bearbeiten

Share via

Quickstart: Provision Azure Spring Apps using Terraform

  • Article

Note

Azure Spring Apps is the new name for the Azure Spring Cloud service. Although the service has a new name, you'll see the old name in some places for a while as we work to update assets such as screenshots, videos, and diagrams.

This article applies to: ❌ Basic ✔️ Standard ✔️ Enterprise

This quickstart describes how to use Terraform to deploy an Azure Spring Apps cluster into an existing virtual network.

Azure Spring Apps makes it easy to deploy Spring applications to Azure without any code changes. The service manages the infrastructure of Spring applications so developers can focus on their code. Azure Spring Apps provides lifecycle management using comprehensive monitoring and diagnostics, configuration management, service discovery, CI/CD integration, blue-green deployments, and more.

The Enterprise deployment plan includes the following Tanzu components:

  • Build Service
  • Application Configuration Service
  • Service Registry
  • Spring Cloud Gateway
  • API Portal

The API Portal component will be included when it becomes available through the AzureRM Terraform provider.

For more customization including custom domain support, see the Azure Spring Apps Terraform provider documentation.

Prerequisites

  • An Azure subscription. If you don't have a subscription, create a free account before you begin.
  • Hashicorp Terraform
  • Two dedicated subnets for the Azure Spring Apps cluster, one for the service runtime and another for the Spring applications. For subnet and virtual network requirements, see the Virtual network requirements section of Deploy Azure Spring Apps in a virtual network.
  • An existing Log Analytics workspace for Azure Spring Apps diagnostics settings and a workspace-based Application Insights resource. For more information, see Analyze logs and metrics with diagnostics settings and Application Insights Java In-Process Agent in Azure Spring Apps.
  • Three internal Classless Inter-Domain Routing (CIDR) ranges (at least /16 each) that you've identified for use by the Azure Spring Apps cluster. These CIDR ranges won't be directly routable and will be used only internally by the Azure Spring Apps cluster. Clusters may not use 169.254.0.0/16, 172.30.0.0/16, 172.31.0.0/16, or 192.0.2.0/24 for the internal Azure Spring Apps CIDR. Clusters also may not use any IP ranges included within the cluster virtual network address range.
  • Service permission granted to the virtual network. The Azure Spring Apps Resource Provider requires User Access Administrator and Network Contributor permissions to your virtual network in order to grant a dedicated and dynamic service principal on the virtual network for further deployment and maintenance. For instructions and more information, see the Grant service permission to the virtual network section of Deploy Azure Spring Apps in a virtual network.
  • If you're using Azure Firewall or a Network Virtual Appliance (NVA), you'll also need to satisfy the following prerequisites:
  • If you're deploying an Azure Spring Apps Enterprise plan instance for the first time in the target subscription, see the Requirements section of Enterprise plan in Azure Marketplace.

Review the Terraform plan

The configuration file used in this quickstart is from the Azure Spring Apps reference architecture.

# Azure provider version 

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "= 3.21.1"
    }
  }
}

provider "azurerm" {
    features {} 
}

### Create Resource group 
resource "azurerm_resource_group" "sc_corp_rg" {
    name      = var.resource_group_name
    location  = var.location
}

### Create Application Insights
resource "azurerm_application_insights" "sc_app_insights" {
  name                = var.app_insights_name
  location            = var.location
  resource_group_name = var.resource_group_name
  application_type    = "web"
  workspace_id        = "/subscriptions/${var.subscription}/resourceGroups/${var.azurespringcloudvnetrg}/providers/Microsoft.OperationalInsights/workspaces/${var.sc_law_id}"
 
  depends_on = [azurerm_resource_group.sc_corp_rg]
}

### Create Spring Cloud Service
resource "azurerm_spring_cloud_service" "sc" {
  name                = var.sc_service_name 
  resource_group_name = var.resource_group_name
  location            = var.location
  sku_name            = "E0" 

  # Tanzu service registry - Set to true if Enterprise Tier
  service_registry_enabled = true
  build_agent_pool_size    = "S1"

  
  network {
    app_subnet_id                   = "/subscriptions/${var.subscription}/resourceGroups/${var.azurespringcloudvnetrg}/providers/Microsoft.Network/virtualNetworks/${var.vnet_spoke_name}/subnets/${var.app_subnet_id}"
    service_runtime_subnet_id       = "/subscriptions/${var.subscription}/resourceGroups/${var.azurespringcloudvnetrg}/providers/Microsoft.Network/virtualNetworks/${var.vnet_spoke_name}/subnets/${var.service_runtime_subnet_id}"
    cidr_ranges                     = var.sc_cidr
  }
  
  timeouts {
      create = "60m"
      delete = "2h"
  }
  
 
  depends_on = [azurerm_resource_group.sc_corp_rg]
  tags = var.tags
  
}

### Update Diags setting for Spring Cloud Service

resource "azurerm_monitor_diagnostic_setting" "sc_diag" {
  name                        = "monitoring"
  target_resource_id          = azurerm_spring_cloud_service.sc.id
  log_analytics_workspace_id = "/subscriptions/${var.subscription}/resourceGroups/${var.azurespringcloudvnetrg}/providers/Microsoft.OperationalInsights/workspaces/${var.sc_law_id}"

  log {
    category = "ApplicationConsole"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }

  metric {
    category = "AllMetrics"

    retention_policy {
      enabled = false
    }
  }
}


# Begin Tanzu Components


resource "azurerm_spring_cloud_build_pack_binding" "appinsights-binding" {
  name                    = "appins-binding"
  spring_cloud_builder_id = "${azurerm_spring_cloud_service.sc.id}/buildServices/default/builders/default"
  binding_type            = "ApplicationInsights"
  launch {
    properties = {
      sampling_percentage = "10"
    }

    secrets = {
      connection-string   = azurerm_application_insights.sc_app_insights.connection_string
    }
  }
}


# Configuration service
resource "azurerm_spring_cloud_configuration_service" "configservice" {
  name                    = "default"
  spring_cloud_service_id = azurerm_spring_cloud_service.sc.id
}

# Gateway
resource "azurerm_spring_cloud_gateway" "scgateway" {
  name                    = "default"
  spring_cloud_service_id = azurerm_spring_cloud_service.sc.id
  instance_count          = 2 
}

resource "azurerm_spring_cloud_api_portal" "apiportal" {
  name                          = "default"
  spring_cloud_service_id       = azurerm_spring_cloud_service.sc.id
  gateway_ids                   = [azurerm_spring_cloud_gateway.scgateway.id]
  https_only_enabled            = false
  public_network_access_enabled = true
  instance_count                = 1
}

Apply the Terraform plan

To apply the Terraform plan, follow these steps:

  1. Save the variables.tf file for the Standard plan or the Enterprise plan locally, then open it in an editor.

  2. Edit the file to add the following values:

    • The subscription ID of the Azure account you'll be deploying to.

    • A deployment location from the regions where Azure Spring Apps is available, as shown in Products available by region. You'll need the short form of the location name. To get this value, use the following command to generate a list of Azure locations, then look up the Name value for the region you selected.

      az account list-locations --output table

  3. Edit the file to add the following new deployment information:

    • The name of the resource group you'll deploy to.
    • A name of your choice for the Azure Spring Apps Deployment.
    • A name of your choice for the Application Insights resource.
    • Three CIDR ranges (at least /16) which are used to host the Azure Spring Apps backend infrastructure. The CIDR ranges must not overlap with any existing CIDR ranges in the target Subnet
    • The key/value pairs to be applied as tags on all resources that support tags. For more information, see Use tags to organize your Azure resources and management hierarchy

  4. Edit the file to add the following existing infrastructure information:

    • The name of the resource group where the existing virtual network resides.
    • The name of the existing scope virtual network.
    • The name of the existing subnet to be used by the Azure Spring Apps Application Service.
    • The name of the existing subnet to be used by the Azure Spring Apps Runtime Service.
    • The name of the Azure Log Analytics workspace.

  5. Run the following command to initialize the Terraform modules:

    terraform init

  6. Run the following command to create the Terraform deployment plan:

    terraform plan -out=springcloud.plan

  7. Run the following command to apply the Terraform deployment plan:

    terraform apply springcloud.plan

Review deployed resources

You can either use the Azure portal to check the deployed resources, or use Azure CLI or Azure PowerShell script to list the deployed resources.

Clean up resources

If you plan to continue working with subsequent quickstarts and tutorials, you might want to leave these resources in place. When no longer needed, delete the resources created in this article by using the following command.

terraform destroy -auto-approve

Next steps

In this quickstart, you deployed an Azure Spring Apps instance into an existing virtual network using Terraform, and then validated the deployment. To learn more about Azure Spring Apps, continue on to the resources below.