История

…
..
PrivateApplicationGateway	…
PublicApplicationGateway	…
brownfield-deployment	…
images	…
README.md	…
azuredeploySpringEnterprise	…
azuredeploySpringStandard	…

README.md

Azure CLI Quickstart - Azure Spring Apps Reference Architecture

Overview

Prerequisites

Install Azure CLI
Run the two commands below to add the required extensions to Azure CLI if they are not installed already

az extension add --name azure-firewall

az extension add --name spring-cloud
The script has been tested using Azure CLI version 2.42.0

Azure CLI Quickstart - Azure Spring Apps Reference Architecture

Overview

Prerequisites

Install Azure CLI
Run the two commands below to add the required extensions to Azure CLI if they are not installed already

az extension add --name azure-firewall

az extension add --name spring-cloud
The script has been tested using Azure CLI version 2.42.0

Deployment

Run az login to log into Azure
Run az account set --subscription {your subscription name} to set your default subscription
Execute the Bash script for Spring App Standard or Enterprise deployment.
- For Spring App Standard deployment execute azuredeploySpringStandard. You will be prompted at the start of the script to enter:
  - Azure Virtual Machine administrator name and password
    - Password syntax
    - Administrator syntax
  - Azure database for MySQL administrator and password
    - Password syntax
    - Administrator syntax
  - A valid Azure Region where resources are deployed
    - Run open https://azure.microsoft.com/global-infrastructure/services/?products=spring-cloud&regions=all command to find list of available regions for Azure Spring Apps
    - Note: region format must be lower case with no spaces. For example: East US is represented as eastus
  - key=value pairs to be applied as Tags on all resources which support tags
    - Space separated list to support applying multiple tags
    - Example: environment=Dev BusinessUnit=finance
- For Spring App Enterprise deployment execute azuredeploySpringEnterprise. You will be prompted at the start of the script to enter:
  - Azure Virtual Machine administrator name and password
    - Password syntax
    - Administrator syntax
  - Azure database for PostgreSQL administrator and password
    - Password syntax
    - Administrator syntax
  - A valid Azure Region where resources are deployed
    - Run open https://azure.microsoft.com/global-infrastructure/services/?products=spring-cloud&regions=all command to find list of available regions for Azure Spring Apps
    - Note: region format must be lower case with no spaces. For example: East US is represented as eastus
  - key=value pairs to be applied as Tags on all resources which support tags
    - Space separated list to support applying multiple tags
    - Example: environment=Dev BusinessUnit=finance

Post Deployment

There are a few options available from a post deployment perspective the are as follows:

For Enteprise deployments, use this sample app
For Standard Deployments only, follow the instructions below

Install one of the following sample applications from the locations below:
- Pet Clinic App with MySQL Integration (Microservices with MySQL backend)
- Simple Hello World
For an automated installation you can leverage a PowerShell or bash script provided on Jumpbox created during the deployment process. To install the Pet Clinic App leveraging the PowerShell or Shell Script that is provided as part of the deployment login in to the Jumphost (jumphostvm) created usining the Bastion connection and the admin username and password created during the initial installation. Both the PowerShell script and the Shell script can be found in c:\petclinic. If you choose to leverage the PowerShell script you must navigate to the c:\petclinic and edit the deployPetClinicApp.ps1 script before running. Provide the following information for the corresponding variables:
- Your Subscription ID
- A Resource Group
- An Azure Region
- The name of the Spring Apps Service that was created
- The name of the MySQL Server created
- The MySQL Administrator name
- The MySQL Administrator password
The variables to be edited in the deployPetClinicApp.ps1 script are as follows:
```
  $SUBSCRIPTION='<Insert your Subscription ID>'
  $RESOURCE_GROUP='<Insert Resource Group Name>'
  $REGION='<Insert Azure Region>'
  $SPRING_CLOUD_SERVICE='<Insert Spring Apps Service Name Created>'
  $MYSQL_SERVER_NAME='<Insert MySQL Server Name>'
  $MYSQL_SERVER_ADMIN_NAME='<Insert MySQL Admin Name>' 
  $MYSQL_SERVER_ADMIN_PASSWORD='<Insert MySQL Admin Password>'
```
If you are more comfortable leveraging a shell script, navigate to the same directory, c:\petclininc, and edit the deployPetClinicApp.sh script before running. Provide the following information for the corresponding variables:
```
  subscription='<Insert your Subscription ID>'
  resource_group='<Insert Resource Group Name>'
  region='<Insert Azure Region>'
  spring_cloud_service='<Insert Spring Apps Service Name Created>'
  mysql_server_name='<Insert MySQL Server Name>'
  mysql_server_admin_name='<Insert MySQL Admin Name>' 
  mysql_server_admin_password='<Insert MySQL Admin Password>'
```

Deploy Azure Application Gateway with WAF (optional)

Here you will have 2 options:

Option 1: Use a public Azure Application gateway for direct ingress.
Option 2: Use a private Azure Application gateway in between Azure Firewall and the Azure Spring Apps application (DNAT Rule and ingress on Azure Firewall).

Note: You will need a TLS/SSL Certificate with the Private Key (PFX Format) for the Application Gateway Listener. The PFX certificate on the listener needs the entire certificate chain and the password must be 4 to 12 characters. For the purpose of this quickstart, you can use a self signed certificate or one issued from an internal Certificate Authority.

Option 1 - Public Application Gateway

Change the directory to to deployPublicAppGW
```
    cd PublicApplicationGateway
```
Copy the SSL/TLS certificate PFX file to this directory.
Run the following script to deploy Application Gateway
```
    deploy-public-application-gateway.sh
```
Note: You will prompted to enter Azure Application Gateway name, name of PFX certificate, password of PFX certificate, and Azure Firewall name.
Once deployed, look for the Application Gateway Resource in the Resource Group and note the Frontend Public IP address.
From a browser that isn't in the quickstart virtual network, browse to https://<publicIPofAppGW>. You will get a warning in the browser that the connection is not secure. This is expected as we are connecting via the IP address. Proceed to the page anyway.

Option 2 - Private Application Gateway behind Azure Firewall (DNAT)

Change the directory to to deployPrivateAppGW
```
    cd PrivateApplicationGateway
```
Copy the SSL/TLS certificate PFX file to this directory.
Run the following script to deploy Application Gateway
```
    deploy-private-application-gateway.sh
```
Note: You will prompted to enter Azure Application Gateway name, name of PFX certificate, password of PFX certificate, and Azure Firewall name.
From a browser that isn't in the quickstart virtual network, browse to https://<publicIPofAzFWNatRule>. You will get a warning in the browser that the connection is not secure. This is expected as we are connecting via the IP address being used for the DNAT rule. Proceed to the page anyway.

Additional Notes

This quick start deploys an Azure Application gateway with a basic listener. To host multiple sites on the same Application gateway, you can use multi-site listeners. For more information see https://docs.microsoft.com/azure/application-gateway/multiple-site-overview

Azure Application Gateway can also retrieve TLS certificates from Azure Key Vault. Fore more information see https://docs.microsoft.com/azure/application-gateway/key-vault-certs

Cleaning up

Unless you plan to perform additional tasks with the Azure resources from the quickstart (such as post deployment steps above), it is important to destroy the resources that you created to avoid the cost of keeping them provisioned.

The easiest way to do this is to call az group delete.

az group delete --name sc-corp-rg --yes --no-wait

Change Log

11-21-22 - Added Enterprise SKU with Tanzu components, Azure Database for PostgreSQL and Azure Cache for Redis
03-05-21: Update script to support bring your own route table Azure Spring Apps documentation, add additional firewall rules and update MySQL Server TLS/SSL enforcement
03-08-21: Fix typoes in README
03-09-21: Add support for tagging and update README instructions
03-16-21 - Added third option to install PetClinic Application using PowerShell or Shell Script provided on the jumpbox