Edit

Quickstart: Provision Azure Spring Apps using Terraform

  • Article

Note

Azure Spring Apps is the new name for the Azure Spring Cloud service. Although the service has a new name, you'll see the old name in some places for a while as we work to update assets such as screenshots, videos, and diagrams.

This article applies to: ❌ Basic ✔️ Standard ✔️ Enterprise

This quickstart describes how to use Terraform to deploy an Azure Spring Apps cluster into an existing virtual network.

Azure Spring Apps makes it easy to deploy Spring applications to Azure without any code changes. The service manages the infrastructure of Spring applications so developers can focus on their code. Azure Spring Apps provides lifecycle management using comprehensive monitoring and diagnostics, configuration management, service discovery, CI/CD integration, blue-green deployments, and more.

The Enterprise deployment plan includes the following Tanzu components:

  • Build Service
  • Application Configuration Service
  • Service Registry
  • Spring Cloud Gateway
  • API Portal

The API Portal component will be included when it becomes available through the AzureRM Terraform provider.

For more customization including custom domain support, see the Azure Spring Apps Terraform provider documentation.

Prerequisites

Review the Terraform plan

The configuration file used in this quickstart is from the Azure Spring Apps reference architecture.

# Azure provider version 

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "= 3.21.1"
    }
  }
}

provider "azurerm" {
    features {} 
}

### Create Resource group 
resource "azurerm_resource_group" "sc_corp_rg" {
    name      = var.resource_group_name
    location  = var.location
}

### Create Application Insights
resource "azurerm_application_insights" "sc_app_insights" {
  name                = var.app_insights_name
  location            = var.location
  resource_group_name = var.resource_group_name
  application_type    = "web"
  workspace_id        = "/subscriptions/${var.subscription}/resourceGroups/${var.azurespringcloudvnetrg}/providers/Microsoft.OperationalInsights/workspaces/${var.sc_law_id}"
 
  depends_on = [azurerm_resource_group.sc_corp_rg]
}

### Create Spring Cloud Service
resource "azurerm_spring_cloud_service" "sc" {
  name                = var.sc_service_name 
  resource_group_name = var.resource_group_name
  location            = var.location
  sku_name            = "E0" 

  # Tanzu service registry - Set to true if Enterprise Tier
  service_registry_enabled = true
  build_agent_pool_size    = "S1"

  
  network {
    app_subnet_id                   = "/subscriptions/${var.subscription}/resourceGroups/${var.azurespringcloudvnetrg}/providers/Microsoft.Network/virtualNetworks/${var.vnet_spoke_name}/subnets/${var.app_subnet_id}"
    service_runtime_subnet_id       = "/subscriptions/${var.subscription}/resourceGroups/${var.azurespringcloudvnetrg}/providers/Microsoft.Network/virtualNetworks/${var.vnet_spoke_name}/subnets/${var.service_runtime_subnet_id}"
    cidr_ranges                     = var.sc_cidr
  }
  
  timeouts {
      create = "60m"
      delete = "2h"
  }
  
 
  depends_on = [azurerm_resource_group.sc_corp_rg]
  tags = var.tags
  
}

### Update Diags setting for Spring Cloud Service

resource "azurerm_monitor_diagnostic_setting" "sc_diag" {
  name                        = "monitoring"
  target_resource_id          = azurerm_spring_cloud_service.sc.id
  log_analytics_workspace_id = "/subscriptions/${var.subscription}/resourceGroups/${var.azurespringcloudvnetrg}/providers/Microsoft.OperationalInsights/workspaces/${var.sc_law_id}"

  log {
    category = "ApplicationConsole"
    enabled  = true

    retention_policy {
      enabled = false
    }
  }

  metric {
    category = "AllMetrics"

    retention_policy {
      enabled = false
    }
  }
}


# Begin Tanzu Components


resource "azurerm_spring_cloud_build_pack_binding" "appinsights-binding" {
  name                    = "appins-binding"
  spring_cloud_builder_id = "${azurerm_spring_cloud_service.sc.id}/buildServices/default/builders/default"
  binding_type            = "ApplicationInsights"
  launch {
    properties = {
      sampling_percentage = "10"
    }

    secrets = {
      connection-string   = azurerm_application_insights.sc_app_insights.connection_string
    }
  }
}


# Configuration service
resource "azurerm_spring_cloud_configuration_service" "configservice" {
  name                    = "default"
  spring_cloud_service_id = azurerm_spring_cloud_service.sc.id
}

# Gateway
resource "azurerm_spring_cloud_gateway" "scgateway" {
  name                    = "default"
  spring_cloud_service_id = azurerm_spring_cloud_service.sc.id
  instance_count          = 2 
}

resource "azurerm_spring_cloud_api_portal" "apiportal" {
  name                          = "default"
  spring_cloud_service_id       = azurerm_spring_cloud_service.sc.id
  gateway_ids                   = [azurerm_spring_cloud_gateway.scgateway.id]
  https_only_enabled            = false
  public_network_access_enabled = true
  instance_count                = 1
}

Apply the Terraform plan

To apply the Terraform plan, follow these steps:

  1. Save the variables.tf file for the Standard plan or the Enterprise plan locally, then open it in an editor.

  2. Edit the file to add the following values:

    • The subscription ID of the Azure account you'll be deploying to.

    • A deployment location from the regions where Azure Spring Apps is available, as shown in Products available by region. You'll need the short form of the location name. To get this value, use the following command to generate a list of Azure locations, then look up the Name value for the region you selected.

      az account list-locations --output table

  3. Edit the file to add the following new deployment information:

    • The name of the resource group you'll deploy to.
    • A name of your choice for the Azure Spring Apps Deployment.
    • A name of your choice for the Application Insights resource.
    • Three CIDR ranges (at least /16) which are used to host the Azure Spring Apps backend infrastructure. The CIDR ranges must not overlap with any existing CIDR ranges in the target Subnet
    • The key/value pairs to be applied as tags on all resources that support tags. For more information, see Use tags to organize your Azure resources and management hierarchy

  4. Edit the file to add the following existing infrastructure information:

    • The name of the resource group where the existing virtual network resides.
    • The name of the existing scope virtual network.
    • The name of the existing subnet to be used by the Azure Spring Apps Application Service.
    • The name of the existing subnet to be used by the Azure Spring Apps Runtime Service.
    • The name of the Azure Log Analytics workspace.

  5. Run the following command to initialize the Terraform modules:

    terraform init

  6. Run the following command to create the Terraform deployment plan:

    terraform plan -out=springcloud.plan

  7. Run the following command to apply the Terraform deployment plan:

    terraform apply springcloud.plan

Review deployed resources

You can either use the Azure portal to check the deployed resources, or use Azure CLI or Azure PowerShell script to list the deployed resources.

Clean up resources

If you plan to continue working with subsequent quickstarts and tutorials, you might want to leave these resources in place. When no longer needed, delete the resources created in this article by using the following command.

terraform destroy -auto-approve

Next steps

In this quickstart, you deployed an Azure Spring Apps instance into an existing virtual network using Terraform, and then validated the deployment. To learn more about Azure Spring Apps, continue on to the resources below.