为新的 Service Fabric 群集配置托管标识支持Configure managed identity support for a new Service Fabric cluster

若要在 Service Fabric 应用程序中使用 Azure 资源托管标识,请首先在群集上启用“托管标识令牌服务”。To use Managed identities for Azure resources in your Service Fabric applications, first enable the Managed Identity Token Service on the cluster. 此服务负责使用 Service Fabric 应用程序的托管标识对这些应用程序进行身份验证,以及代表它们获取访问令牌。This service is responsible for the authentication of Service Fabric applications using their managed identities, and for obtaining access tokens on their behalf. 启用此服务以后,即可在 Service Fabric Explorer 中左侧窗格的“系统”部分下看到它,它在其他系统服务旁边以 fabric:/System/ManagedIdentityTokenService 名称运行。Once the service is enabled, you can see it in Service Fabric Explorer under the System section in the left pane, running under the name fabric:/System/ManagedIdentityTokenService next to other system services.

备注

若要启用托管标识令牌服务,必须使用 Service Fabric 运行时 6.5.658.9590 或更高版本。Service Fabric runtime version 6.5.658.9590 or higher is required to enable the Managed Identity Token Service.

启用托管标识令牌服务Enable the Managed Identity Token Service

若要在创建群集时启用托管标识令牌服务,请在群集的 Azure资源管理器模板中添加以下代码片段:To enable the Managed Identity Token Service at cluster creation time, add the following snippet to your cluster Azure Resource Manager template:

"fabricSettings": [
    {
        "name": "ManagedIdentityTokenService",
        "parameters": [
            {
                "name": "IsEnabled",
                "value": "true"
            }
        ]
    }
]

错误Errors

如果部署失败并显示此消息,则表示群集不在所需的 Service Fabric 版本上(支持的最低运行时为 6.5 CU2):If the deployment fails with this message, it means the cluster is not on the required Service Fabric version (the minimum supported runtime is 6.5 CU2):

{
    "code": "ParameterNotAllowed",
    "message": "Section 'ManagedIdentityTokenService' and Parameter 'IsEnabled' is not allowed."
}

后续步骤Next steps