EU-Vietnam Business Network (EVBN) > Noindex > Azure Spring Apps access app in virtual network

Azure Spring Apps access app in virtual network

Access your application in a private network

  • Article
  • 02/12/2023
  • 4 minutes to read

In this article

Note

Azure Spring Apps is the new name for the Azure Spring Cloud service. Although the service has a new name, you’ll see the old name in some places for a while as we work to update assets such as screenshots, videos, and diagrams.

This article applies to: ✔️ Basic/Standard tier ✔️ Enterprise tier

This article explains how to access an endpoint for your application in a private network.

When Assign Endpoint on applications in an Azure Spring Apps service instance is deployed in your virtual network, the endpoint is a private fully qualified domain name (FQDN). The domain is only accessible in the private network. Apps and services use the application endpoint. They include the Test Endpoint described in View apps and deployments. Log streaming, described in Stream Azure Spring Apps app logs in real-time, also works only within the private network.

Find the IP for your application

  • Portal
  • CLI

  1. Select the virtual network resource you created as explained in Deploy Azure Spring Apps in your Azure virtual network (VNet injection).

  2. In the Connected devices search box, enter kubernetes-internal.

  3. In the filtered result, find the Device connected to the service runtime Subnet of the service instance, and copy its IP Address. In this sample, the IP Address is 10.1.0.7.

    Screenshot of the Azure portal showing the Connected devices page for a virtual network, filtered for kubernetes-internal devices, with the IP Address for the service runtime subnet highlighted.

Find the IP Address for your Spring Cloud services. Customize the value of your Azure Spring Apps instance name based on your real environment.

SPRING_CLOUD_NAME='spring-cloud-name'
SERVICE_RUNTIME_RG=`az spring show \
    --resource-group $RESOURCE_GROUP \
    --name $SPRING_CLOUD_NAME \
    --query "properties.networkProfile.serviceRuntimeNetworkResourceGroup" \
    --output tsv`
IP_ADDRESS=`az network lb frontend-ip list \
    --lb-name kubernetes-internal \
    --resource-group $SERVICE_RUNTIME_RG \
    --query "[0].privateIpAddress" \
    --output tsv`

Add a DNS for the IP

If you have your own DNS solution for your virtual network, like Active Directory Domain Controller, Infoblox, or another, you need to point the domain *.private.azuremicroservices.io to the IP address. Otherwise, you can follow the following instructions to create an Azure Private DNS Zone in your subscription to translate/resolve the private fully qualified domain name (FQDN) to its IP address.

Note

If you are using Azure China, please replace private.azuremicroservices.io with private.microservices.azure.cn in this article. Learn more about Check Endpoints in Azure.

Create a private DNS zone

The following procedure creates a private DNS zone for an application in the private network.

  • Portal
  • CLI

  1. Open the Azure portal. From the top search box, search for Private DNS zones, and select Private DNS zones from the results.

  2. On the Private DNS zones page, select Add.

  3. Fill out the form on the Create Private DNS zone page. Enter private.azuremicroservices.io as the Name of the zone.

  4. Select Review + Create.

  5. Select Create.

  1. Define variables for your subscription, resource group, and Azure Spring Apps instance. Customize the values based on your real environment.

    SUBSCRIPTION='subscription-id'
RESOURCE_GROUP='my-resource-group'
VIRTUAL_NETWORK_NAME='azure-spring-apps-vnet'

  2. Sign in to the Azure CLI and choose your active subscription.

    az login
az account set --subscription ${SUBSCRIPTION}

  3. Create the private DNS zone.

    az network private-dns zone create \
    --resource-group $RESOURCE_GROUP \
    --name private.azuremicroservices.io

It may take a few minutes to create the zone.

To link the private DNS zone to the virtual network, you need to create a virtual network link.

  • Portal
  • CLI

  1. Select the private DNS zone resource created above: private.azuremicroservices.io

  2. On the left pane, select Virtual network links, then select Add.

  3. Enter azure-spring-apps-dns-link for the Link name.

  4. For Virtual network, select the virtual network you created as explained in Deploy Azure Spring Apps in your Azure virtual network (VNet injection).

    Add virtual network link

  5. Select OK.

Link the private DNS zone you created to the virtual network holding your Azure Spring Apps service.

az network private-dns link vnet create \
    --resource-group $RESOURCE_GROUP \
    --name azure-spring-apps-dns-link \
    --zone-name private.azuremicroservices.io \
    --virtual-network $VIRTUAL_NETWORK_NAME \
    --registration-enabled false

Create DNS record

To use the private DNS zone to translate/resolve DNS, you must create an “A” type record in the zone.

  • Portal
  • CLI

  1. Select the private DNS zone resource created above: private.azuremicroservices.io.

  2. Select Record set.

  3. In Add record set, enter or select this information:

    Setting
    Value

    Name
    Enter *

    Type
    Select A

    TTL
    Enter 1

    TTL unit
    Select Hours

    IP address
    Enter the IP address copied in step 3. In the sample, the IP is 10.1.0.7.

  4. Select OK.

    Add private DNS zone record

Use the IP address to create the A record in your DNS zone.

az network private-dns record-set a add-record \
  --resource-group $RESOURCE_GROUP \
  --zone-name private.azuremicroservices.io \
  --record-set-name '*' \
  --ipv4-address $IP_ADDRESS

Assign private FQDN for your application

After following the procedure in Deploy Azure Spring Apps in a virtual network, you can assign a private FQDN for your application.

  • Portal
  • CLI

  1. Select the Azure Spring Apps service instance deployed in your virtual network, and open the Apps tab in the menu on the left.

  2. Select the application to show the Overview page.

  3. Select Assign Endpoint to assign a private FQDN to your application. Assigning an FQDN can take a few minutes.

    Assign private endpoint

  4. The assigned private FQDN (labeled URL) is now available. It can only be accessed within the private network, but not on the Internet.

Update your app to assign an endpoint to it. Customize the value of your app name based on your real environment.

SPRING_CLOUD_APP='your spring cloud app'
az spring app update \
    --resource-group $RESOURCE_GROUP \
    --name $SPRING_CLOUD_APP \
    --service $SPRING_CLOUD_NAME \
    --assign-endpoint true

Access application private FQDN

After the assignment, you can access the application’s private FQDN in the private network. For example, you can create a jumpbox machine in the same virtual network, or a peered virtual network. Then, on that jumpbox or virtual machine, the private FQDN is accessible.

Access private endpoint in vnet

Clean up resources

If you plan to continue working with subsequent articles, you might want to leave these resources in place. When no longer needed, delete the resource group, which deletes the resources in the resource group. To delete the resource group by using Azure CLI, use the following command:

az group delete --name $RESOURCE_GROUP

Next steps

Bài viết liên quan
Bài viết mới
Thể Thao nổi bật