Source from repo
Azure Cloud Migrate

GitHub Copilot for Azure plugin providing Azure service management and development assistance inside Claude Code and IDEs.
microsoftGitHub microsoftOfficialSource repo Original GitHub link Publisher page
Files
Skill
n/a
Size
177.7 KB
Entrypoint
SKILL.md
Format
git-repo
Open file
references/services/container-apps/spring-deployment-guide.md

Syntax-highlighted preview of this file as included in the skill package.
Rendered Source
markdown368 linesFree
references/services/container-apps/spring-deployment-guide.md
1# Deployment Guide: Spring Boot to Azure Container Apps
2 
3## Phase 1: Create Container Apps Environment
4 
5**Bash:**
6```bash
7#!/bin/bash
8set -euo pipefail
9az group create --name spring-rg --location eastus
10az monitor log-analytics workspace create --resource-group spring-rg --workspace-name spring-logs --location eastus
11LOG_ID=$(az monitor log-analytics workspace show --resource-group spring-rg --workspace-name spring-logs --query customerId -o tsv)
12LOG_KEY=$(az monitor log-analytics workspace get-shared-keys --resource-group spring-rg --workspace-name spring-logs --query primarySharedKey -o tsv)
13az containerapp env create --name spring-env --resource-group spring-rg --location eastus --logs-workspace-id "$LOG_ID" --logs-workspace-key "$LOG_KEY"
14```
15 
16**PowerShell:**
17```powershell
18az group create --name spring-rg --location eastus
19az monitor log-analytics workspace create --resource-group spring-rg --workspace-name spring-logs --location eastus
20$LOG_ID = az monitor log-analytics workspace show --resource-group spring-rg --workspace-name spring-logs --query customerId -o tsv
21$LOG_KEY = az monitor log-analytics workspace get-shared-keys --resource-group spring-rg --workspace-name spring-logs --query primarySharedKey -o tsv
22az containerapp env create --name spring-env --resource-group spring-rg --location eastus --logs-workspace-id "$LOG_ID" --logs-workspace-key "$LOG_KEY"
23```
24 
25## Phase 2: Configure Logging
26 
27**Update application.properties:**
28```properties
29logging.pattern.console=%d{yyyy-MM-dd HH:mm:ss} - %msg%n
30```
31 
32Configure diagnostic settings: Azure Monitor Log Analytics (recommended), Event Hubs, or third-party solutions.
33 
34## Phase 3: Containerize Application
35 
36**Dockerfile:**
37```dockerfile
38FROM mcr.microsoft.com/openjdk/jdk:21-ubuntu
39WORKDIR /app
40COPY target/*.jar app.jar
41EXPOSE 8080
42ENTRYPOINT ["java", "-jar", "app.jar"]
43```
44 
45**Build and push (Bash):**
46```bash
47ACR_NAME="${ACR_NAME:-<acr>}"
48az acr create --name "$ACR_NAME" --resource-group spring-rg --sku Basic --location eastus
49az acr login --name "$ACR_NAME"
50docker build -t "${ACR_NAME}.azurecr.io/spring-app:v1.0" .
51docker push "${ACR_NAME}.azurecr.io/spring-app:v1.0"
52```
53 
54**Build and push (PowerShell):**
55```powershell
56$ACR_NAME = if ($env:ACR_NAME) { $env:ACR_NAME } else { "<acr>" }
57az acr create --name "$ACR_NAME" --resource-group spring-rg --sku Basic --location eastus
58az acr login --name "$ACR_NAME"
59docker build -t "${ACR_NAME}.azurecr.io/spring-app:v1.0" .
60docker push "${ACR_NAME}.azurecr.io/spring-app:v1.0"
61```
62 
63## Phase 4: Configure Storage (if needed)
64 
65**Azure Files for persistent storage (Bash):**
66```bash
67STORAGE_ACCOUNT="${STORAGE_ACCOUNT:-<storage-account>}"
68az storage account create --name "$STORAGE_ACCOUNT" --resource-group spring-rg --location eastus --sku Standard_LRS
69STORAGE_KEY=$(az storage account keys list --account-name "$STORAGE_ACCOUNT" --resource-group spring-rg --query "[0].value" -o tsv)
70az storage share create --name spring-data --account-name "$STORAGE_ACCOUNT" --account-key "$STORAGE_KEY"
71az containerapp env storage set --name spring-env --resource-group spring-rg --storage-name spring-storage \
72  --azure-file-account-name "$STORAGE_ACCOUNT" --azure-file-account-key "$STORAGE_KEY" \
73  --azure-file-share-name spring-data --access-mode ReadWrite
74```
75 
76**Azure Files for persistent storage (PowerShell):**
77```powershell
78$STORAGE_ACCOUNT = if ($env:STORAGE_ACCOUNT) { $env:STORAGE_ACCOUNT } else { "<storage-account>" }
79az storage account create --name "$STORAGE_ACCOUNT" --resource-group spring-rg --location eastus --sku Standard_LRS
80$STORAGE_KEY = az storage account keys list --account-name "$STORAGE_ACCOUNT" --resource-group spring-rg --query "[0].value" -o tsv
81az storage share create --name spring-data --account-name "$STORAGE_ACCOUNT" --account-key "$STORAGE_KEY"
82az containerapp env storage set --name spring-env --resource-group spring-rg --storage-name spring-storage `
83  --azure-file-account-name "$STORAGE_ACCOUNT" --azure-file-account-key "$STORAGE_KEY" `
84  --azure-file-share-name spring-data --access-mode ReadWrite
85```
86 
87## Phase 5: Migrate Secrets to Key Vault
88 
89> **Security Note:** Avoid passing secrets via `--value` on the command line (leaks via shell history). Use `--file` with a protected temp file or prompt securely instead.
90 
91**Bash:**
92```bash
93ACR_NAME="${ACR_NAME:-<acr>}"  # From Phase 3
94KEY_VAULT="${KEY_VAULT:-<keyvault>}"
95az keyvault create --name "$KEY_VAULT" --resource-group spring-rg --location eastus
96IDENTITY_ID=$(az identity create --name spring-id --resource-group spring-rg --location eastus --query id -o tsv)
97PRINCIPAL_ID=$(az identity show --ids "$IDENTITY_ID" --query principalId -o tsv)
98az keyvault set-policy --name "$KEY_VAULT" --object-id "$PRINCIPAL_ID" --secret-permissions get list
99 
100# Secure approach using temp file
101SECRET_FILE=$(mktemp)
102trap 'shred -u "$SECRET_FILE" 2>/dev/null || rm -f "$SECRET_FILE"' EXIT
103read -s -p "Enter database password: " DB_PASSWORD
104echo -n "$DB_PASSWORD" > "$SECRET_FILE"
105az keyvault secret set --vault-name "$KEY_VAULT" --name db-password --file "$SECRET_FILE"
106 
107ACR_ID=$(az acr show --name "$ACR_NAME" --query id -o tsv)
108az role assignment create --assignee "$PRINCIPAL_ID" --role AcrPull --scope "$ACR_ID"
109```
110 
111**PowerShell:**
112```powershell
113$ACR_NAME = if ($env:ACR_NAME) { $env:ACR_NAME } else { "<acr>" }  # From Phase 3
114$KEY_VAULT = if ($env:KEY_VAULT) { $env:KEY_VAULT } else { "<keyvault>" }
115az keyvault create --name "$KEY_VAULT" --resource-group spring-rg --location eastus
116$IDENTITY_ID = az identity create --name spring-id --resource-group spring-rg --location eastus --query id -o tsv
117$PRINCIPAL_ID = az identity show --ids "$IDENTITY_ID" --query principalId -o tsv
118az keyvault set-policy --name "$KEY_VAULT" --object-id "$PRINCIPAL_ID" --secret-permissions get list
119 
120# Secure approach using temp file
121$SECRET_FILE = [System.IO.Path]::GetTempFileName()
122try {
123  $SecurePassword = Read-Host "Enter database password" -AsSecureString
124  $BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
125  try {
126    $PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
127    [System.IO.File]::WriteAllText($SECRET_FILE, $PlainPassword)
128    az keyvault secret set --vault-name "$KEY_VAULT" --name db-password --file "$SECRET_FILE"
129  } finally {
130    [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($BSTR)
131  }
132} finally {
133  Remove-Item $SECRET_FILE -Force -ErrorAction SilentlyContinue
134}
135 
136$ACR_ID = az acr show --name "$ACR_NAME" --query id -o tsv
137az role assignment create --assignee "$PRINCIPAL_ID" --role AcrPull --scope "$ACR_ID"
138```
139 
140## Phase 6: Deploy Container App
141 
142**Bash:**
143```bash
144ACR_NAME="${ACR_NAME:-<acr>}"          # From Phase 3
145KEY_VAULT="${KEY_VAULT:-<keyvault>}"    # From Phase 5
146IDENTITY_ID="${IDENTITY_ID:?Set IDENTITY_ID from Phase 5}"
147SECRET_URI=$(az keyvault secret show --vault-name "$KEY_VAULT" --name db-password --query id -o tsv)
148az containerapp create --name spring-app --resource-group spring-rg --environment spring-env \
149  --image "${ACR_NAME}.azurecr.io/spring-app:v1.0" --target-port 8080 --ingress external \
150  --cpu 2.0 --memory 4Gi --min-replicas 2 --max-replicas 10 \
151  --user-assigned "$IDENTITY_ID" --registry-identity "$IDENTITY_ID" --registry-server "${ACR_NAME}.azurecr.io" \
152  --secrets db-password=keyvaultref:"${SECRET_URI}",identityref:"${IDENTITY_ID}" \
153  --env-vars SPRING_DATASOURCE_PASSWORD=secretref:db-password SPRING_PROFILES_ACTIVE=prod
154```
155 
156**PowerShell:**
157```powershell
158$ACR_NAME = if ($env:ACR_NAME) { $env:ACR_NAME } else { "<acr>" }          # From Phase 3
159$KEY_VAULT = if ($env:KEY_VAULT) { $env:KEY_VAULT } else { "<keyvault>" }    # From Phase 5
160$IDENTITY_ID = if ($env:IDENTITY_ID) { $env:IDENTITY_ID } else { throw "Set IDENTITY_ID from Phase 5" }
161$SECRET_URI = az keyvault secret show --vault-name "$KEY_VAULT" --name db-password --query id -o tsv
162az containerapp create --name spring-app --resource-group spring-rg --environment spring-env `
163  --image "${ACR_NAME}.azurecr.io/spring-app:v1.0" --target-port 8080 --ingress external `
164  --cpu 2.0 --memory 4Gi --min-replicas 2 --max-replicas 10 `
165  --user-assigned "$IDENTITY_ID" --registry-identity "$IDENTITY_ID" --registry-server "${ACR_NAME}.azurecr.io" `
166  --secrets db-password=keyvaultref:"${SECRET_URI}",identityref:"${IDENTITY_ID}" `
167  --env-vars SPRING_DATASOURCE_PASSWORD=secretref:db-password SPRING_PROFILES_ACTIVE=prod
168```
169 
170**With storage mount:** Export the app configuration, add volumeMounts, and update:
171 
172**Bash:**
173```bash
174az containerapp show --name spring-app --resource-group spring-rg -o yaml > app.yaml
175# Edit app.yaml: add volumeMounts under containers[0] and volumes at template level
176az containerapp update --name spring-app --resource-group spring-rg --yaml app.yaml
177```
178 
179**PowerShell:**
180```powershell
181az containerapp show --name spring-app --resource-group spring-rg -o yaml | Out-File -Encoding utf8 app.yaml
182# Edit app.yaml: add volumeMounts under containers[0] and volumes at template level
183az containerapp update --name spring-app --resource-group spring-rg --yaml app.yaml
184```
185 
186**Health Probes** (recommended for Spring Boot apps): Export configuration, add probes, and update:
187 
188**Bash:**
189```bash
190az containerapp show --name spring-app --resource-group spring-rg -o yaml > app.yaml
191# Edit app.yaml: add probes under containers[0]
192#   probes:
193#   - type: Startup
194#     httpGet:
195#       path: /actuator/health
196#       port: 8080
197#     failureThreshold: 30
198#     periodSeconds: 2
199#   - type: Liveness
200#     httpGet:
201#       path: /actuator/health/liveness
202#       port: 8080
203#   - type: Readiness
204#     httpGet:
205#       path: /actuator/health/readiness
206#       port: 8080
207az containerapp update --name spring-app --resource-group spring-rg --yaml app.yaml
208```
209 
210**PowerShell:**
211```powershell
212az containerapp show --name spring-app --resource-group spring-rg -o yaml | Out-File -Encoding utf8 app.yaml
213# Edit app.yaml: add probes under containers[0]
214#   probes:
215#   - type: Startup
216#     httpGet:
217#       path: /actuator/health
218#       port: 8080
219#     failureThreshold: 30
220#     periodSeconds: 2
221#   - type: Liveness
222#     httpGet:
223#       path: /actuator/health/liveness
224#       port: 8080
225#   - type: Readiness
226#     httpGet:
227#       path: /actuator/health/readiness
228#       port: 8080
229az containerapp update --name spring-app --resource-group spring-rg --yaml app.yaml
230```
231 
232## Phase 7: Validation
233 
234**Bash:**
235```bash
236FQDN=$(az containerapp show --name spring-app --resource-group spring-rg --query properties.configuration.ingress.fqdn -o tsv)
237echo "Application URL: https://${FQDN}"
238curl "https://${FQDN}/actuator/health"
239az containerapp logs show --name spring-app --resource-group spring-rg --tail 50
240```
241 
242**PowerShell:**
243```powershell
244$FQDN = az containerapp show --name spring-app --resource-group spring-rg --query properties.configuration.ingress.fqdn -o tsv
245Write-Host "Application URL: https://${FQDN}"
246Invoke-WebRequest "https://${FQDN}/actuator/health"
247az containerapp logs show --name spring-app --resource-group spring-rg --tail 50
248```
249 
250## Phase 8: Post-Migration Optimization
251 
252### Add Spring Cloud Config Server
253 
254**Bash:**
255```bash
256az containerapp env java-component config-server-for-spring create \
257  --environment spring-env --resource-group spring-rg --name config-server \
258  --min-replicas 1 --max-replicas 1 \
259  --configuration spring.cloud.config.server.git.uri=https://github.com/your-org/config-repo
260az containerapp update --name spring-app --resource-group spring-rg --bind config-server
261```
262 
263**PowerShell:**
264```powershell
265az containerapp env java-component config-server-for-spring create `
266  --environment spring-env --resource-group spring-rg --name config-server `
267  --min-replicas 1 --max-replicas 1 `
268  --configuration spring.cloud.config.server.git.uri=https://github.com/your-org/config-repo
269az containerapp update --name spring-app --resource-group spring-rg --bind config-server
270```
271 
272### Add Eureka Service Registry
273 
274**Bash:**
275```bash
276az containerapp env java-component eureka-server-for-spring create \
277  --environment spring-env --resource-group spring-rg --name eureka-server \
278  --min-replicas 1 --max-replicas 1
279az containerapp update --name spring-app --resource-group spring-rg --bind eureka-server
280```
281 
282**PowerShell:**
283```powershell
284az containerapp env java-component eureka-server-for-spring create `
285  --environment spring-env --resource-group spring-rg --name eureka-server `
286  --min-replicas 1 --max-replicas 1
287az containerapp update --name spring-app --resource-group spring-rg --bind eureka-server
288```
289 
290**Add dependency (pom.xml):**
291```xml
292<dependency>
293    <groupId>org.springframework.cloud</groupId>
294    <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
295</dependency>
296```
297 
298### Add Spring Cloud Gateway
299 
300**Bash:**
301```bash
302az containerapp create --name spring-gateway --resource-group spring-rg --environment spring-env \
303  --image "${ACR_NAME}.azurecr.io/gateway:v1.0" --target-port 8080 --ingress external \
304  --cpu 1.0 --memory 2Gi --min-replicas 1 --max-replicas 5 \
305  --bind eureka-server config-server
306```
307 
308**PowerShell:**
309```powershell
310az containerapp create --name spring-gateway --resource-group spring-rg --environment spring-env `
311  --image "${ACR_NAME}.azurecr.io/gateway:v1.0" --target-port 8080 --ingress external `
312  --cpu 1.0 --memory 2Gi --min-replicas 1 --max-replicas 5 `
313  --bind eureka-server config-server
314```
315 
316### Add Spring Boot Admin
317 
318**Bash:**
319```bash
320az containerapp env java-component admin-for-spring create \
321  --environment spring-env --resource-group spring-rg --name admin-server \
322  --min-replicas 1 --max-replicas 1
323az containerapp update --name spring-app --resource-group spring-rg --bind admin-server
324```
325 
326**PowerShell:**
327```powershell
328az containerapp env java-component admin-for-spring create `
329  --environment spring-env --resource-group spring-rg --name admin-server `
330  --min-replicas 1 --max-replicas 1
331az containerapp update --name spring-app --resource-group spring-rg --bind admin-server
332```
333 
334## Troubleshooting
335 
336| Issue | Solution |
337|-------|----------|
338| Image pull fails | Verify ACR role: `az role assignment list --assignee $PRINCIPAL_ID --scope $ACR_ID` |
339| App won't start | Check logs: `az containerapp logs show --name spring-app -g spring-rg --tail 100` |
340| Health check fails | Verify port 8080 matches `server.port` in application.properties |
341| Secrets not accessible | Check Key Vault policy: `az keyvault show --name $KEY_VAULT --query properties.accessPolicies` |
342| Storage mount fails | Verify storage configuration: `az containerapp env storage list --name spring-env -g spring-rg` |
343| High memory usage | Reduce max heap: add `--env-vars JAVA_OPTS="-Xmx2g"` to container app |
344 
345## CI/CD Integration
346 
347**GitHub Actions example:**
348```yaml
349- name: Build and push to ACR
350  run: |
351    az acr build --registry ${{ secrets.ACR_NAME }} --image spring-app:${{ github.sha }} .
352- name: Deploy to Container Apps
353  run: |
354    az containerapp update --name spring-app -g spring-rg --image ${{ secrets.ACR_NAME }}.azurecr.io/spring-app:${{ github.sha }}
355```
356 
357**Azure Pipelines example:**
358```yaml
359- task: AzureCLI@2
360  inputs:
361    azureSubscription: 'AzureConnection'
362    scriptType: 'bash'
363    scriptLocation: 'inlineScript'
364    inlineScript: |
365      az acr build --registry $(ACR_NAME) --image spring-app:$(Build.BuildId) .
366      az containerapp update --name spring-app -g spring-rg --image $(ACR_NAME).azurecr.io/spring-app:$(Build.BuildId)
367```
368
Preparing the source view

Azure Cloud Migrate

references/services/container-apps/spring-deployment-guide.md
