Create service connections from the microservices to the database server
The apps deployed as the Spring Petclinic microservices will now connect using a service connector to the MySQL Flexible server. A service connector will set up the needed environment variables the service needs to make the connection. You can use the following guidance to create a service connector:
The following three apps of your application use the database hosted by the Azure Database for MySQL Flexible Server instance, so they will need to be assigned a service connector:
customers-servicevets-servicevisits-service
Since each of these apps already has a user assigned managed identity assigned to them, you will make use of this same identity to get access to the database.
Step by step guidance
-
For creating a service connector you will need to add the
serviceconnector-passwordlessextension:az extension add --name serviceconnector-passwordless --upgrade -
You will also need the
clientIdof each of the user assigned managed identities of your microservices. Store these clientId’s in environment variables, by running the following commands from Git Bash shell:CUSTOMERS_SERVICE_CID=$(az identity show -g $RESOURCE_GROUP -n customers-svc-uid --query clientId -o tsv) VISITS_SERVICE_CID=$(az identity show -g $RESOURCE_GROUP -n visits-svc-uid --query clientId -o tsv) VETS_SERVICE_CID=$(az identity show -g $RESOURCE_GROUP -n vets-svc-uid --query clientId -o tsv) -
You will also need your subscription ID for creating the service connections:
SUBID=$(az account show --query id -o tsv) -
Create now the service connections for the
customers-service.az spring connection create mysql-flexible \ --resource-group $RESOURCE_GROUP \ --service $SPRING_APPS_SERVICE \ --app $CUSTOMERS_SERVICE \ --target-resource-group $RESOURCE_GROUP \ --server $MYSQL_SERVER_NAME \ --database $DATABASE_NAME \ --user-identity mysql-identity-id=$ADMIN_IDENTITY_RESOURCE_ID client-id=$CUSTOMERS_SERVICE_CID subs-id=$SUBID -
You can test the validity of this new connection with the
validatecommand:CONNECTION=$(az spring connection list \ --resource-group $RESOURCE_GROUP \ --service $SPRING_APPS_SERVICE \ --app $CUSTOMERS_SERVICE \ --query [].id -o tsv) az spring connection validate \ --resource-group ${RESOURCE_GROUP} \ --service ${SPRING_APPS_SERVICE} \ --app ${CUSTOMERS_SERVICE} \ --id $CONNECTIONThe output of this command should show that the connection was made successful.
-
In the same way create the service connections for the
vets-serviceandvisits-service:az spring connection create mysql-flexible \ --resource-group $RESOURCE_GROUP \ --service $SPRING_APPS_SERVICE \ --app $VISITS_SERVICE \ --target-resource-group $RESOURCE_GROUP \ --server $MYSQL_SERVER_NAME \ --database $DATABASE_NAME \ --user-identity mysql-identity-id=$ADMIN_IDENTITY_RESOURCE_ID client-id=$VISITS_SERVICE_CID subs-id=$SUBID az spring connection create mysql-flexible \ --resource-group $RESOURCE_GROUP \ --service $SPRING_APPS_SERVICE \ --app $VETS_SERVICE \ --target-resource-group $RESOURCE_GROUP \ --server $MYSQL_SERVER_NAME \ --database $DATABASE_NAME \ --user-identity mysql-identity-id=$ADMIN_IDENTITY_RESOURCE_ID client-id=$VETS_SERVICE_CID subs-id=$SUBID -
In the Azure Portal, navigate to your Spring Apps Service instance. Navigate to
Appsand open yourcustomers-serviceapp. In thecustomers-serviceapp, select theService Connectormenu item. Notice in this screen you can see the details of your service connector. Notice that the service connector has all the config values set likespring.datasource.url,spring.datasource.username, but for instance nospring.datasource.password. These values get turned into environment variables at runtime for your app. This is also why you could remove them from the Key Vault. Instead ofspring.datasource.passwordit has aspring.cloud.azure.credential.client-id, which is the client ID of your managed identity. It also defines 2 additional variablesspring.datasource.azure.passwordless-enabledandspring.cloud.azure.credential.managed-identity-enabledfor enabling the passwordless connectivity.