Access Key Vault on Azure Service Fabric app using Azure Active Directory on different tenant

As long as the Application Id used to access the Key Vault is in the same tenant as the Key Vault, the application can run from anywhere. The application (with application id) will acquire an access token from its own tenant and then use that to access the Key Vault. The environment executing the code can have identities from multiple tenants when using an application id and secret.

With this setup, will handshake between Azure service fabric cluster and Azure key vault happen?

It will not work, when you add the tenantB AD App Application ID to the access policy of Azure key vault in tenantB, essentially you add the service principal corresponded to the AD App to the keyvault. A service principal is a specific instance for an AD App in one tenant, it just works for the tenant which it located.

Even you consent the tenantB AD App to tenantA via the admin consent URL, it just generates a new service principal(enterprise application) in tenantA, which is not the same object as that you added in keyvault, an AD App has a 1:many relationship with its corresponding service principal.

Azure service fabric cluster, Azure key vault & Azure AD application have to be in same tenant?

Not exactly, but at least the service fabric cluster and key vault need to be in the same tenant, the AD App can be in another tenant, but it should be a multi-tenant app, then you need to consent it to the tenant of keyvault and service fabric cluster as mentioned above, then add the new generated service principal to the access policy before using it in service fabric cluster. If you not very familiar with Azure AD, it will be a little complex, so I recommend you to use them in the same tenant.

For more details about the relationship between AD Application and service principal, see this link.