Create a managed identity for your microservices
The apps deployed as the Spring Petclinic microservices will connect to the newly created Key Vault using a managed identity. The process of creating a managed identity will automatically create an Azure Active Directory service principal for your application. Managed identities minimize the overhead associated with managing service principals, since their secrets used for authentication are automatically rotated. In this lab you will make use of user assigned managed identities. These allow you to reuse these identities in case you need to recreate your apps. You can use the following guidance to determine how to assign a managed identity to a Spring Apps service application:
The following three apps of your application use the database hosted by the Azure Database for MySQL Flexible Server instance, so they will need to be assigned a managed identity:
customers-servicevets-servicevisits-service
Step by step guidance
-
Create and assign an identity to each of the three apps by running the following commands from Git Bash shell:
CUSTOMERS_SERVICE_ID=$(az identity create -g $RESOURCE_GROUP -n customers-svc-uid --query id -o tsv) az spring app identity assign \ --resource-group $RESOURCE_GROUP \ --name $CUSTOMERS_SERVICE \ --user-assigned $CUSTOMERS_SERVICE_ID VISITS_SERVICE_ID=$(az identity create -g $RESOURCE_GROUP -n visits-svc-uid --query id -o tsv) az spring app identity assign \ --resource-group $RESOURCE_GROUP \ --name $VISITS_SERVICE \ --user-assigned $VISITS_SERVICE_ID VETS_SERVICE_ID=$(az identity create -g $RESOURCE_GROUP -n vets-svc-uid --query id -o tsv) az spring app identity assign \ --resource-group $RESOURCE_GROUP \ --name $VETS_SERVICE \ --user-assigned $VETS_SERVICE_IDWait for the operations to complete. This might take about 3 minutes each.