5. Data Cache Async communications – JMS and Kafka Keys, secrets & certs
Open source client libraries, integration modules and drivers
Storage
Azure Spring Cloud
Monitor – logstream, APM and end-to-end Identities
end-users and machines
Automation
Developer experiences
Spring Boot apps Service runtime
...
App 1 App 2 App 3 App N Agents Build Service Config Server Service Registry Lifecycle Resiliency Logstream Encryption Diagnostics
Domains
Developer experiences Identities – end-users & machines Automation
Data
Open sou
Stor
Monitor – logstream, AP
Developer experiences
Spring Boot apps
...
App 1 App 2 App 3 App N
Monitor – logstream, APM & end-to-end
Azure Spring Apps
Azure Spring Apps
Open source client libraries, integration modules and drivers
Data Storage Cache Async communications – JMS and Kafka Keys, secrets
& certs
9. az spring create --name ${SPRING_CLOUD_SERVICE}
--sku standard
--resource-group ${RESOURCE_GROUP}
--location ${REGION}
az spring app create --name ${CUSTOMERS_SERVICE}
az spring app deploy --name ${CUSTOMERS_SERVICE} |
--jar-path ${CUSTOMERS_SERVICE_JAR}
20. Link to Spring Apps Gateway doc
• Routes define how the Gateway will process incoming requests.
• Each route is composed of Predicates, Filters, and a Service.
• Predicates determine whether the route matches any given request.
• Filters apply behavior to matching requests or their responses.
• The Service determines where the request will be forwarded after
filtering.
21. 1. Client makes a
request to the
Gateway.
2. Evaluates
Predicates to match a
request to a route.
Spring Apps Gateway
3. Runs through the “pre” filter logic chain
specific to the request.
Pre-request
Post-request
4. Proxy routes the request
to the service.
Proxied
Service
5. Service is executed.
6. Runs the “post” filter logic.
22. Evaluate conditions to map requests to a route
• HTTP Method matches a list?
• URI Path matches a pattern?
• URI Query matches a regex?
• RemoteAddr matches CIDRs?
• Weight within a route group
Link to available Predicates
• After a certain datetime?
• Before a certain datetime?
• Between two datetimes?
• Cookie matches a regex?
• Header value matches a regex?
• Host matches a pattern list?
24. Spring Cloud
Configuration
Server
A
B
Git Repository
Credential Vault
• On startup, connect to
config server to obtain
config settings.
• Access config server via
HTTP / REST / JSON
interface.
Config Server
filesystem
SQL Database
Other … etc.
• Source of truth for service
configuration.
• Mediate access to multiple
configuration storage
systems.
• The only network address that
an app needs to know about.
Service
Configuration Storage
Backend
25. ConfigMaps and Secrets
are stored in etcd;
injected into running
containers via
environment variables or
volume mounts.
26. Config Server
Pros
• Versioned/audited history of configuration settings.
• Pluggable external stores (vault, sqldb, other config servers).
• Runs locally; no developer desktop directly from IDE.
• Does not depend on Kubernetes; developer does not need to
know anything about K8S to use config server.
• Store configurations for multiple apps in one config server.
• Config backed up outside of Kubernetes cluster.
• Defines a hierarchy of property sources; allows extraction into a
common property file in the config server.
• Can be used outside of K8S or in a multi-cluster configuration.
ConfigMap / Secrets
Pros
• Pod/container won’t start if etcd is down, thus app will have its
config on startup.
• Programming language neutral, not Java or Spring centric.
• Very nice Spring integration with Spring cloud Kubernetes
projects.
Cons
• Application can’t startup if config server is down.
• Application must understand the config server REST API or use a
client library.
• Considered Java/Spring centric by other language communities.
Cons
• Can only store the latest version of configuration; no auditing of
previous versions of a config value.
• Requires developers to be familiar with Kubernetes.
• Requires application to run on Kubernetes.
• ConfigMap is not available when launching a Spring App from
IDE on laptop.
• May require access to the Kubernetes API server to be able to
watch for changes on the ConfigMap so that apps can reload.
• Multiple apps will have multiple ConfigMap YAML files in
multiple K8S namespaces, making it hard to see all the config in
one place.
• Works inside a single K8S cluster; ConfigMap does not span
clusters or namespaces.
29. Automatically mounted as volumes in the underlying Kubernetes cluster
A simple command
• Consumes config files in the Git repo.
• Makes them accessible to the app as ConfigMap mounted as a volume.
• Spring Boot automatically processes mounted volumes.
30. Azure Spring Apps - Enterprise Tanzu Application Platform
Fully-managed service Self-managed – on K8S
Hides K8S from developers Offers K8S-native dev experience
Hides K8S from operators Operators access and manage K8S
Available across the globe on Azure Available on any conformant K8S - on-premises or any cloud
Polyglot - targeted for Spring workloads Polyglot - targeted for all workloads
Purchase vCPU and Memory hours instantly
through existing Azure EA – billed by the second
Purchase annual physical cores through VMware Tanzu
subscription
31. Customer
nominates
apps
Customer
sends tech
leads and app
architects
Meet with
experts from
Microsoft and
VMware
Rapid
assessment
Identified apps
for migrating
to Azure
Plan ASA test
environment
Customer
builds ASA
environment
Timeboxed
session to
attempt to
deploy apps
Microsoft and VMware summarizes
- Discovery of the workload (apps, arch, dependencies, requirements, sizing),
- opinion on benefits, pros and cons of moving to ASA,
- effort required to move the app workload to Azure,
- available services, and offers to help
- share a written, concrete plan
Welcome
We are so glad that you are here today. Thank you for joining us!
I am <Speaker Name>
<Speaker to share a brief intro of their experience in the Java/Microsoft>
Let’s dive in ..
Azure Spring Apps is a fully managed service for Spring Boot apps that lets you focus on building and running the apps that run your business without the hassle of managing infrastructure.
You can simply deploy your JARs or code and Azure Spring Apps will automatically wire your apps with the Spring service runtime.
Once deployed you can easily monitor application performance, fix errors, and rapidly improve applications. It is integrated into Azure ecosystem and enterprise ready.
The service is jointly developed, operated and supported by Microsoft and VMware.
Azure Spring Apps is built on Kubernetes
The exciting part is, you get the power of Kubernetes, but I don't have to really worry about learning or managing it
Little more details …
The big rectangle is Azure Spring Apps, built on K8S
Each service instance has two dedicated Kubernetes clusters, they are managed by Azure Spring Apps and abstracted away from users
Service runtime with managed Spring Apps components, app lifecycle, log streaming and many more service runtime components are managed in the right side Kubernetes clluster
Your apps are running in the left cluster in the diagram
<CLICK>
Your apps can interact with any Azure service or external service or on premises systems
<CLICK>
Logs, metrics and alerts are available through Azure Monitor. You can monitor end-to-end using any tools and platform of your choice
<CLICK>
You can secure you apps using Azure Active Directory
<CLICK>
Automate end-to-end using your favorite tools and platforms
<CLICK>
You can continue to use development tools that you are familiar with – IntelliJ, VS Code, Maven, Gradle – you can deploy using tools like IntelliJ and Maven
Net-net, it is an easy way to get started, focus on your biz objectives and everything else is taken care for you in cloud
<CLICK>
Do you have to manage anything here?
No you do not have to … Azure Spring Apps has absorbed all the complexities with infrastructure, hosting microservice apps, app lifecycle, managing microservices, blue green deployments, pushing logs and metrics
All supported by Microsoft and VMware.
Little more details …
The big rectangle is Azure Spring Apps, built on K8S
Each service instance has two dedicated Kubernetes clusters, they are managed by Azure Spring Apps and abstracted away from users
Service runtime with managed Spring Apps components, app lifecycle, log streaming and many more service runtime components are managed in the right side Kubernetes clluster
Your apps are running in the left cluster in the diagram
<CLICK>
Your apps can interact with any Azure service or external service or on premises systems
<CLICK>
Logs, metrics and alerts are available through Azure Monitor. You can monitor end-to-end using any tools and platform of your choice
<CLICK>
You can secure you apps using Azure Active Directory
<CLICK>
Automate end-to-end using your favorite tools and platforms
<CLICK>
You can continue to use development tools that you are familiar with – IntelliJ, VS Code, Maven, Gradle – you can deploy using tools like IntelliJ and Maven
Net-net, it is an easy way to get started, focus on your biz objectives and everything else is taken care for you in cloud
<CLICK>
Do you have to manage anything here?
No you do not have to … Azure Spring Apps has absorbed all the complexities with infrastructure, hosting microservice apps, app lifecycle, managing microservices, blue green deployments, pushing logs and metrics
All supported by Microsoft and VMware.
Support and expert guidance for Spring projects let you develop and deploy applications faster.
In brief –
There is something for everyone
If you are a developer – you can build and scale workloads at cloud scale, you can easily apply cloud-friendly patterns such as externalized configuration, service registration and discovery, automating and monitoring end-to-end
You can get the full power of K8S without touching it
You can create any number of environment, automate testing and advance to production across the globe
If you are in the IT team – you can operate the service and environments at scale
The service becomes the home for distributed workloads, you can connect with services running on Azure or on-premises or anywhere
As you operate, you do not have to worry about middleware management
You get unlimited scale
You can align your team’s roles and responsibilities to match your team structure using Azure RBAC
You can apply policy management
Monitor and automate end-to-end
You can also implement charge backs in line with your funding model
If you are executive, you have the essential to minimize total cost of ownership, high availability, plenty of head room to grow the workload, you can harden your security using Azure’s security and fully supported by Microsoft and VMware
Three simple steps to get started! Just 3
Azure Spring Apps is as simple to spin up as it is powerful, and it follows three simple steps:
First, create a service instance
Next, create an app within the service
And finally, deploy the application binaries or source to Azure Spring Apps.
Azure does the hard work, all you have to do is point it in the right direction. It really is that simple!
You can deploy and manage Spring applications and polyglot applications built using Node, Python, Go and .NET
With the fully managed Spring Apps Gateway, you can route any requests to apps and address cross-cutting considerations for those apps behind the gateway.
Cross cutting considerations like configuring single sign on for end users using your preferred identity provider, including Azure Active Directory or considerations like request rate limiting, and many more features like these
To demonstrate the capabilities of Azure Spring Apps Enterprise lets consider a typical application with a frontend user interface and one one more backend APIs, such as application will need:
API gateway to route traffic to the correct components of the applications, and to enforce cross cutting concerns such as api endpoints require the user to be logged in
Identity provider that can be used to login users into the application
One or more databases for each of the backend apis that are part of the application
Comply with Information security policies that all sensitive configurations such as passwords, api keys, be stored in a secure secrets management solution
We also a way to implement continues delivery for the application and its components so we will need great solutions for
Automating for deploying the application
Monitoring to support troubleshooting, planning capacities, keeping an eye on production
Runtime that can autoscale application components based on demand
We will now go through a demo of the functionality of the ACME store application that implement typical architecture we just discussed so that we can zoom in on each of the capabilities of Azure Spring Apps Enterprise
[Place demo video 00:00 to 01:17 after this slide]
ACME fitness is a polyglot application it has components written in
Primarily is Java Spring Boot API
Secondary services in Python and C#
Java Script and HTML5 UI
Spring Apps Gateway with commercial filter is used to route traffic and secure the end points of the applications
Azure active directory is used as the identity provider to manage logins into the application
PostgreSQL is used as the backend database for the various APIs
Azure key vault is used to store the application secrets
Azure Spring Apps enterprise is used to easily automate application deployment, motioning and scaling
Lets now see how to create an instance of azure spring apps enterprise and how to deploy apps to it.
Adib (S3)
When you think of about containerizing an application you probably think about writing a Dockerfile.
Dockerfile are flexible allowing you to control every aspect of the container image, including the OS, middleware and the command to run the applications.
While Dockerfile is a nice single point of assembling an application they become problematic once you scale the usage of Dockerfiles across many application and many teams in a large enterprise.
Lets take a look at the scaling challenges and how we can solve them.
Cloud native buildpacks are the higher level abstraction for containerisng source code produced by dev teams.
So, what is CNBP? is purely a specification project to turn applications into OCI compliant containers. It consists of buildpacks which is an object that scans the source code determine what type of programming language the code is written in, identifies what middleware dependencies the code requires, then create an OCI image using all the best practices for security, and contarizationion.
The developer does not need to write a dockerfile they just focus on writing application code.
Cloud Native buildpacks make it easy to go from source code to OCI compliant containers.
Drives Consistency
Creates a mechanism to separate developer concerns from operational maintenance and security
Builds on years of experience running millions of containerized workloads a scale
CNB provide a centralized easy button to automatically and safely upgrade all the container layers below the application applicration code without having to go back to the dev team that wrote the code. For example, if you have 1000 containers running on a specific version of JDK and a JDK vulnerability is discovered you can patch all 1000 containers with a single command. Thus allowing to increase security.
CNBP allow developers to configure them using high level settings for example, a developer can tell the buildpack that the application should run on a specific major version of Java such as Java 11 or a specific version of Node as Node 16.x and the buildpack will automically pick the most recent secure version of the language runtime that meets the developer’s requiremnets.
Admins can patch all the layers below the application automatically without breaking the applications. We with CNBP we get speed and safety.
Buildpacks are a CNCF specification and there many different implementations of these buildpacks:
Vmware sponsor the development of the paketo OSS buildpacks,
the pakaeto buildpacks implement the buildpack specification for all popular programming languages suc as Java, .NET, Node … etc.
VMWare Tanuz create a set of enterprise ready commercial buildpacks based on Paketo that have long term support and meet all the stringest security and compliance requiremnets that enable enterprise to meet regulatory constraints.
On Azure Spring Apps Enterprise you have access to all the VMWare enterprise ready buildpacks
In oder to get the most value out of buildpacks and the best developer experience vmware created an OSS project called kpack which allow you to run buildpacks inside a k8s cluster. You can point Kpack at a source code of java app, or at a .jar file and it will producte a container image. Think of kpack as an implementation of the Cloud Native bulidpack specs which takes source code and turns into a container.
Kpack is an OpenSource project and Vmware Tnazu Build Serviec is the commercial version of the kpack OSS project.
In summary when you deploy an application to ASC-E enterprise you only have to write app code you don’t have to worry about containerizing your application because The Tanzu Build Service and Tanzu buildpacks will take your source code and apply all the contarization best practices to produce a hardened optimized container image.
Lets take a tour of How ASC-E uses buildpacks.
Tanzu components provide new capabilities designed for enterprises running Spring applications at scale.
Today, we we showed you some of the features
Everyone watching today can build cloud solutions and advance them to production. We love to hear how you are building impactful solutions using Azure Spring Apps ..
You can get started today …
You can deploy your first Spring Boot app today.
You can also use a self-paced workshop to learn the details of the service
Prefer videos – we have great YouTube videos, follow the Spring playlist
You can also leverage best practices for deploying Spring Boot apps
You should let us know how you are building impactful solutions!