Source from repo
Azure Cloud Migrate

Assess and migrate workloads from AWS, GCP, or other clouds to Azure services.
microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page
Files
Skill
n/a
Size
177.6 KB
Entrypoint
SKILL.md
Format
git-repo
Open file
references/services/container-apps/spring-deployment-guide.md

Syntax-highlighted preview of this file as included in the skill package.
Rendered Source
markdown368 linesFree
references/services/container-apps/spring-deployment-guide.md
1# Deployment Guide: Spring Boot to Azure Container Apps
2 
3## Phase 1: Create Container Apps Environment
4 
5**Bash:**
6```bash
7#!/bin/bash
8set -euo pipefail
9az group create --name spring-rg --location eastus
10az monitor log-analytics workspace create --resource-group spring-rg --workspace-name spring-logs --location eastus
11LOG_ID=$(az monitor log-analytics workspace show --resource-group spring-rg --workspace-name spring-logs --query customerId -o tsv)
12LOG_KEY=$(az monitor log-analytics workspace get-shared-keys --resource-group spring-rg --workspace-name spring-logs --query primarySharedKey -o tsv)
13az containerapp env create --name spring-env --resource-group spring-rg --location eastus --logs-workspace-id "$LOG_ID" --logs-workspace-key "$LOG_KEY"
14```
15 
16**PowerShell:**
17```powershell
18az group create --name spring-rg --location eastus
19az monitor log-analytics workspace create --resource-group spring-rg --workspace-name spring-logs --location eastus
20$LOG_ID = az monitor log-analytics workspace show --resource-group spring-rg --workspace-name spring-logs --query customerId -o tsv
21$LOG_KEY = az monitor log-analytics workspace get-shared-keys --resource-group spring-rg --workspace-name spring-logs --query primarySharedKey -o tsv
22az containerapp env create --name spring-env --resource-group spring-rg --location eastus --logs-workspace-id "$LOG_ID" --logs-workspace-key "$LOG_KEY"
23```
24 
25## Phase 2: Configure Logging
26 
27**Update application.properties:**
28```properties
29logging.pattern.console=%d{yyyy-MM-dd HH:mm:ss} - %msg%n
30```
31 
32Configure diagnostic settings: Azure Monitor Log Analytics (recommended), Event Hubs, or third-party solutions.
33 
34## Phase 3: Containerize Application
35 
36**Dockerfile:**
37```dockerfile
38FROM mcr.microsoft.com/openjdk/jdk:21-ubuntu
39WORKDIR /app
40COPY target/*.jar app.jar
41EXPOSE 8080
42ENTRYPOINT ["java", "-jar", "app.jar"]
43```
44 
45**Build and push (Bash):**
46```bash
47ACR_NAME="${ACR_NAME:-<acr>}"
48az acr create --name "$ACR_NAME" --resource-group spring-rg --sku Basic --location eastus
49az acr login --name "$ACR_NAME"
50docker build -t "${ACR_NAME}.azurecr.io/spring-app:v1.0" .
51docker push "${ACR_NAME}.azurecr.io/spring-app:v1.0"
52```
53 
54**Build and push (PowerShell):**
55```powershell
56$ACR_NAME = if ($env:ACR_NAME) { $env:ACR_NAME } else { "<acr>" }
57az acr create --name "$ACR_NAME" --resource-group spring-rg --sku Basic --location eastus
58az acr login --name "$ACR_NAME"
59docker build -t "${ACR_NAME}.azurecr.io/spring-app:v1.0" .
60docker push "${ACR_NAME}.azurecr.io/spring-app:v1.0"
61```
62 
63## Phase 4: Configure Storage (if needed)
64 
65**Azure Files for persistent storage (Bash):**
66```bash
67STORAGE_ACCOUNT="${STORAGE_ACCOUNT:-<storage-account>}"
68az storage account create --name "$STORAGE_ACCOUNT" --resource-group spring-rg --location eastus --sku Standard_LRS
69STORAGE_KEY=$(az storage account keys list --account-name "$STORAGE_ACCOUNT" --resource-group spring-rg --query "[0].value" -o tsv)
70az storage share create --name spring-data --account-name "$STORAGE_ACCOUNT" --account-key "$STORAGE_KEY"
71az containerapp env storage set --name spring-env --resource-group spring-rg --storage-name spring-storage \
72  --azure-file-account-name "$STORAGE_ACCOUNT" --azure-file-account-key "$STORAGE_KEY" \
73  --azure-file-share-name spring-data --access-mode ReadWrite
74```
75 
76**Azure Files for persistent storage (PowerShell):**
77```powershell
78$STORAGE_ACCOUNT = if ($env:STORAGE_ACCOUNT) { $env:STORAGE_ACCOUNT } else { "<storage-account>" }
79az storage account create --name "$STORAGE_ACCOUNT" --resource-group spring-rg --location eastus --sku Standard_LRS
80$STORAGE_KEY = az storage account keys list --account-name "$STORAGE_ACCOUNT" --resource-group spring-rg --query "[0].value" -o tsv
81az storage share create --name spring-data --account-name "$STORAGE_ACCOUNT" --account-key "$STORAGE_KEY"
82az containerapp env storage set --name spring-env --resource-group spring-rg --storage-name spring-storage `
83  --azure-file-account-name "$STORAGE_ACCOUNT" --azure-file-account-key "$STORAGE_KEY" `
84  --azure-file-share-name spring-data --access-mode ReadWrite
85```
86 
87## Phase 5: Migrate Secrets to Key Vault
88 
89> **Security Note:** Avoid passing secrets via `--value` on the command line (leaks via shell history). Use `--file` with a protected temp file or prompt securely instead.
90 
91**Bash:**
92```bash
93ACR_NAME="${ACR_NAME:-<acr>}"  # From Phase 3
94KEY_VAULT="${KEY_VAULT:-<keyvault>}"
95az keyvault create --name "$KEY_VAULT" --resource-group spring-rg --location eastus
96IDENTITY_ID=$(az identity create --name spring-id --resource-group spring-rg --location eastus --query id -o tsv)
97PRINCIPAL_ID=$(az identity show --ids "$IDENTITY_ID" --query principalId -o tsv)
98az keyvault set-policy --name "$KEY_VAULT" --object-id "$PRINCIPAL_ID" --secret-permissions get list
99 
100# Secure approach using temp file
101SECRET_FILE=$(mktemp)
102trap 'shred -u "$SECRET_FILE" 2>/dev/null || rm -f "$SECRET_FILE"' EXIT
103read -s -p "Enter database password: " DB_PASSWORD
104echo -n "$DB_PASSWORD" > "$SECRET_FILE"
105az keyvault secret set --vault-name "$KEY_VAULT" --name db-password --file "$SECRET_FILE"
106 
107ACR_ID=$(az acr show --name "$ACR_NAME" --query id -o tsv)
108az role assignment create --assignee "$PRINCIPAL_ID" --role AcrPull --scope "$ACR_ID"
109```
110 
111**PowerShell:**
112```powershell
113$ACR_NAME = if ($env:ACR_NAME) { $env:ACR_NAME } else { "<acr>" }  # From Phase 3
114$KEY_VAULT = if ($env:KEY_VAULT) { $env:KEY_VAULT } else { "<keyvault>" }
115az keyvault create --name "$KEY_VAULT" --resource-group spring-rg --location eastus
116$IDENTITY_ID = az identity create --name spring-id --resource-group spring-rg --location eastus --query id -o tsv
117$PRINCIPAL_ID = az identity show --ids "$IDENTITY_ID" --query principalId -o tsv
118az keyvault set-policy --name "$KEY_VAULT" --object-id "$PRINCIPAL_ID" --secret-permissions get list
119 
120# Secure approach using temp file
121$SECRET_FILE = [System.IO.Path]::GetTempFileName()
122try {
123  $SecurePassword = Read-Host "Enter database password" -AsSecureString
124  $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
125  try {
126    $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
127    [System.IO.File]::WriteAllText($SECRET_FILE, $PlainPassword)
128    az keyvault secret set --vault-name "$KEY_VAULT" --name db-password --file "$SECRET_FILE"
129  } finally {
130    [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR)
131  }
132} finally {
133  Remove-Item $SECRET_FILE -Force -ErrorAction SilentlyContinue
134}
135 
136$ACR_ID = az acr show --name "$ACR_NAME" --query id -o tsv
137az role assignment create --assignee "$PRINCIPAL_ID" --role AcrPull --scope "$ACR_ID"
138```
139 
140## Phase 6: Deploy Container App
141 
142**Bash:**
143```bash
144ACR_NAME="${ACR_NAME:-<acr>}"          # From Phase 3
145KEY_VAULT="${KEY_VAULT:-<keyvault>}"    # From Phase 5
146IDENTITY_ID="${IDENTITY_ID:?Set IDENTITY_ID from Phase 5}"
147SECRET_URI=$(az keyvault secret show --vault-name "$KEY_VAULT" --name db-password --query id -o tsv)
148az containerapp create --name spring-app --resource-group spring-rg --environment spring-env \
149  --image "${ACR_NAME}.azurecr.io/spring-app:v1.0" --target-port 8080 --ingress external \
150  --cpu 2.0 --memory 4Gi --min-replicas 2 --max-replicas 10 \
151  --user-assigned "$IDENTITY_ID" --registry-identity "$IDENTITY_ID" --registry-server "${ACR_NAME}.azurecr.io" \
152  --secrets db-password=keyvaultref:"${SECRET_URI}",identityref:"${IDENTITY_ID}" \
153  --env-vars SPRING_DATASOURCE_PASSWORD=secretref:db-password SPRING_PROFILES_ACTIVE=prod
154```
155 
156**PowerShell:**
157```powershell
158$ACR_NAME = if ($env:ACR_NAME) { $env:ACR_NAME } else { "<acr>" }          # From Phase 3
159$KEY_VAULT = if ($env:KEY_VAULT) { $env:KEY_VAULT } else { "<keyvault>" }    # From Phase 5
160$IDENTITY_ID = if ($env:IDENTITY_ID) { $env:IDENTITY_ID } else { throw "Set IDENTITY_ID from Phase 5" }
161$SECRET_URI = az keyvault secret show --vault-name "$KEY_VAULT" --name db-password --query id -o tsv
162az containerapp create --name spring-app --resource-group spring-rg --environment spring-env `
163  --image "${ACR_NAME}.azurecr.io/spring-app:v1.0" --target-port 8080 --ingress external `
164  --cpu 2.0 --memory 4Gi --min-replicas 2 --max-replicas 10 `
165  --user-assigned "$IDENTITY_ID" --registry-identity "$IDENTITY_ID" --registry-server "${ACR_NAME}.azurecr.io" `
166  --secrets db-password=keyvaultref:"${SECRET_URI}",identityref:"${IDENTITY_ID}" `
167  --env-vars SPRING_DATASOURCE_PASSWORD=secretref:db-password SPRING_PROFILES_ACTIVE=prod
168```
169 
170**With storage mount:** Export the app configuration, add volumeMounts, and update:
171 
172**Bash:**
173```bash
174az containerapp show --name spring-app --resource-group spring-rg -o yaml > app.yaml
175# Edit app.yaml: add volumeMounts under containers[0] and volumes at template level
176az containerapp update --name spring-app --resource-group spring-rg --yaml app.yaml
177```
178 
179**PowerShell:**
180```powershell
181az containerapp show --name spring-app --resource-group spring-rg -o yaml | Out-File -Encoding utf8 app.yaml
182# Edit app.yaml: add volumeMounts under containers[0] and volumes at template level
183az containerapp update --name spring-app --resource-group spring-rg --yaml app.yaml
184```
185 
186**Health Probes** (recommended for Spring Boot apps): Export configuration, add probes, and update:
187 
188**Bash:**
189```bash
190az containerapp show --name spring-app --resource-group spring-rg -o yaml > app.yaml
191# Edit app.yaml: add probes under containers[0]
192#   probes:
193#   - type: Startup
194#     httpGet:
195#       path: /actuator/health
196#       port: 8080
197#     failureThreshold: 30
198#     periodSeconds: 2
199#   - type: Liveness
200#     httpGet:
201#       path: /actuator/health/liveness
202#       port: 8080
203#   - type: Readiness
204#     httpGet:
205#       path: /actuator/health/readiness
206#       port: 8080
207az containerapp update --name spring-app --resource-group spring-rg --yaml app.yaml
208```
209 
210**PowerShell:**
211```powershell
212az containerapp show --name spring-app --resource-group spring-rg -o yaml | Out-File -Encoding utf8 app.yaml
213# Edit app.yaml: add probes under containers[0]
214#   probes:
215#   - type: Startup
216#     httpGet:
217#       path: /actuator/health
218#       port: 8080
219#     failureThreshold: 30
220#     periodSeconds: 2
221#   - type: Liveness
222#     httpGet:
223#       path: /actuator/health/liveness
224#       port: 8080
225#   - type: Readiness
226#     httpGet:
227#       path: /actuator/health/readiness
228#       port: 8080
229az containerapp update --name spring-app --resource-group spring-rg --yaml app.yaml
230```
231 
232## Phase 7: Validation
233 
234**Bash:**
235```bash
236FQDN=$(az containerapp show --name spring-app --resource-group spring-rg --query properties.configuration.ingress.fqdn -o tsv)
237echo "Application URL: https://${FQDN}"
238curl "https://${FQDN}/actuator/health"
239az containerapp logs show --name spring-app --resource-group spring-rg --tail 50
240```
241 
242**PowerShell:**
243```powershell
244$FQDN = az containerapp show --name spring-app --resource-group spring-rg --query properties.configuration.ingress.fqdn -o tsv
245Write-Host "Application URL: https://${FQDN}"
246Invoke-WebRequest "https://${FQDN}/actuator/health"
247az containerapp logs show --name spring-app --resource-group spring-rg --tail 50
248```
249 
250## Phase 8: Post-Migration Optimization
251 
252### Add Spring Cloud Config Server
253 
254**Bash:**
255```bash
256az containerapp env java-component config-server-for-spring create \
257  --environment spring-env --resource-group spring-rg --name config-server \
258  --min-replicas 1 --max-replicas 1 \
259  --configuration spring.cloud.config.server.git.uri=https://github.com/your-org/config-repo
260az containerapp update --name spring-app --resource-group spring-rg --bind config-server
261```
262 
263**PowerShell:**
264```powershell
265az containerapp env java-component config-server-for-spring create `
266  --environment spring-env --resource-group spring-rg --name config-server `
267  --min-replicas 1 --max-replicas 1 `
268  --configuration spring.cloud.config.server.git.uri=https://github.com/your-org/config-repo
269az containerapp update --name spring-app --resource-group spring-rg --bind config-server
270```
271 
272### Add Eureka Service Registry
273 
274**Bash:**
275```bash
276az containerapp env java-component eureka-server-for-spring create \
277  --environment spring-env --resource-group spring-rg --name eureka-server \
278  --min-replicas 1 --max-replicas 1
279az containerapp update --name spring-app --resource-group spring-rg --bind eureka-server
280```
281 
282**PowerShell:**
283```powershell
284az containerapp env java-component eureka-server-for-spring create `
285  --environment spring-env --resource-group spring-rg --name eureka-server `
286  --min-replicas 1 --max-replicas 1
287az containerapp update --name spring-app --resource-group spring-rg --bind eureka-server
288```
289 
290**Add dependency (pom.xml):**
291```xml
292<dependency>
293    <groupId>org.springframework.cloud</groupId>
294    <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
295</dependency>
296```
297 
298### Add Spring Cloud Gateway
299 
300**Bash:**
301```bash
302az containerapp create --name spring-gateway --resource-group spring-rg --environment spring-env \
303  --image "${ACR_NAME}.azurecr.io/gateway:v1.0" --target-port 8080 --ingress external \
304  --cpu 1.0 --memory 2Gi --min-replicas 1 --max-replicas 5 \
305  --bind eureka-server config-server
306```
307 
308**PowerShell:**
309```powershell
310az containerapp create --name spring-gateway --resource-group spring-rg --environment spring-env `
311  --image "${ACR_NAME}.azurecr.io/gateway:v1.0" --target-port 8080 --ingress external `
312  --cpu 1.0 --memory 2Gi --min-replicas 1 --max-replicas 5 `
313  --bind eureka-server config-server
314```
315 
316### Add Spring Boot Admin
317 
318**Bash:**
319```bash
320az containerapp env java-component admin-for-spring create \
321  --environment spring-env --resource-group spring-rg --name admin-server \
322  --min-replicas 1 --max-replicas 1
323az containerapp update --name spring-app --resource-group spring-rg --bind admin-server
324```
325 
326**PowerShell:**
327```powershell
328az containerapp env java-component admin-for-spring create `
329  --environment spring-env --resource-group spring-rg --name admin-server `
330  --min-replicas 1 --max-replicas 1
331az containerapp update --name spring-app --resource-group spring-rg --bind admin-server
332```
333 
334## Troubleshooting
335 
336| Issue | Solution |
337|-------|----------|
338| Image pull fails | Verify ACR role: `az role assignment list --assignee $PRINCIPAL_ID --scope $ACR_ID` |
339| App won't start | Check logs: `az containerapp logs show --name spring-app -g spring-rg --tail 100` |
340| Health check fails | Verify port 8080 matches `server.port` in application.properties |
341| Secrets not accessible | Check Key Vault policy: `az keyvault show --name $KEY_VAULT --query properties.accessPolicies` |
342| Storage mount fails | Verify storage configuration: `az containerapp env storage list --name spring-env -g spring-rg` |
343| High memory usage | Reduce max heap: add `--env-vars JAVA_OPTS="-Xmx2g"` to container app |
344 
345## CI/CD Integration
346 
347**GitHub Actions example:**
348```yaml
349- name: Build and push to ACR
350  run: |
351    az acr build --registry ${{ secrets.ACR_NAME }} --image spring-app:${{ github.sha }} .
352- name: Deploy to Container Apps
353  run: |
354    az containerapp update --name spring-app -g spring-rg --image ${{ secrets.ACR_NAME }}.azurecr.io/spring-app:${{ github.sha }}
355```
356 
357**Azure Pipelines example:**
358```yaml
359- task: AzureCLI@2
360  inputs:
361    azureSubscription: 'AzureConnection'
362    scriptType: 'bash'
363    scriptLocation: 'inlineScript'
364    inlineScript: |
365      az acr build --registry $(ACR_NAME) --image spring-app:$(Build.BuildId) .
366      az containerapp update --name spring-app -g spring-rg --image $(ACR_NAME).azurecr.io/spring-app:$(Build.BuildId)
367```
368
Preparing the source view

Azure Cloud Migrate

references/services/container-apps/spring-deployment-guide.md
