Quickstart: Provision Azure Spring Apps using Azure CLI
Note
The Basic, Standard, and Enterprise plans will be deprecated starting from mid-March, 2025, with a 3 year retirement period. We recommend transitioning to Azure Container Apps. For more information, see the Azure Spring Apps retirement announcement.
The Standard consumption and dedicated plan will be deprecated starting September 30, 2024, with a complete shutdown after six months. We recommend transitioning to Azure Container Apps. For more information, see Migrate Azure Spring Apps Standard consumption and dedicated plan to Azure Container Apps.
This article applies to: ❎ Basic ✅ Standard ✅ Enterprise
This quickstart describes how to use Azure CLI to deploy an Azure Spring Apps cluster into an existing virtual network.
Azure Spring Apps makes it easy to deploy Spring applications to Azure without any code changes. The service manages the infrastructure of Spring applications so developers can focus on their code. Azure Spring Apps provides lifecycle management using comprehensive monitoring and diagnostics, configuration management, service discovery, CI/CD integration, blue-green deployments, and more.
The Enterprise deployment plan includes the following Tanzu components:
- Build Service
- Application Configuration Service
- Service Registry
- Spring Cloud Gateway
- API Portal
Prerequisites
- An Azure subscription. If you don't have a subscription, create a free account before you begin.
- Two dedicated subnets for the Azure Spring Apps cluster, one for the service runtime and another for the Spring applications. For subnet and virtual network requirements, see the Virtual network requirements section of Deploy Azure Spring Apps in a virtual network.
- An existing Log Analytics workspace for Azure Spring Apps diagnostics settings and a workspace-based Application Insights resource. For more information, see Analyze logs and metrics with diagnostics settings and Application Insights Java In-Process Agent in Azure Spring Apps.
- Three internal Classless Inter-Domain Routing (CIDR) ranges (at least /16 each) that you've identified for use by the Azure Spring Apps cluster. These CIDR ranges won't be directly routable and will be used only internally by the Azure Spring Apps cluster. Clusters may not use 169.254.0.0/16, 172.30.0.0/16, 172.31.0.0/16, or 192.0.2.0/24 for the internal Spring app CIDR ranges, or any IP ranges included within the cluster virtual network address range.
- Service permission granted to the virtual network. The Azure Spring Apps Resource Provider requires
User Access Administrator
andNetwork Contributor
permissions to your virtual network in order to grant a dedicated and dynamic service principal on the virtual network for further deployment and maintenance. For instructions and more information, see the Grant service permission to the virtual network section of Deploy Azure Spring Apps in a virtual network. - If you're using Azure Firewall or a Network Virtual Appliance (NVA), you'll also need to satisfy the following prerequisites:
- Network and fully qualified domain name (FQDN) rules. For more information, see Virtual network requirements.
- A unique User Defined Route (UDR) applied to each of the service runtime and Spring application subnets. For more information about UDRs, see Virtual network traffic routing. The UDR should be configured with a route for 0.0.0.0/0 with a destination of your NVA before deploying the Azure Spring Apps cluster. For more information, see the Bring your own route table section of Deploy Azure Spring Apps in a virtual network.
- Azure CLI
- If you're deploying an Azure Spring Apps Enterprise plan instance for the first time in the target subscription, see the Requirements section of Enterprise plan in Azure Marketplace.
Review the Azure CLI deployment script
The deployment script used in this quickstart is from the Azure Spring Apps reference architecture.
#!/bin/bash
echo "Enter Azure Subscription ID: "
read subscription
subscription=$subscription
echo "Enter Azure region for resource deployment: "
read region
location=$region
echo "Enter Azure Spring Resource Group Name: "
read azurespringrg
azurespring_resource_group_name=$azurespringrg
echo "Enter Azure Spring VNet Resource Group Name: "
read azurespringvnetrg
azurespring_vnet_resource_group_name=$azurespringvnetrg
echo "Enter Azure Spring Spoke VNet : "
read azurespringappspokevnet
azurespringappspokevnet=$azurespringappspokevnet
echo "Enter Azure Spring App SubNet : "
read azurespringappsubnet
azurespring_app_subnet_name='/subscriptions/'$subscription'/resourcegroups/'$azurespring_vnet_resource_group_name'/providers/Microsoft.Network/virtualNetworks/'$azurespringappspokevnet'/subnets/'$azurespringappsubnet
echo "Enter Azure Spring Service SubNet : "
read azurespringservicesubnet
azurespring_service_subnet_name='/subscriptions/'$subscription'/resourcegroups/'$azurespring_vnet_resource_group_name'/providers/Microsoft.Network/virtualNetworks/'$azurespringappspokevnet'/subnets/'$azurespringservicesubnet
echo "Enter Azure Log Analytics Workspace Resource Group Name: "
read loganalyticsrg
loganalyticsrg=$loganalyticsrg
echo "Enter Log Analytics Workspace Resource Name: "
read workspace
workspaceID='/subscriptions/'$subscription'/resourcegroups/'$loganalyticsrg'/providers/microsoft.operationalinsights/workspaces/'$workspace
echo "Enter Reserved CIDR Ranges for Azure Spring: "
read reservedcidrrange
reservedcidrrange=$reservedcidrrange
echo "Enter key=value pair used for tagging Azure Resources (space separated for multiple tags): "
read tag
tags=$tag
randomstring=$(LC_ALL=C tr -dc 'a-z0-9' < /dev/urandom | fold -w 13 | head -n 1)
azurespring_service='spring-'$randomstring #Name of unique Spring resource
azurespring_appinsights=$azurespring_service
azurespring_resourceid='/subscriptions/'$subscription'/resourceGroups/'$azurespring_resource_group_name'/providers/Microsoft.AppPlatform/Spring/'$azurespring_service
# Create Application Insights
az monitor app-insights component create \
--app ${azurespring_service} \
--location ${location} \
--kind web \
-g ${azurespringrg} \
--application-type web \
--workspace ${workspaceID}
az spring create \
-n ${azurespring_service} \
-g ${azurespringrg} \
-l ${location} \
--sku Standard \
--app-insights ${azurespring_service} \
--app-subnet ${azurespring_app_subnet_name} \
--service-runtime-subnet ${azurespring_service_subnet_name} \
--reserved-cidr-range ${reservedcidrrange} \
--tags ${tags}
# Update diagnostic setting for Azure Spring instance
az monitor diagnostic-settings create \
--name monitoring \
--resource ${azurespring_resourceid} \
--logs '[{"category": "ApplicationConsole","enabled": true}]' \
--workspace ${workspaceID}
Deploy the cluster
To deploy the Azure Spring Apps cluster using the Azure CLI script, follow these steps:
Sign in to Azure by using the following command:
az login
After you sign in, this command will output information about all the subscriptions you have access to. Take note of the name and ID of the subscription you want to use.
Set the target subscription.
az account set --subscription "<your subscription name>"
Register the Azure Spring Apps Resource Provider.
az provider register --namespace 'Microsoft.AppPlatform'
Add the required extensions to Azure CLI.
az extension add --name spring
Choose a deployment location from the regions where Azure Spring Apps is available, as shown in Products available by region.
Use the following command to generate a list of Azure locations. Take note of the short Name value for the region you selected in the previous step.
az account list-locations --output table
Create a resource group to deploy the resource to.
az group create --name <your-resource-group-name> --location <location-name>
Save the script for Azure Spring Apps Standard plan or Enterprise plan locally, then run it from the Bash prompt.
Standard plan:
./azuredeploySpringStandard.sh
Enterprise plan:
./azuredeploySpringEnterprise.sh
Enter the following values when prompted by the script:
- The Azure subscription ID that you saved earlier.
- The Azure location name that you saved earlier.
- The name of the resource group that you created earlier.
- The name of the virtual network resource group where you'll deploy your resources.
- The name of the spoke virtual network (for example, vnet-spoke).
- The name of the subnet to be used by the Azure Spring Apps Application Service (for example, snet-app).
- The name of the subnet to be used by the Azure Spring Apps Runtime Service (for example, snet-runtime).
- The name of the resource group for the Azure Log Analytics workspace to be used for storing diagnostic logs.
- The name of the Azure Log Analytics workspace (for example, la-cb5sqq6574o2a).
- The CIDR ranges from your virtual network to be used by Azure Spring Apps (for example, XX.X.X.X/16,XX.X.X.X/16,XX.X.X.X/16).
- The key/value pairs to be applied as tags on all resources that support tags. For more information, see Use tags to organize your Azure resources and management hierarchy. Use a space-separated list to apply multiple tags (for example, environment=Dev BusinessUnit=finance).
After you provide this information, the script will create and deploy the Azure resources.
Review deployed resources
You can either use the Azure portal to check the deployed resources, or use Azure CLI to list the deployed resources.
Clean up resources
If you plan to continue working with subsequent quickstarts and tutorials, you might want to leave these resources in place. When no longer needed, delete the resource group, which deletes the resources in the resource group. To delete the resource group by using Azure CLI, use the following commands:
echo "Enter the Resource Group name:" &&
read resourceGroupName &&
az group delete --name $resourceGroupName &&
echo "Press [ENTER] to continue ..."
Next steps
In this quickstart, you deployed an Azure Spring Apps instance into an existing virtual network using Azure CLI, and then validated the deployment. To learn more about Azure Spring Apps, continue on to the resources below.
- Deploy one of the following sample applications from the locations below:
- Use custom domains with Azure Spring Apps.
- Expose applications in Azure Spring Apps to the internet using Azure Application Gateway. For more information, see Expose applications with end-to-end TLS in a virtual network.
- View the secure end-to-end Azure Spring Apps reference architecture, which is based on the Microsoft Azure Well-Architected Framework.