apiVersion": "[variables('vNetApiVersion')]",
      "type": "Microsoft.Network/virtualNetworks",
      "name": "[variables('virtualNetworkName')]",
      "location": "[variables('computeLocation')]",
      "dependsOn": [
        "[concat('Microsoft.Network/networkSecurityGroups/', concat('nsg', variables('subnet0Name')))]"
      ],
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[variables('addressPrefix')]"
          ]
        },
        "subnets": [
          {
            "name": "[variables('subnet0Name')]",
            "properties": {
              "addressPrefix": "[variables('subnet0Prefix')]",
              "networkSecurityGroup": {
                "id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat('nsg', variables('subnet0Name')))]"
              }
            }
          }
        ]
      },
      "tags": {
        "resourceType": "Service Fabric",
        "clusterName": "[parameters('clusterName')]"
      }
    },
    {
      "apiVersion": "[variables('publicIPApiVersion')]",
      "type": "Microsoft.Network/publicIPAddresses",
      "name": "[concat(variables('lbIPName'),'-',variables('vmNodeType0Name'))]",
      "location": "[variables('computeLocation')]",
      "properties": {
        "dnsSettings": {
          "domainNameLabel": "[variables('dnsName')]"
        },
        "publicIPAllocationMethod": "Dynamic"
      },
      "tags": {
        "resourceType": "Service Fabric",
        "clusterName": "[parameters('clusterName')]"
      }
    },
    {
      "apiVersion": "[variables('lbApiVersion')]",
      "type": "Microsoft.Network/loadBalancers",
      "name": "[concat('LB','-', parameters('clusterName'),'-',variables('vmNodeType0Name'))]",
      "location": "[variables('computeLocation')]",
      "dependsOn": [
        "[concat('Microsoft.Network/publicIPAddresses/',concat(variables('lbIPName'),'-',variables('vmNodeType0Name')))]"
      ],
      "properties": {
        "frontendIPConfigurations": [
          {
            "name": "LoadBalancerIPConfig",
            "properties": {
              "publicIPAddress": {
                "id": "[resourceId('Microsoft.Network/publicIPAddresses',concat(variables('lbIPName'),'-',variables('vmNodeType0Name')))]"
              }
            }
          }
        ],
        "backendAddressPools": [
          {
            "name": "LoadBalancerBEAddressPool",
            "properties": {}
          }
        ],
        "loadBalancingRules": [
          {
            "name": "LBRule",
            "properties": {
              "backendAddressPool": {
                "id": "[variables('lbPoolID0')]"
              },
              "backendPort": "[variables('nt0fabricTcpGatewayPort')]",
              "enableFloatingIP": "false",
              "frontendIPConfiguration": {
                "id": "[variables('lbIPConfig0')]"
              },
              "frontendPort": "[variables('nt0fabricTcpGatewayPort')]",
              "idleTimeoutInMinutes": "5",
              "probe": {
                "id": "[variables('lbProbeID0')]"
              },
              "protocol": "tcp"
            }
          },
          {
            "name": "LBHttpRule",
            "properties": {
              "backendAddressPool": {
                "id": "[variables('lbPoolID0')]"
              },
              "backendPort": "[variables('nt0fabricHttpGatewayPort')]",
              "enableFloatingIP": "false",
              "frontendIPConfiguration": {
                "id": "[variables('lbIPConfig0')]"
              },
              "frontendPort": "[variables('nt0fabricHttpGatewayPort')]",
              "idleTimeoutInMinutes": "5",
              "probe": {
                "id": "[variables('lbHttpProbeID0')]"
              },
              "protocol": "tcp"
            }
          },
          {
            "name": "AppPortLBRule1",
            "properties": {
              "backendAddressPool": {
                "id": "[variables('lbPoolID0')]"
              },
              "backendPort": "[parameters('loadBalancedAppPort1')]",
              "enableFloatingIP": "false",
              "frontendIPConfiguration": {
                "id": "[variables('lbIPConfig0')]"
              },
              "frontendPort": "[parameters('loadBalancedAppPort1')]",
              "idleTimeoutInMinutes": "5",
              "probe": {
                "id": "[concat(variables('lbID0'),'/probes/AppPortProbe1')]"
              },
              "protocol": "tcp"
            }
          },
          {
            "name": "AppPortLBRule2",
            "properties": {
              "backendAddressPool": {
                "id": "[variables('lbPoolID0')]"
              },
              "backendPort": "[parameters('loadBalancedAppPort2')]",
              "enableFloatingIP": "false",
              "frontendIPConfiguration": {
                "id": "[variables('lbIPConfig0')]"
              },
              "frontendPort": "[parameters('loadBalancedAppPort2')]",
              "idleTimeoutInMinutes": "5",
              "probe": {
                "id": "[concat(variables('lbID0'),'/probes/AppPortProbe2')]"
              },
              "protocol": "tcp"
            }
          }
        ],
        "probes": [
          {
            "name": "FabricGatewayProbe",
            "properties": {
              "intervalInSeconds": 5,
              "numberOfProbes": 2,
              "port": "[variables('nt0fabricTcpGatewayPort')]",
              "protocol": "tcp"
            }
          },
          {
            "name": "FabricHttpGatewayProbe",
            "properties": {
              "intervalInSeconds": 5,
              "numberOfProbes": 2,
              "port": "[variables('nt0fabricHttpGatewayPort')]",
              "protocol": "tcp"
            }
          },
          {
            "name": "AppPortProbe1",
            "properties": {
              "intervalInSeconds": 5,
              "numberOfProbes": 2,
              "port": "[parameters('loadBalancedAppPort1')]",
              "protocol": "tcp"
            }
          },
          {
            "name": "AppPortProbe2",
            "properties": {
              "intervalInSeconds": 5,
              "numberOfProbes": 2,
              "port": "[parameters('loadBalancedAppPort2')]",
              "protocol": "tcp"
            }
          }
        ],
        "inboundNatPools": [
          {
            "name": "LoadBalancerBEAddressNatPool",
            "properties": {
              "backendPort": "3389",
              "frontendIPConfiguration": {
                "id": "[variables('lbIPConfig0')]"
              },
              "frontendPortRangeEnd": "4500",
              "frontendPortRangeStart": "3389",
              "protocol": "tcp"
            }
          }
        ]
      },
      "tags": {
        "resourceType": "Service Fabric",
        "clusterName": "[parameters('clusterName')]"
      }
    },
    {
      "apiVersion": "2015-06-15",
      "type": "Microsoft.Network/networkSecurityGroups",
      "name": "[concat('nsg', variables('subnet0Name'))]",
      "location": "[resourceGroup().location]",
      "properties": {
        "securityRules": [
          {
            "name": "allowSvcFabSMB",
            "properties": {
              "access": "Allow",
              "destinationAddressPrefix": "*",
              "destinationPortRange": "445",
              "direction": "Inbound",
              "priority": 3950,
              "protocol": "*",
              "sourceAddressPrefix": "VirtualNetwork",
              "sourcePortRange": "*"
            },
            "comments": "allow SMB traffic within the net, used by fabric to move packages around"
          },
          {
            "name": "allowSvcFabCluser",
            "properties": {
              "access": "Allow",
              "destinationAddressPrefix": "*",
              "destinationPortRange": "1025-1027",
              "direction": "Inbound",
              "priority": 3920,
              "protocol": "*",
              "sourceAddressPrefix": "VirtualNetwork",
              "sourcePortRange": "*"
            },
            "comments": "allow ports within vnet that are used by the fabric to talk between nodes"
          },
          {
            "name": "allowSvcFabEphemeral",
            "properties": {
              "access": "Allow",
              "destinationAddressPrefix": "*",
              "destinationPortRange": "[concat(variables('nt0ephemeralStartPort'), '-', variables('nt0ephemeralEndPort'))]",
              "direction": "Inbound",
              "priority": 3930,
              "protocol": "*",
              "sourceAddressPrefix": "VirtualNetwork",
              "sourcePortRange": "*"
            },
            "comments": "allow fabric ephemeral ports within the vnet"
          },
          {
            "name": "allowSvcFabPortal",
            "properties": {
              "access": "Allow",
              "destinationAddressPrefix": "*",
              "destinationPortRange": "[variables('nt0fabricHttpGatewayPort')]",
              "direction": "Inbound",
              "priority": 3900,
              "protocol": "*",
              "sourceAddressPrefix": "*",
              "sourcePortRange": "*"
            },
            "comments": "allow port used to access the fabric cluster web portal"
          },
          {
            "name": "allowSvcFabClient",
            "properties": {
              "access": "Allow",
              "destinationAddressPrefix": "*",
              "destinationPortRange": "[variables('nt0fabricTcpGatewayPort')]",
              "direction": "Inbound",
              "priority": 3910,
              "protocol": "*",
              "sourceAddressPrefix": "*",
              "sourcePortRange": "*"
            },
            "comments": "allow port used by the fabric client (includes powershell)"
          },
          {
            "name": "allowSvcFabApplication",
            "properties": {
              "access": "Allow",
              "destinationAddressPrefix": "*",
              "destinationPortRange": "[concat(variables('nt0applicationStartPort'), '-', variables('nt0applicationEndPort'))]",
              "direction": "Inbound",
              "priority": 3940,
              "protocol": "*",
              "sourceAddressPrefix": "*",
              "sourcePortRange": "*"
            },
            "comments": "allow fabric application ports within the vnet"
          },
          {
            "name": "blockAll",
            "properties": {
              "access": "Deny",
              "destinationAddressPrefix": "*",
              "destinationPortRange": "*",
              "direction": "Inbound",
              "priority": 4095,
              "protocol": "*",
              "sourceAddressPrefix": "*",
              "sourcePortRange": "*"
            },
            "comments": "block all traffic except what we've explicitly allowed"
          },
          {
            "name": "allowVNetRDP",
            "properties": {
              "access": "Allow",
              "destinationAddressPrefix": "*",
              "destinationPortRange": "3389-4500",
              "direction": "Inbound",
              "priority": 3960,
              "protocol": "*",
              "sourceAddressPrefix": "*",
              "sourcePortRange": "*"
            },
            "comments": "allow RDP within the net"
          },
          {
            "name": "allowAppPort1",
            "properties": {
              "access": "Allow",
              "destinationAddressPrefix": "*",
              "destinationPortRange": "[parameters('loadBalancedAppPort1')]",
              "direction": "Inbound",
              "priority": 2001,
              "protocol": "*",
              "sourceAddressPrefix": "*",
              "sourcePortRange": "*"
            },
            "comments": "allow public application port 1"
          },
          {
            "name": "allowAppPort2",
            "properties": {
              "access": "Allow",
              "destinationAddressPrefix": "*",
              "destinationPortRange": "[parameters('loadBalancedAppPort2')]",
              "direction": "Inbound",
              "priority": 2002,
              "protocol": "*",
              "sourceAddressPrefix": "*",
              "sourcePortRange": "*"
            },
            "comments": "allow public application port 2"
          }
        ]
      },
      "tags": {
        "resourceType": "Service Fabric",
        "clusterName": "[parameters('clusterName')]"
      }
    },
    {
      "apiVersion": "[variables('vmssApiVersion')]",
      "type": "Microsoft.Compute/virtualMachineScaleSets",
      "name": "[variables('vmNodeType0Name')]",
      "location": "[variables('computeLocation')]",
      "dependsOn": [
        "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]",
        "[concat('Microsoft.Network/loadBalancers/', concat('LB','-', parameters('clusterName'),'-',variables('vmNodeType0Name')))]",
        "[concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName'))]",
        "[concat('Microsoft.Storage/storageAccounts/', variables('applicationDiagnosticsStorageAccountName'))]"
      ],
      "properties": {
        "overprovision": "[variables('overProvision')]",
        "upgradePolicy": {
          "mode": "Automatic",
          "automaticOSUpgradePolicy": {
            "enableAutomaticOSUpgrade": true
          }
        },
        "virtualMachineProfile": {
          "extensionProfile": {
            "extensions": [
              {
                "name": "Microsoft.Azure.Geneva.GenevaMonitoring",
                "properties": {
                  "publisher": "Microsoft.Azure.Geneva",
                  "type": "GenevaMonitoring",
                  "typeHandlerVersion": "2.0",
                  "enableAutomaticUpgrade": true,
                  "autoUpgradeMinorVersion": true
                }
              },
              {
                "name": "[concat('ServiceFabricNodeVmExt','_vmNodeType0Name')]",
                "properties": {
                  "type": "ServiceFabricNode",
                  "autoUpgradeMinorVersion": true,
                  "protectedSettings": {
                    "StorageAccountKey1": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-05-01-preview').key1]",
                    "StorageAccountKey2": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-05-01-preview').key2]"
                  },
                  "publisher": "Microsoft.Azure.ServiceFabric",
                  "settings": {
                    "clusterEndpoint": "[reference(parameters('clusterName')).clusterEndpoint]",
                    "nodeTypeRef": "[variables('vmNodeType0Name')]",
                    "dataPath": "D:\\SvcFab",
                    "durabilityLevel": "[parameters('durabilityLevel')]",
                    "enableParallelJobs": true,
                    "nicPrefixOverride": "[variables('subnet0Prefix')]",
                    "certificate": {
                      "thumbprint": "[parameters('certificateThumbprint')]",
                      "x509StoreName": "[parameters('certificateStoreValue')]"
                    }
                  },
                  "typeHandlerVersion": "1.1"
                }
              },
              {
                "name": "[concat('VMDiagnosticsVmExt','_vmNodeType0Name')]",
                "properties": {
                  "type": "IaaSDiagnostics",
                  "autoUpgradeMinorVersion": true,
                  "protectedSettings": {
                    "storageAccountName": "[variables('applicationDiagnosticsStorageAccountName')]",
                    "storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('applicationDiagnosticsStorageAccountName')),'2015-05-01-preview').key1]",
                    "storageAccountEndPoint": "https://core.windows.net/"
                  },
                  "publisher": "Microsoft.Azure.Diagnostics",
                  "settings": {
                    "WadCfg": {
                      "DiagnosticMonitorConfiguration": {
                        "overallQuotaInMB": "50000",
                        "EtwProviders": {
                          "EtwEventSourceProviderConfiguration": [
                            {
                              "provider": "Microsoft-ServiceFabric-Actors",
                              "scheduledTransferKeywordFilter": "1",
                              "scheduledTransferPeriod": "PT5M",
                              "DefaultEvents": {
                                "eventDestination": "ServiceFabricReliableActorEventTable"
                              }
                            },
                            {
                              "provider": "Microsoft-ServiceFabric-Services",
                              "scheduledTransferPeriod": "PT5M",
                              "DefaultEvents": {
                                "eventDestination": "ServiceFabricReliableServiceEventTable"
                              }
                            }
                          ],
                          "EtwManifestProviderConfiguration": [
                            {
                              "provider": "cbd93bc2-71e5-4566-b3a7-595d8eeca6e8",
                              "scheduledTransferLogLevelFilter": "Information",
                              "scheduledTransferKeywordFilter": "4611686018427387904",
                              "scheduledTransferPeriod": "PT5M",
                              "DefaultEvents": {
                                "eventDestination": "ServiceFabricSystemEventTable"
                              }
                            }
                          ]
                        }
                      }
                    },
                    "StorageAccount": "[variables('applicationDiagnosticsStorageAccountName')]"
                  },
                  "typeHandlerVersion": "1.5"
                }
              }
            ]
          },
          "networkProfile": {
            "networkInterfaceConfigurations": [
              {
                "name": "[concat(variables('nicName'), '-0')]",
                "properties": {
                  "ipConfigurations": [
                    {
                      "name": "[concat(variables('nicName'),'-',0)]",
                      "properties": {
                        "loadBalancerBackendAddressPools": [
                          {
                            "id": "[variables('lbPoolID0')]"
                          }
                        ],
                        "loadBalancerInboundNatPools": [
                          {
                            "id": "[variables('lbNatPoolID0')]"
                          }
                        ],
                        "subnet": {
                          "id": "[variables('subnet0Ref')]"
                        }
                      }
                    }
                  ],
                  "primary": true
                }
              }
            ]
          },
          "osProfile": {
            "adminPassword": "[parameters('adminPassword')]",
            "adminUsername": "[parameters('adminUsername')]",
            "computernamePrefix": "[variables('vmNodeType0Name')]",
            "secrets": [
              {
                "sourceVault": {
                  "id": "[parameters('sourceVaultValue')]"
                },
                "vaultCertificates": [
                  {
                    "certificateStore": "[parameters('certificateStoreValue')]",
                    "certificateUrl": "[parameters('certificateUrlValue')]"
                  }
                ]
              }
            ]
          },
          "storageProfile": {
            "imageReference": {
              "publisher": "[parameters('vmImagePublisher')]",
              "offer": "[parameters('vmImageOffer')]",
              "sku": "[parameters('vmImageSku')]",
              "version": "[parameters('vmImageVersion')]"
            },
            "osDisk": {
              "caching": "ReadOnly",
              "createOption": "FromImage",
              "managedDisk": {
                "storageAccountType": "[parameters('storageAccountType')]"
              }
            }
          }
        }
      },
      "sku": {
        "name": "[parameters('vmNodeType0Size')]",
        "capacity": "[parameters('nt0InstanceCount')]",
        "tier": "Standard"
      },
      "tags": {
        "resourceType": "Service Fabric",
        "clusterName": "[parameters('clusterName')]"
      }
    },
    {
      "apiVersion": "[variables('sfrpApiVersion')]",
      "type": "Microsoft.ServiceFabric/clusters",
      "name": "[parameters('clusterName')]",
      "location": "[parameters('clusterLocation')]",
      "dependsOn": [
        "[concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName'))]"
      ],
      "properties": {
        "addonFeatures": [
          "DnsService",
          "RepairManager"
        ],
        "certificate": {
          "thumbprint": "[parameters('certificateThumbprint')]",
          "x509StoreName": "[parameters('certificateStoreValue')]"
        },
        "clusterState": "Default",
        "diagnosticsStorageAccountConfig": {
          "blobEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]",
          "protectedAccountKeyName": "StorageAccountKey1",
          "queueEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.queue]",
          "storageAccountName": "[variables('supportLogStorageAccountName')]",
          "tableEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.table]"
        },
        "fabricSettings": [
          {
            "parameters": [
              {
                "name": "ClusterProtectionLevel",
                "value": "[parameters('clusterProtectionLevel')]"
              }
            ],
            "name": "Security"
          }
        ],
        "managementEndpoint": "[concat('https://',reference(concat(variables('lbIPName'),'-',variables('vmNodeType0Name'))).dnsSettings.fqdn,':',variables('nt0fabricHttpGatewayPort'))]",
        "nodeTypes": [
          {
            "name": "[variables('vmNodeType0Name')]",
            "applicationPorts": {
              "endPort": "[variables('nt0applicationEndPort')]",
              "startPort": "[variables('nt0applicationStartPort')]"
            },
            "clientConnectionEndpointPort": "[variables('nt0fabricTcpGatewayPort')]",
            "durabilityLevel": "[parameters('durabilityLevel')]",
            "ephemeralPorts": {
              "endPort": "[variables('nt0ephemeralEndPort')]",
              "startPort": "[variables('nt0ephemeralStartPort')]"
            },
            "httpGatewayEndpointPort": "[variables('nt0fabricHttpGatewayPort')]",
            "isPrimary": true,
            "vmInstanceCount": "[parameters('nt0InstanceCount')]"
          }
        ],
        "provisioningState": "Default",
        "reliabilityLevel": "[parameters('reliabilityLevel')]",
        "upgradeMode": "Automatic",
        "vmImage": "Windows"
      },
      "tags": {
        "resourceType": "Service Fabric",
        "clusterName": "[parameters('clusterName')]"
      }
    }
  ],
  "outputs": {
    "clusterProperties": {
      "value": "[reference(parameters('clusterName'))]",
      "type": "object"
    }
  }
}