Quickstart: Provision Azure Spring Cloud using Terraform

This quickstart describes how to use Terraform to deploy an Azure Spring Cloud cluster into an existing virtual network.

Azure Spring Cloud makes it easy to deploy Spring Boot microservice applications to Azure without any code changes. The service manages the infrastructure of Spring Cloud applications so developers can focus on their code. Azure Spring Cloud provides lifecycle management using comprehensive monitoring and diagnostics, configuration management, service discovery, CI/CD integration, blue-green deployments, and more.

Prerequisites

  • An Azure subscription. If you don't have a subscription, create a free account before you begin.
  • Hashicorp Terraform
  • Two dedicated subnets for the Azure Spring Cloud cluster, one for the service runtime and another for the Spring Boot micro-service applications. For subnet and virtual network requirements, see the Virtual network requirements section of Deploy Azure Spring Cloud in a virtual network.
  • An existing Log Analytics workspace for Azure Spring Cloud diagnostics settings and a workspace-based Application Insights resource. For more information, see Analyze logs and metrics with diagnostics settings and Application Insights Java In-Process Agent in Azure Spring Cloud.
  • Three internal Classless Inter-Domain Routing (CIDR) ranges (at least /16 each) that you've identified for use by the Azure Spring Cloud cluster. These CIDR ranges will not be directly routable and will be used only internally by the Azure Spring Cloud cluster. Clusters may not use 169.254.0.0/16, 172.30.0.0/16, 172.31.0.0/16, or 192.0.2.0/24 for the internal Spring Cloud CIDR ranges, or any IP ranges included within the cluster virtual network address range.
  • Service permission granted to the virtual network. The Azure Spring Cloud Resource Provider requires Owner permission to your virtual network in order to grant a dedicated and dynamic service principal on the virtual network for further deployment and maintenance. For instructions and more information, see the Grant service permission to the virtual network section of Deploy Azure Spring Cloud in a virtual network.
  • If you're using Azure Firewall or a Network Virtual Appliance (NVA), you'll also need to satisfy the following prerequisites:

Review the configuration file

The configuration file used in this quickstart is from the Azure Spring Cloud reference architecture.

provider "azurerm" {
    features {}
}

resource "azurerm_resource_group" "sc_corp_rg" {
    name      = var.resource_group_name
    location  = var.location
}

resource "azurerm_application_insights" "sc_app_insights" {
  name                = var.app_insights_name
  location            = var.location
  resource_group_name = var.resource_group_name
  application_type    = "web"
  depends_on = [azurerm_resource_group.sc_corp_rg]
}

resource "azurerm_spring_cloud_service" "sc" {
  name                = var.sc_service_name
  resource_group_name = var.resource_group_name
  location            = var.location

  network {
    app_subnet_id                   = "/subscriptions/${var.subscription}/resourceGroups/${var.azurespringcloudvnetrg}/providers/Microsoft.Network/virtualNetworks/${var.vnet_spoke_name}/subnets/${var.app_subnet_id}"
    service_runtime_subnet_id       = "/subscriptions/${var.subscription}/resourceGroups/${var.azurespringcloudvnetrg}/providers/Microsoft.Network/virtualNetworks/${var.vnet_spoke_name}/subnets/${var.service_runtime_subnet_id}"
    cidr_ranges                     = var.sc_cidr
  }

  timeouts {
      create = "60m"
      delete = "2h"
  }

  depends_on = [azurerm_resource_group.sc_corp_rg]
  tags = var.tags

}

resource "azurerm_monitor_diagnostic_setting" "sc_diag" {
  name                        = "monitoring"
  target_resource_id          = azurerm_spring_cloud_service.sc.id
  log_analytics_workspace_id = "/subscriptions/${var.subscription}/resourceGroups/${var.azurespringcloudvnetrg}/providers/Microsoft.OperationalInsights/workspaces/${var.sc_law_id}"

  log {
    category = "ApplicationConsole"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }

  metric {
    category = "AllMetrics"

    retention_policy {
      enabled = false
    }
  }
}

Apply the configuration

To apply the configuration, follow these steps:

  1. Save the variables.tf file locally, then open it in an editor.

  2. Edit the file to add the following values:

    • The subscription ID of the Azure account you'll be deploying to.

    • A deployment location from the regions where Azure Spring Cloud is available, as shown in Products available by region. You'll need the short form of the location name. To get this value, use the following command to generate a list of Azure locations, then look up the Name value for the region you selected.

    az account list-locations --output table
    
    • The name of the resource group you'll deploy to.
    • A name of your choice for the Spring Cloud Deployment.
    • The name of the virtual network resource group where you'll deploy your resources.
    • The name of the spoke virtual network (for example, vnet-spoke).
    • The name of the subnet to be used by the Spring Cloud App Service (for example, snet-app).
    • The name of the subnet to be used by the Spring Cloud runtime service (for example, snet-runtime).
    • The name of the Azure Log Analytics workspace.
    • The CIDR ranges from your virtual network to be used by Azure Spring Cloud (for example, XX.X.X.X/16,XX.X.X.X/16,XX.X.X.X/16).
    • The key/value pairs to be applied as tags on all resources that support tags. For more information, see Use tags to organize your Azure resources and management hierarchy.
  3. Run the following command to initialize the Terraform modules:

    terraform init
    
  4. Run the following command to create the Terraform deployment plan:

    terraform plan -out=springcloud.plan
    
  5. Run the following command to apply the Terraform deployment plan:

    terraform apply springcloud.plan
    

Review deployed resources

You can either use the Azure portal to check the deployed resources, or use Azure CLI or Azure PowerShell script to list the deployed resources.

Clean up resources

If you plan to continue working with subsequent quickstarts and tutorials, you might want to leave these resources in place. When no longer needed, delete the resources created in this article by using the following command.

terraform destroy -auto-approve

Next steps

In this quickstart, you deployed an Azure Spring Cloud instance into an existing virtual network using Terraform, and then validated the deployment. To learn more about Azure Spring Cloud, continue on to the resources below.