Quickstart: Provision Azure Spring Apps using an ARM template

Note

Azure Spring Apps is the new name for the Azure Spring Cloud service. Although the service has a new name, you'll see the old name in some places for a while as we work to update assets such as screenshots, videos, and diagrams.

This article applies to: ❌ Basic tier ✔️ Standard tier ✔️ Enterprise tier

This quickstart describes how to use an Azure Resource Manager template (ARM template) to deploy an Azure Spring Apps cluster into an existing virtual network.

Azure Spring Apps makes it easy to deploy Spring applications to Azure without any code changes. The service manages the infrastructure of Spring applications so developers can focus on their code. Azure Spring Apps provides lifecycle management using comprehensive monitoring and diagnostics, configuration management, service discovery, CI/CD integration, blue-green deployments, and more.

The Enterprise tier deployment plan includes the following Tanzu components:

  • Build Service
  • Application Configuration Service
  • Service Registry
  • Spring Cloud Gateway
  • API Portal

An ARM template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax. In declarative syntax, you describe your intended deployment without writing the sequence of programming commands to create the deployment.

Prerequisites

  • An Azure subscription. If you don't have a subscription, create a free account before you begin.

  • Two dedicated subnets for the Azure Spring Apps cluster, one for the service runtime and another for the Spring applications. For subnet and virtual network requirements, see the Virtual network requirements section of Deploy Azure Spring Apps in a virtual network.

  • An existing Log Analytics workspace for Azure Spring Apps diagnostics settings and a workspace-based Application Insights resource. For more information, see Analyze logs and metrics with diagnostics settings and Application Insights Java In-Process Agent in Azure Spring Apps.

  • Three internal Classless Inter-Domain Routing (CIDR) ranges (at least /16 each) that you've identified for use by the Azure Spring Apps cluster. These CIDR ranges won't be directly routable and will be used only internally by the Azure Spring Apps cluster. Clusters may not use 169.254.0.0/16, 172.30.0.0/16, 172.31.0.0/16, or 192.0.2.0/24 for the internal Azure Spring Apps CIDR ranges, or any IP ranges included within the cluster virtual network address range.

  • Service permission granted to the virtual network. The Azure Spring Apps Resource Provider requires Owner permission to your virtual network in order to grant a dedicated and dynamic service principal on the virtual network for further deployment and maintenance. For instructions and more information, see the Grant service permission to the virtual network section of Deploy Azure Spring Apps in a virtual network.

  • If you're using Azure Firewall or a Network Virtual Appliance (NVA), you'll also need to satisfy the following prerequisites:

  • If you're deploying Azure Spring Apps Enterprise tier for the first time in the target subscription, use the following commands to register the provider and accept the legal terms and privacy statements for the Enterprise tier.

    az provider register --namespace Microsoft.SaaS
    az term accept \
         --publisher vmware-inc \
         --product azure-spring-cloud-vmware-tanzu-2 \
         --plan tanzu-asc-ent-mtr
    

Review the template

The templates used in this quickstart are from the Azure Spring Apps Reference Architecture.

{
    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
    "contentVersion": "1.0.0.0",
    "parameters": {
        "springCloudInstanceName": {
            "type": "string",
            "metadata": {
                "description": "The instance name of the Azure Spring Cloud resource"
            }
        },
        "appInsightsName": {
            "type": "string",
            "metadata": {
                "description": "The name of the Application Insights instance for Azure Spring Cloud"
            }
        },
        "laWorkspaceResourceId": {
            "type": "string",
            "metadata": {
                "description": "The resource ID of the existing Log Analytics workspace. This will be used for both diagnostics logs and Application Insights"
            }
        },
        "springCloudAppSubnetID": {
            "type": "string",
            "metadata": {
                "description": "The resourceID of the Azure Spring Cloud App Subnet"
            }
        },
        "springCloudRuntimeSubnetID": {
            "type": "string",
            "metadata": {
                "description": "The resourceID of the Azure Spring Cloud Runtime Subnet"
            }
        },
        "springCloudServiceCidrs": {
            "type": "string",
            "defaultValue": "10.0.0.0/16,10.2.0.0/16,10.3.0.1/16",
            "metadata": {
                "description": "Comma-separated list of IP address ranges in CIDR format. The IP ranges are reserved to host underlying Azure Spring Cloud infrastructure, which should be 3 at least /16 unused IP ranges, must not overlap with any Subnet IP ranges"
            }
            
        },
        
        "tags": {
            "type": "object",
            "metadata": {
                "description": "The tags that will be associated to the Resources"
            },
            "defaultValue": {
                "environment": "lab"
            }
        }
    },
    "variables": {              
        "location": "[resourceGroup().location]"                                   
    },
    "resources": [
        {
            "type": "Microsoft.Insights/components",
            "name": "[parameters('appInsightsName')]",
            "apiVersion": "2020-02-02-preview",
            "location": "[variables('location')]",
            "tags": "[parameters('tags')]",
            "properties": {
                "Application_Type": "web",
                "ApplicationId": "[parameters('appInsightsName')]",
                "Flow_Type": "Bluefield",
                "Request_Source": "rest",
                "WorkspaceResourceId": "[parameters('laWorkspaceResourceId')]"
            }
        },
        {
            "apiVersion": "2022-03-01-preview",
            "name": "[parameters('springCloudInstanceName')]",
            "location": "[variables('location')]",
            "tags": "[parameters('tags')]",
            "dependsOn": [
                "[resourceId('Microsoft.Insights/components', parameters('appInsightsName'))]"
                
            ],
            "type": "Microsoft.AppPlatform/Spring",
            "sku": {
                "name": "S0",
                "tier": "Standard"
            },
            "properties": {
                "networkProfile": {
                    "serviceCidr": "[parameters('springCloudServiceCidrs')]",
                    "serviceRuntimeSubnetId": "[parameters('springCloudRuntimeSubnetID')]",
                    "appSubnetId": "[parameters('springCloudAppSubnetID')]"
                }
            }
        },
        {
            "apiVersion": "2022-03-01-preview",
            "name": "[concat(parameters('springCloudInstanceName'), '/default')]",
            "type": "Microsoft.AppPlatform/Spring/monitoringSettings",
            "properties": {
                "traceEnabled": true,
                "appInsightsInstrumentationKey": "[reference(resourceId('Microsoft.Insights/components', parameters('appInsightsName')), '2020-02-02-preview').InstrumentationKey]"
            },
            "dependsOn": [
                "[resourceId('Microsoft.AppPlatform/Spring/', parameters('springCloudInstanceName'))]"
            ]
        },
        {
            "type": "Microsoft.AppPlatform/Spring/providers/diagnosticSettings",
            "name": "[concat(parameters('springCloudInstanceName'), '/Microsoft.Insights/monitoring')]",
            "dependsOn": [  
                "[resourceId('Microsoft.AppPlatform/Spring/', parameters('springCloudInstanceName'))]"       
            ],
            "apiVersion": "2017-05-01-preview",
            "properties": {
                "name": "monitoring",
                "workspaceId": "[parameters('laWorkspaceResourceId')]",
                "logs": [
                    {
                        "category": "ApplicationConsole",
                        "enabled": true,
                        "retentionPolicy": {
                            "days": 30,
                            "enabled": false
                        }
                    }
                ]
            }
        }
               
    ],
    "outputs": {
    }
}

Two Azure resources are defined in the template:

Deploy the template

To deploy the template, use the following steps.

First, select the following image to sign in to Azure and open a template. The template creates an Azure Spring Apps instance in an existing Virtual Network and a workspace-based Application Insights instance in an existing Azure Monitor Log Analytics Workspace.

Next, enter values for the following fields:

  • Resource Group: Select Create new, enter a unique name for the resource group, and then select OK.
  • springCloudInstanceName: Enter the name of the Azure Spring Apps resource.
  • appInsightsName: Enter the name of the Application Insights instance for Azure Spring Apps.
  • laWorkspaceResourceId: Enter the resource ID of the existing Log Analytics workspace (for example, /subscriptions/<your subscription>/resourcegroups/<your Log Analytics resource group>/providers/Microsoft.OperationalInsights/workspaces/<your Log Analytics workspace name>.)
  • springCloudAppSubnetID: Enter the resource ID of the Azure Spring Apps Application Subnet.
  • springCloudRuntimeSubnetID: Enter the resource ID of the Azure Spring Apps Runtime Subnet.
  • springCloudServiceCidrs: Enter a comma-separated list of IP address ranges (three in total) in CIDR format. The IP ranges are reserved to host underlying Azure Spring Apps infrastructure. These three ranges should be at least /16 unused IP ranges, and must not overlap with any routable subnet IP ranges used within the network.
  • tags: Enter any custom tags.

Finally, select Review + Create and then Create.

Review deployed resources

You can either use the Azure portal to check the deployed resources, or use Azure CLI or Azure PowerShell script to list the deployed resources.

Clean up resources

If you plan to continue working with subsequent quickstarts and tutorials, you might want to leave these resources in place. When no longer needed, delete the resource group, which deletes the resources in the resource group. To delete the resource group by using Azure CLI or Azure PowerShell, use the following commands:

echo "Enter the Resource Group name:" &&
read resourceGroupName &&
az group delete --name $resourceGroupName &&
echo "Press [ENTER] to continue ..."

Next steps

In this quickstart, you deployed an Azure Spring Apps instance into an existing virtual network using an ARM template, and then validated the deployment. To learn more about Azure Spring Apps and Azure Resource Manager, continue on to the resources below.