创建支持托管标识的新 Azure Service Fabric 群集(预览)Create a new Azure Service Fabric cluster with Managed Identity support (preview)

若要访问 Azure Service Fabric 应用程序的托管标识功能,必须先在群集上启用托管标识令牌服务。In order to access the managed identity feature for Azure Service Fabric applications, you must first enable the Managed Identity Token Service on the cluster. 此服务负责使用 Service Fabric 应用程序的托管标识对这些应用程序进行身份验证,以及代表它们获取访问令牌。This service is responsible for the authentication of Service Fabric applications using their managed identities, and for obtaining access tokens on their behalf. 启用此服务以后,即可在 Service Fabric Explorer 中左侧窗格的“系统”部分 下看到它,它在其他系统服务旁边以 fabric:/System/ManagedIdentityTokenService 名称运行。Once the service is enabled, you can see it in Service Fabric Explorer under the System section in the left pane, running under the name fabric:/System/ManagedIdentityTokenService next to other system services.

Note

若要启用托管标识令牌服务,必须使用 Service Fabric 运行时 6.5.658.9590 或更高版本。Service Fabric runtime version 6.5.658.9590 or higher is required to enable the Managed Identity Token Service.

启用托管标识令牌服务Enable the Managed Identity Token Service

若要在创建群集时启用托管标识令牌服务,可以在 Azure 资源管理器模板中使用以下代码片段:To enable the Managed Identity Token Service at cluster creation time, you may use the following snippet in an Azure Resource Manager template:

"fabricSettings": [
    {
        "name": "ManagedIdentityTokenService",
        "parameters": [
            {
                "name": "IsEnabled",
                "value": "true"
            }
        ]
    }
]

错误Errors

如果部署失败并显示此消息,则表示群集不在所需的 Service Fabric 版本上(支持的最低运行时为 6.5 CU2):If the deployment fails with this message, it means the cluster is not on the required Service Fabric version (the minimum supported runtime is 6.5 CU2):

{
    "code": "ParameterNotAllowed",
    "message": "Section 'ManagedIdentityTokenService' and Parameter 'IsEnabled' is not allowed."
}