Deploying Azure Spring Apps with Terraform

Learn how to deploy and manage Azure Spring Apps using Terraform

Deploying Azure Spring Apps with Terraform

Azure Spring Apps (formerly Spring Cloud) provides a fully managed service for Spring Boot applications. This guide will show you how to deploy and manage Azure Spring Apps using Terraform.

Video Tutorial

Prerequisites

  • Azure subscription
  • Terraform installed
  • Azure CLI installed
  • Basic knowledge of Spring Boot

Project Structure

.
├── main.tf               # Main Terraform configuration file
├── variables.tf          # Variable definitions
├── outputs.tf           # Output definitions
├── terraform.tfvars     # Variable values
└── modules/
    └── spring/
        ├── main.tf      # Spring Apps specific configurations
        ├── variables.tf  # Module variables
        └── outputs.tf   # Module outputs

Basic Configuration

Here’s a basic example of setting up Azure Spring Apps:

resource "azurerm_resource_group" "spring_rg" {
  name     = "spring-resources"
  location = "eastus"
}

resource "azurerm_spring_cloud_service" "spring_service" {
  name                = "myspringservice"
  resource_group_name = azurerm_resource_group.spring_rg.name
  location           = azurerm_resource_group.spring_rg.location
  sku_name           = "S0"

  config_server_git_setting {
    uri          = "https://github.com/myorg/spring-config"
    label        = "main"
    search_paths = ["config"]
  }
}

resource "azurerm_spring_cloud_app" "spring_app" {
  name                = "myspringapp"
  resource_group_name = azurerm_resource_group.spring_rg.name
  service_name       = azurerm_spring_cloud_service.spring_service.name
  
  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_spring_cloud_java_deployment" "deployment" {
  name                = "default"
  spring_cloud_app_id = azurerm_spring_cloud_app.spring_app.id
  
  quota {
    cpu    = "1"
    memory = "2Gi"
  }

  instance_count = 1
  
  runtime_version = "Java_11"
}

Advanced Features

Custom Domains and SSL

Configure custom domains with SSL:

resource "azurerm_spring_cloud_certificate" "cert" {
  name                = "mycert"
  resource_group_name = azurerm_resource_group.spring_rg.name
  service_name       = azurerm_spring_cloud_service.spring_service.name
  key_vault_certificate_id = azurerm_key_vault_certificate.cert.id
}

resource "azurerm_spring_cloud_custom_domain" "domain" {
  name                = "api.example.com"
  spring_cloud_app_id = azurerm_spring_cloud_app.spring_app.id
  thumbprint         = azurerm_spring_cloud_certificate.cert.thumbprint
}

Network Integration

Configure virtual network integration:

resource "azurerm_virtual_network" "vnet" {
  name                = "spring-vnet"
  resource_group_name = azurerm_resource_group.spring_rg.name
  location           = azurerm_resource_group.spring_rg.location
  address_space      = ["10.0.0.0/16"]
}

resource "azurerm_subnet" "spring_subnet" {
  name                 = "spring-subnet"
  resource_group_name  = azurerm_resource_group.spring_rg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = ["10.0.1.0/24"]
}

resource "azurerm_spring_cloud_service" "spring_service" {
  # ... other configurations ...

  network {
    app_subnet_id                   = azurerm_subnet.spring_subnet.id
    service_runtime_subnet_id       = azurerm_subnet.spring_subnet.id
    cidr_ranges                    = ["10.0.0.0/16"]
    app_network_resource_group     = "spring-network-rg"
    service_runtime_network_resource_group = "spring-network-rg"
  }
}

Best Practices

  1. Use Infrastructure as Code for consistent deployments
  2. Implement proper monitoring and logging
  3. Use managed identities for enhanced security
  4. Configure auto-scaling appropriately
  5. Implement proper backup and disaster recovery

Security Considerations

  1. Use Azure Key Vault for secrets management
  2. Implement network isolation using VNet integration
  3. Use managed identities instead of service principals
  4. Enable Azure Monitor for monitoring and alerting
  5. Regularly audit access and permissions

Monitoring and Logging

Configure monitoring for your Spring Apps:

resource "azurerm_monitor_diagnostic_setting" "spring_diagnostics" {
  name                       = "spring-diagnostics"
  target_resource_id        = azurerm_spring_cloud_service.spring_service.id
  log_analytics_workspace_id = azurerm_log_analytics_workspace.workspace.id

  log {
    category = "ApplicationConsole"
    enabled  = true
  }

  metric {
    category = "AllMetrics"
    enabled  = true
  }
}

Scaling and Performance

Configure auto-scaling for your Spring Apps:

resource "azurerm_monitor_autoscale_setting" "spring_autoscale" {
  name                = "spring-autoscale"
  resource_group_name = azurerm_resource_group.spring_rg.name
  target_resource_id  = azurerm_spring_cloud_app.spring_app.id
  location           = azurerm_resource_group.spring_rg.location

  profile {
    name = "defaultProfile"

    capacity {
      default = 1
      minimum = 1
      maximum = 10
    }

    rule {
      metric_trigger {
        metric_name        = "CpuPercentage"
        metric_resource_id = azurerm_spring_cloud_app.spring_app.id
        time_grain        = "PT1M"
        statistic         = "Average"
        time_window       = "PT5M"
        time_aggregation  = "Average"
        operator          = "GreaterThan"
        threshold         = 75
      }

      scale_action {
        direction = "Increase"
        type      = "ChangeCount"
        value     = "1"
        cooldown  = "PT5M"
      }
    }
  }
}

Conclusion

Azure Spring Apps with Terraform provides a powerful way to deploy and manage Spring Boot applications in Azure. By following these best practices and configurations, you can create scalable and secure Spring applications in the cloud.