Configure your Spring applications for application management in Tanzu Platform

When you attach a Tanzu Cloud Foundry foundation as a data source in Tanzu Platform, SBOM and Spring properties data are automatically collected and sent to Tanzu Platform. You can view the collected data on Tanzu Platform hub in Applications > Business Applications and manage the applications on Tanzu Platform.

The data is grouped into unique business applications, which are mappings to the Cloud Foundry spaces or Kubernetes namespaces within the data source. To ensure that Tanzu Platform has the necessary data, you must first configure your Spring applications as follows:

To information on how to configure your Git repository so that you can secure and manage the repository, see Manage and secure Git code repositories.

Verify the Spring application name

Verify that you set a value for the spring.application.name or app.name property in the application.properties file of your Spring application.

During the Spring application discovery, the Kubernetes hub collector fetches the application name from the spring.application.name property, if available. If the spring.application.name property is not available, the hub collector fetches the application name from the app.name property.

Important

If a Spring application on Kubernetes is not configured with any of these properties (spring.application.name or app.name), the Kubernetes hub collector does not create this application in the hub.

Enable actuator in your Spring applications

If the applications discovered are Spring-based Java applications, the hub collector can collect and enrich with more Spring-specific application dependencies (database, 3rd party service, etc) and properties from actuator responses. The actuator endpoint responses are also used to collect SBOM payload for further library security analysis and recommendations for fixes for CVEs. This is accomplished using the hub collector communicating to the Spring applications running in application instances within the application platform.

  1. Add the Spring application Actuator.

    ```
    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>
    </dependencies>
    ```
    
  2. Enable the actuator endpoints by adding the management and endpoint sections into your application.yml file.

    1. Enable the info endpoint.

      management:
          endpoints:
              web:
                  exposure:
                      include: "info"
      
    2. (Optional) Enable the health endpoint to collect application health information.

      management:
          endpoints:
              web:
                  exposure:
                      include: "info,health"
          endpoint:
              health:
                  show-details: ALWAYS
      
    3. (Optional) Enable the env endpoint to collect configuration properties, such as env:systemProperties#os:name, env:systemProperties#os:version, etc.

      Note

      The hub does not collect sensitive data, such as secrets and passwords. For Spring applications on Kubernetes, connections to Spring apps and services are formed only if URLs of those apps are present in application.properties section of /env endpoint.

      management:
          endpoints:
              web:
                  exposure:
                      include: "info,env"
          endpoint:
              env:
                  show-values: ALWAYS
      

(Optional) Add Git info, Spring Boot version, and application version for your Spring applications

If you want the application discovery collection to also collect Git repository data, so that the application views in the hub show the Git properties of the applications, add the git commit id plugin. The Git properties in the hub help you to correlate your application runtime to commits and understand what level of security (library CVE) compliance your Spring applications in your runtime environments have. In addition, you can also expose information about the Spring Boot and application versions.

Note

Without the git commit id plugin, we cannot collect any Git properties and cannot show Git information for the application in the hub.

For applications in Cloud Foundry spaces

Add the git commit id plugin into the plugins section of your pom.xml file:

- For a Spring application 3.x:

    ```
    <plugin>
        <groupId>io.github.git-commit-id</groupId>
        <artifactId>git-commit-id-maven-plugin</artifactId>
        <configuration>
            <verbose>true</verbose>
        </configuration>
    </plugin>
    ```
- For a Spring application 2.x:

    ```
    <plugin>
        <groupId>pl.project13.maven</groupId>
        <artifactId>git-commit-id-plugin</artifactId>
    </plugin>
    ```

For applications in Kubernetes namespaces

  1. Add the git commit id plugin into the plugins section of your pom.xml file:

    • For a Spring application 3.x:

      <plugin>
          <groupId>io.github.git-commit-id</groupId>
          <artifactId>git-commit-id-maven-plugin</artifactId>
          <configuration>
              <verbose>true</verbose>
          </configuration>
      </plugin>
      
    • For a Spring application 2.x:

      <plugin>
          <groupId>pl.project13.maven</groupId>
          <artifactId>git-commit-id-plugin</artifactId>
      </plugin>
      
  2. Add the following section in your application.yml file to set up the actuator info endpoint for collecting Git related information.

    management:
        info:
            git:
                mode: full
    
  3. Add the following section in your application.yml file to set up the actuator info endpoint for collecting Spring Boot version, application version, and Java related information.

    management:
        info:
            env:
                enabled: true
            java:
                enabled: true
    info:
        app:
            version: "@project.version@"
        spring:
            boot:
                version: "@project.parent.version@"
    

(Optional) Add SBOM info for your Spring applications

If you want the application discovery collection to also collect SBOM data and enable CVE on library analysis, so that the application views in the hub show security libraries governance dashboards, add the CycloneDX plugin.

Note

Without adding this plugin, we don’t collect any SBOM data and don’t show security libraries governance dashboards for the applications in the hub.

  1. Add the CycloneDX plugin into your plugins section of your pom.xml file:

    <plugin>
        <groupId>org.cyclonedx</groupId>
        <artifactId>cyclonedx-maven-plugin</artifactId>
        <version>2.7.1</version>
        <executions>
            <execution>
                <phase>validate</phase>
                <goals>
                    <goal>makeAggregateBom</goal>
                </goals>
            </execution>
        </executions>
        <configuration>
            <outputFormat>json</outputFormat>
            <outputName>classes/bom</outputName>
        </configuration>
    </plugin>
    
  2. Implement the following class required by the CycloneDX plugin.

    import java.io.InputStream;
    
    import org.springframework.beans.factory.InitializingBean;
    import org.springframework.beans.factory.annotation.Value;
    import org.springframework.boot.actuate.info.Info;
    import org.springframework.boot.actuate.info.InfoContributor;
    import org.springframework.core.io.Resource;
    import org.springframework.stereotype.Component;
    
    import com.fasterxml.jackson.databind.JsonNode;
    import com.fasterxml.jackson.databind.ObjectMapper;
    
    import brave.internal.Nullable;
    
    @Component
    class CycloneDxInfoContributor implements InfoContributor, InitializingBean {
        private final Resource bomFile;
        private final ObjectMapper objectMapper = new ObjectMapper();
        private @Nullable JsonNode bom;
    
        CycloneDxInfoContributor(@Value("classpath:bom.json") Resource bomFile) {
            this.bomFile = bomFile;
        }
    
        @Override
        public void contribute(Info.Builder builder) {
            if (bom != null) {
                builder.withDetail("bom", bom);
            }
        }
    
        @Override
        public void afterPropertiesSet() throws Exception {
            if (bomFile.exists()) {
                try (InputStream is = bomFile.getInputStream()) {
                    this.bom = objectMapper.readTree(is);
                }
            }
        }
    }
    

Add Micrometer and Wavefront tracing libraries

Adding a micrometer library enables Spring Performance dashboards with JVM metrics and tracing data based RED metrics. When you enable micrometer library on your Spring applications binding to micrometer Wavefront registry, the hub uses Wavefront SDK format for spans for exporting from Spring applications.

Note

Without enabling micrometer monitoring data, enabling only actuator in your Spring applications still helps the hub to discover application dependencies and properties but cannot ingest and populate Spring performance dashboards. The Performance charts on the application dashboards will be empty.

  1. Import the Wavefront for Spring Boot Bill of Materials (BOM) to your project replacing VERSION with the current version.

    Note

    Make sure that you follow the version compatibility matrix for your Spring Boot version and Wavefront for Spring versions. Following an incorrect compatibility matrix will lead to unexpected behaviors, such as the Performance tab not displaying.

    <dependencyManagement>
        <dependencies>
            <dependency>
                <groupId>com.wavefront</groupId>
                <artifactId>wavefront-spring-boot-bom</artifactId>
                <version>VERSION</version>
                <type>pom</type>
                <scope>import</scope>
            </dependency>
        </dependencies>
    </dependencyManagement>
    
  2. Add the wavefront-spring-boot-starter and micrometer-registry-wavefront dependencies.

    <dependency>
        <groupId>com.wavefront</groupId>
        <artifactId>wavefront-spring-boot-starter</artifactId>
    </dependency>
    <dependency>
        <groupId>io.micrometer</groupId>
        <artifactId>micrometer-registry-wavefront</artifactId>
        <scope>runtime</scope>
    </dependency>
    
  3. Add the micrometer-tracing-bridge-brave and micrometer-tracing-reporter-wavefront dependencies to send trace data to Tanzu Platform hub.

    <dependency>
        <groupId>io.micrometer</groupId>
        <artifactId>micrometer-tracing-bridge-brave</artifactId>
    </dependency>
    <dependency>
        <groupId>io.micrometer</groupId>
        <artifactId>micrometer-tracing-reporter-wavefront</artifactId>
        <scope>runtime</scope>
    </dependency>
    
  4. Configure Micrometer to send data to metrics collector.

    • For Spring applications running in a Tanzu Cloud Foundry foundation, add the following sections to your application.yml:

      Note

      Most of the sections apply to Spring 3.x. The properties may be different if you are using 2.x.

      management:
          endpoints:
              web:
                  exposure:
                      include: "info,...,metrics"
          tracing:
              sampling:
                  probability: 0.5 # NOTE: keep to less than 0.5. This is NOT a supported property for Spring 2.x
          wavefront:
              application:
                  name: my-application
                  service-name: my-service
                  custom-tags:
                      instance_guid: ${CF_INSTANCE_GUID}
              api-token: 1111-23this-45is-678a-faketoken # this is a fake token since wavefront lib expects a token, though this is not used for authentication to collector for ingestion
              uri: http://telegraf.hub-collector.service.internal:8765
      
    • For Spring applications running in a Kubernetes cluster, add the following section to your application.yml:

      wavefront:
          application:
              name: my-application
              service-name: my-service
          uri: ${TELEGRAF_URL:http://localhost:2878/} # The TELEGRAF_URL has to be the telegraf pod in the k8s cluster that needs to be exposed with 2878 port for inbound port open for micrometer to send data
      

      The TELEGRAF_URL has to be the telegraf pod in the k8s cluster that needs to be exposed with 2878 port for inbound port open.

Note

You might see some errors in the logs for the Wavefront backend. Ignore the errors.

I/O error on POST request for "https://wavefront.surf/api/v2/trial/spring-boot-autoconfigure": No subject alternative DNS name matching wavefront.surf found.;

check-circle-line exclamation-circle-line close-line
Scroll to top icon