SpringOne Tour: An Introduction to Azure Spring Apps Enterprise
•Download as PPTX, PDF•
0 likes•52 views
Date: April 25, 2023 Speakers: - Steve Watkins, Advisory Solution Architect, VMware - Navin Poddar, Solutions Engineer for Modern Applications Platform, VMware Tanzu
Recommended
Recommended
More Related Content
Similar to SpringOne Tour: An Introduction to Azure Spring Apps Enterprise
Similar to SpringOne Tour: An Introduction to Azure Spring Apps Enterprise (20)
More from VMware Tanzu
More from VMware Tanzu (20)
Recently uploaded
Recently uploaded (20)
SpringOne Tour: An Introduction to Azure Spring Apps Enterprise
- 1. Simplify and scale Enterprise Spring Apps in the cloud
- 2. Fully managed service for Spring Boot apps
- 3. You do not have to learn or manage Kubernetes
- 4. Azure Spring Apps Spring Boot apps Service runtime
- 5. Data Cache Async communications – JMS and Kafka Keys, secrets & certs Open source client libraries, integration modules and drivers Storage Azure Spring Cloud Monitor – logstream, APM and end-to-end Identities end-users and machines Automation Developer experiences Spring Boot apps Service runtime ... App 1 App 2 App 3 App N Agents Build Service Config Server Service Registry Lifecycle Resiliency Logstream Encryption Diagnostics Domains Developer experiences Identities – end-users & machines Automation Data Open sou Stor Monitor – logstream, AP Developer experiences Spring Boot apps ... App 1 App 2 App 3 App N Monitor – logstream, APM & end-to-end Azure Spring Apps Azure Spring Apps Open source client libraries, integration modules and drivers Data Storage Cache Async communications – JMS and Kafka Keys, secrets & certs
- 8. Developers IT Operators Executives
- 9. az spring create --name ${SPRING_CLOUD_SERVICE} --sku standard --resource-group ${RESOURCE_GROUP} --location ${REGION} az spring app create --name ${CUSTOMERS_SERVICE} az spring app deploy --name ${CUSTOMERS_SERVICE} | --jar-path ${CUSTOMERS_SERVICE_JAR}
- 13. Runtime
- 16. Popular and easy to get started Confidential │ © 20 20 VMware, Inc. • Dockerfiles are the most common way of creating Docker Images • Their flexibility is their power • Run any command, mutate any file • Their flexibility is their weakness • Keeping consistent, ensuring security • Takes a lot of effort for "good" Dockerfiles 5 Creating Docker Images
- 17. Specification to translate application code to OCI compliant container image
- 19. Specification-only project that transforms application code to images that can run on any cloud dependency
- 20. Link to Spring Apps Gateway doc • Routes define how the Gateway will process incoming requests. • Each route is composed of Predicates, Filters, and a Service. • Predicates determine whether the route matches any given request. • Filters apply behavior to matching requests or their responses. • The Service determines where the request will be forwarded after filtering.
- 21. 1. Client makes a request to the Gateway. 2. Evaluates Predicates to match a request to a route. Spring Apps Gateway 3. Runs through the “pre” filter logic chain specific to the request. Pre-request Post-request 4. Proxy routes the request to the service. Proxied Service 5. Service is executed. 6. Runs the “post” filter logic.
- 22. Evaluate conditions to map requests to a route • HTTP Method matches a list? • URI Path matches a pattern? • URI Query matches a regex? • RemoteAddr matches CIDRs? • Weight within a route group Link to available Predicates • After a certain datetime? • Before a certain datetime? • Between two datetimes? • Cookie matches a regex? • Header value matches a regex? • Host matches a pattern list?
- 24. Spring Cloud Configuration Server A B Git Repository Credential Vault • On startup, connect to config server to obtain config settings. • Access config server via HTTP / REST / JSON interface. Config Server filesystem SQL Database Other … etc. • Source of truth for service configuration. • Mediate access to multiple configuration storage systems. • The only network address that an app needs to know about. Service Configuration Storage Backend
- 25. ConfigMaps and Secrets are stored in etcd; injected into running containers via environment variables or volume mounts.
- 26. Config Server Pros • Versioned/audited history of configuration settings. • Pluggable external stores (vault, sqldb, other config servers). • Runs locally; no developer desktop directly from IDE. • Does not depend on Kubernetes; developer does not need to know anything about K8S to use config server. • Store configurations for multiple apps in one config server. • Config backed up outside of Kubernetes cluster. • Defines a hierarchy of property sources; allows extraction into a common property file in the config server. • Can be used outside of K8S or in a multi-cluster configuration. ConfigMap / Secrets Pros • Pod/container won’t start if etcd is down, thus app will have its config on startup. • Programming language neutral, not Java or Spring centric. • Very nice Spring integration with Spring cloud Kubernetes projects. Cons • Application can’t startup if config server is down. • Application must understand the config server REST API or use a client library. • Considered Java/Spring centric by other language communities. Cons • Can only store the latest version of configuration; no auditing of previous versions of a config value. • Requires developers to be familiar with Kubernetes. • Requires application to run on Kubernetes. • ConfigMap is not available when launching a Spring App from IDE on laptop. • May require access to the Kubernetes API server to be able to watch for changes on the ConfigMap so that apps can reload. • Multiple apps will have multiple ConfigMap YAML files in multiple K8S namespaces, making it hard to see all the config in one place. • Works inside a single K8S cluster; ConfigMap does not span clusters or namespaces.
- 27. Spring Cloud Configuration ConfigMaps Secrets Application Configuration Service
- 29. Automatically mounted as volumes in the underlying Kubernetes cluster A simple command • Consumes config files in the Git repo. • Makes them accessible to the app as ConfigMap mounted as a volume. • Spring Boot automatically processes mounted volumes.
- 30. Azure Spring Apps - Enterprise Tanzu Application Platform Fully-managed service Self-managed – on K8S Hides K8S from developers Offers K8S-native dev experience Hides K8S from operators Operators access and manage K8S Available across the globe on Azure Available on any conformant K8S - on-premises or any cloud Polyglot - targeted for Spring workloads Polyglot - targeted for all workloads Purchase vCPU and Memory hours instantly through existing Azure EA – billed by the second Purchase annual physical cores through VMware Tanzu subscription
- 31. Customer nominates apps Customer sends tech leads and app architects Meet with experts from Microsoft and VMware Rapid assessment Identified apps for migrating to Azure Plan ASA test environment Customer builds ASA environment Timeboxed session to attempt to deploy apps Microsoft and VMware summarizes - Discovery of the workload (apps, arch, dependencies, requirements, sizing), - opinion on benefits, pros and cons of moving to ASA, - effort required to move the app workload to Azure, - available services, and offers to help - share a written, concrete plan
- 32. Build Service Application Configuration Service Service Registry Spring Apps Gateway API portal Application Accelerator* Application Live View* Spring Apps Data Flow*
- 33. aka.ms/Start-Spring aka.ms/Learn-Spring aka.ms/Spring-Playlist aka.ms/Spring-Boot aka.ms/LearnJava aka.ms/Spring-Cloud-Azure
- 34. © Copyright Microsoft Corporation. All rights reserved. Thank you.
Editor's Notes
- Welcome We are so glad that you are here today. Thank you for joining us! I am <Speaker Name> <Speaker to share a brief intro of their experience in the Java/Microsoft> Let’s dive in ..
- Azure Spring Apps is a fully managed service for Spring Boot apps that lets you focus on building and running the apps that run your business without the hassle of managing infrastructure. You can simply deploy your JARs or code and Azure Spring Apps will automatically wire your apps with the Spring service runtime. Once deployed you can easily monitor application performance, fix errors, and rapidly improve applications. It is integrated into Azure ecosystem and enterprise ready. The service is jointly developed, operated and supported by Microsoft and VMware.
- Azure Spring Apps is built on Kubernetes The exciting part is, you get the power of Kubernetes, but I don't have to really worry about learning or managing it
- Little more details … The big rectangle is Azure Spring Apps, built on K8S Each service instance has two dedicated Kubernetes clusters, they are managed by Azure Spring Apps and abstracted away from users Service runtime with managed Spring Apps components, app lifecycle, log streaming and many more service runtime components are managed in the right side Kubernetes clluster Your apps are running in the left cluster in the diagram <CLICK> Your apps can interact with any Azure service or external service or on premises systems <CLICK> Logs, metrics and alerts are available through Azure Monitor. You can monitor end-to-end using any tools and platform of your choice <CLICK> You can secure you apps using Azure Active Directory <CLICK> Automate end-to-end using your favorite tools and platforms <CLICK> You can continue to use development tools that you are familiar with – IntelliJ, VS Code, Maven, Gradle – you can deploy using tools like IntelliJ and Maven Net-net, it is an easy way to get started, focus on your biz objectives and everything else is taken care for you in cloud <CLICK> Do you have to manage anything here? No you do not have to … Azure Spring Apps has absorbed all the complexities with infrastructure, hosting microservice apps, app lifecycle, managing microservices, blue green deployments, pushing logs and metrics All supported by Microsoft and VMware.
- Little more details … The big rectangle is Azure Spring Apps, built on K8S Each service instance has two dedicated Kubernetes clusters, they are managed by Azure Spring Apps and abstracted away from users Service runtime with managed Spring Apps components, app lifecycle, log streaming and many more service runtime components are managed in the right side Kubernetes clluster Your apps are running in the left cluster in the diagram <CLICK> Your apps can interact with any Azure service or external service or on premises systems <CLICK> Logs, metrics and alerts are available through Azure Monitor. You can monitor end-to-end using any tools and platform of your choice <CLICK> You can secure you apps using Azure Active Directory <CLICK> Automate end-to-end using your favorite tools and platforms <CLICK> You can continue to use development tools that you are familiar with – IntelliJ, VS Code, Maven, Gradle – you can deploy using tools like IntelliJ and Maven Net-net, it is an easy way to get started, focus on your biz objectives and everything else is taken care for you in cloud <CLICK> Do you have to manage anything here? No you do not have to … Azure Spring Apps has absorbed all the complexities with infrastructure, hosting microservice apps, app lifecycle, managing microservices, blue green deployments, pushing logs and metrics All supported by Microsoft and VMware.
- Support and expert guidance for Spring projects let you develop and deploy applications faster.
- In brief – There is something for everyone If you are a developer – you can build and scale workloads at cloud scale, you can easily apply cloud-friendly patterns such as externalized configuration, service registration and discovery, automating and monitoring end-to-end You can get the full power of K8S without touching it You can create any number of environment, automate testing and advance to production across the globe If you are in the IT team – you can operate the service and environments at scale The service becomes the home for distributed workloads, you can connect with services running on Azure or on-premises or anywhere As you operate, you do not have to worry about middleware management You get unlimited scale You can align your team’s roles and responsibilities to match your team structure using Azure RBAC You can apply policy management Monitor and automate end-to-end You can also implement charge backs in line with your funding model If you are executive, you have the essential to minimize total cost of ownership, high availability, plenty of head room to grow the workload, you can harden your security using Azure’s security and fully supported by Microsoft and VMware
- Three simple steps to get started! Just 3 Azure Spring Apps is as simple to spin up as it is powerful, and it follows three simple steps: First, create a service instance Next, create an app within the service And finally, deploy the application binaries or source to Azure Spring Apps. Azure does the hard work, all you have to do is point it in the right direction. It really is that simple!
- You can deploy and manage Spring applications and polyglot applications built using Node, Python, Go and .NET
- With the fully managed Spring Apps Gateway, you can route any requests to apps and address cross-cutting considerations for those apps behind the gateway. Cross cutting considerations like configuring single sign on for end users using your preferred identity provider, including Azure Active Directory or considerations like request rate limiting, and many more features like these
- To demonstrate the capabilities of Azure Spring Apps Enterprise lets consider a typical application with a frontend user interface and one one more backend APIs, such as application will need: API gateway to route traffic to the correct components of the applications, and to enforce cross cutting concerns such as api endpoints require the user to be logged in Identity provider that can be used to login users into the application One or more databases for each of the backend apis that are part of the application Comply with Information security policies that all sensitive configurations such as passwords, api keys, be stored in a secure secrets management solution We also a way to implement continues delivery for the application and its components so we will need great solutions for Automating for deploying the application Monitoring to support troubleshooting, planning capacities, keeping an eye on production Runtime that can autoscale application components based on demand
- We will now go through a demo of the functionality of the ACME store application that implement typical architecture we just discussed so that we can zoom in on each of the capabilities of Azure Spring Apps Enterprise [Place demo video 00:00 to 01:17 after this slide]
- ACME fitness is a polyglot application it has components written in Primarily is Java Spring Boot API Secondary services in Python and C# Java Script and HTML5 UI Spring Apps Gateway with commercial filter is used to route traffic and secure the end points of the applications Azure active directory is used as the identity provider to manage logins into the application PostgreSQL is used as the backend database for the various APIs Azure key vault is used to store the application secrets Azure Spring Apps enterprise is used to easily automate application deployment, motioning and scaling Lets now see how to create an instance of azure spring apps enterprise and how to deploy apps to it.
- Adib (S3) When you think of about containerizing an application you probably think about writing a Dockerfile. Dockerfile are flexible allowing you to control every aspect of the container image, including the OS, middleware and the command to run the applications. While Dockerfile is a nice single point of assembling an application they become problematic once you scale the usage of Dockerfiles across many application and many teams in a large enterprise. Lets take a look at the scaling challenges and how we can solve them.
- Cloud native buildpacks are the higher level abstraction for containerisng source code produced by dev teams. So, what is CNBP? is purely a specification project to turn applications into OCI compliant containers. It consists of buildpacks which is an object that scans the source code determine what type of programming language the code is written in, identifies what middleware dependencies the code requires, then create an OCI image using all the best practices for security, and contarizationion. The developer does not need to write a dockerfile they just focus on writing application code. Cloud Native buildpacks make it easy to go from source code to OCI compliant containers. Drives Consistency Creates a mechanism to separate developer concerns from operational maintenance and security Builds on years of experience running millions of containerized workloads a scale CNB provide a centralized easy button to automatically and safely upgrade all the container layers below the application applicration code without having to go back to the dev team that wrote the code. For example, if you have 1000 containers running on a specific version of JDK and a JDK vulnerability is discovered you can patch all 1000 containers with a single command. Thus allowing to increase security. CNBP allow developers to configure them using high level settings for example, a developer can tell the buildpack that the application should run on a specific major version of Java such as Java 11 or a specific version of Node as Node 16.x and the buildpack will automically pick the most recent secure version of the language runtime that meets the developer’s requiremnets. Admins can patch all the layers below the application automatically without breaking the applications. We with CNBP we get speed and safety.
- Buildpacks are a CNCF specification and there many different implementations of these buildpacks: Vmware sponsor the development of the paketo OSS buildpacks, the pakaeto buildpacks implement the buildpack specification for all popular programming languages suc as Java, .NET, Node … etc. VMWare Tanuz create a set of enterprise ready commercial buildpacks based on Paketo that have long term support and meet all the stringest security and compliance requiremnets that enable enterprise to meet regulatory constraints. On Azure Spring Apps Enterprise you have access to all the VMWare enterprise ready buildpacks
- In oder to get the most value out of buildpacks and the best developer experience vmware created an OSS project called kpack which allow you to run buildpacks inside a k8s cluster. You can point Kpack at a source code of java app, or at a .jar file and it will producte a container image. Think of kpack as an implementation of the Cloud Native bulidpack specs which takes source code and turns into a container. Kpack is an OpenSource project and Vmware Tnazu Build Serviec is the commercial version of the kpack OSS project. In summary when you deploy an application to ASC-E enterprise you only have to write app code you don’t have to worry about containerizing your application because The Tanzu Build Service and Tanzu buildpacks will take your source code and apply all the contarization best practices to produce a hardened optimized container image. Lets take a tour of How ASC-E uses buildpacks.
- Tanzu components provide new capabilities designed for enterprises running Spring applications at scale. Today, we we showed you some of the features
- Everyone watching today can build cloud solutions and advance them to production. We love to hear how you are building impactful solutions using Azure Spring Apps .. You can get started today … You can deploy your first Spring Boot app today. You can also use a self-paced workshop to learn the details of the service Prefer videos – we have great YouTube videos, follow the Spring playlist You can also leverage best practices for deploying Spring Boot apps You should let us know how you are building impactful solutions!