Before attaching a TAS foundation or Kubernetes cluster as a data source in the Tanzu Platform hub, configure your Spring applications for application management in Tanzu Platform. After that, when you attach the TAS foundation or Kubernetes cluster as a data source in the hub, the corresponding hub collector discovers your Spring applications and groups them into unique business applications, which are mappings to the TAS spaces or Kubernetes namespaces within the data source. These applications, with their dependencies discovered from actuator responses, are used to form business application level application topology views in the hub. In addition, the hub provides Spring application dashboards with JVM metrics and tracing data based RED metrics.
This procedure applies to Spring applications running on:
You can also configure Git repositories for discovery and monitoring. See Manage and secure Git code repositories for more information.
NoteThis procedure applies only to Spring applications on Kubernetes. For Spring applications on TAS, the hub uses the Cloud Foundry application name.
Verify that you set a value for the spring.application.name
or app.name
property in the application.properties
file of your Spring application.
During the Spring application discovery, the Kubernetes hub collector fetches the application name from the spring.application.name
property, if available. If the spring.application.name
property is not available, the hub collector fetches the application name from the app.name
property.
ImportantIf a Spring application on Kubernetes is not configured with any of these properties (
spring.application.name
orapp.name
), the Kubernetes hub collector does not create this application in the hub.
If the applications discovered are Spring-based Java applications, the hub collector can collect and enrich with more Spring-specific application dependencies (database, 3rd party service, etc) and properties from actuator responses. The actuator endpoint responses are also used to collect SBOM payload for further library security analysis and recommendations for fixes for CVEs. This is accomplished using the hub collector communicating to the Spring applications running in application instances within the application platform.
Add the Spring application Actuator.
For Spring applications running in a TAS foundation, add the following to your project if you use Maven.
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
</dependencies>
Enable the actuator endpoints by adding the management
and endpoint
sections into your application.yml
file.
Enable the info
endpoint.
management:
endpoints:
web:
exposure:
include: "info"
(Optional) Enable the health
endpoint to collect application health information.
management:
endpoints:
web:
exposure:
include: "info,health"
endpoint:
health:
show-details: ALWAYS
(Optional) Enable the env
endpoint to collect configuration properties, such as env:systemProperties#os:name
, env:systemProperties#os:version
, etc.
NoteThe hub does not collect sensitive data, such as secrets and passwords. For Spring applications on Kubernetes, connections to Spring apps and services are formed only if URLs of those apps are present in
application.properties
section of/env
endpoint.
management:
endpoints:
web:
exposure:
include: "info,env"
endpoint:
env:
show-values: ALWAYS
If you want the application discovery collection to also collect Git repository data, so that the application views in the hub show the Git properties of the applications, add the git commit id plugin. The Git properties in the hub help you to correlate your application runtime to commits and understand what level of security (library CVE) compliance your Spring applications in your runtime environments have. In addition, you can also expose information about the Spring Boot and application versions.
NoteWithout adding this plugin, we don’t collect any Git properties and don’t show Git information for the application in the hub.
Add the git commit id plugin into your plugins section of your pom.xml
file:
For a Spring application 3.x:
<plugin>
<groupId>io.github.git-commit-id</groupId>
<artifactId>git-commit-id-maven-plugin</artifactId>
<configuration>
<verbose>true</verbose>
</configuration>
</plugin>
For a Spring application 2.x:
<plugin>
<groupId>pl.project13.maven</groupId>
<artifactId>git-commit-id-plugin</artifactId>
</plugin>
Add the following section in your application.yml
file to set up the actuator info
endpoint for collecting Git related information.
management:
info:
git:
mode: full
Add the following section in your application.yml
file to set up the actuator info
endpoint for collecting Spring Boot version, application version, and Java related information.
management:
info:
env:
enabled: true
java:
enabled: true
info:
app:
version: "@project.version@"
spring:
boot:
version: "@project.parent.version@"
If you want the application discovery collection to also collect SBOM data and enable CVE on library analysis, so that the application views in the hub show security libraries governance dashboards, add the CycloneDX plugin.
NoteWithout adding this plugin, we don’t collect any SBOM data and don’t show security libraries governance dashboards for the applications in the hub.
Add the CycloneDX plugin into your plugins section of your pom.xml
file:
<plugin>
<groupId>org.cyclonedx</groupId>
<artifactId>cyclonedx-maven-plugin</artifactId>
<version>2.7.1</version>
<executions>
<execution>
<phase>validate</phase>
<goals>
<goal>makeAggregateBom</goal>
</goals>
</execution>
</executions>
<configuration>
<outputFormat>json</outputFormat>
<outputName>classes/bom</outputName>
</configuration>
</plugin>
Implement the following class required by the CycloneDX plugin.
import java.io.InputStream;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.actuate.info.Info;
import org.springframework.boot.actuate.info.InfoContributor;
import org.springframework.core.io.Resource;
import org.springframework.stereotype.Component;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import brave.internal.Nullable;
@Component
class CycloneDxInfoContributor implements InfoContributor, InitializingBean {
private final Resource bomFile;
private final ObjectMapper objectMapper = new ObjectMapper();
private @Nullable JsonNode bom;
CycloneDxInfoContributor(@Value("classpath:bom.json") Resource bomFile) {
this.bomFile = bomFile;
}
@Override
public void contribute(Info.Builder builder) {
if (bom != null) {
builder.withDetail("bom", bom);
}
}
@Override
public void afterPropertiesSet() throws Exception {
if (bomFile.exists()) {
try (InputStream is = bomFile.getInputStream()) {
this.bom = objectMapper.readTree(is);
}
}
}
}
Adding a micrometer library enables Spring Performance dashboards with JVM metrics and tracing data based RED metrics. When you enable micrometer library on your Spring applications binding to micrometer Wavefront registry, the hub uses Wavefront SDK format for spans for exporting from Spring applications.
NoteWithout enabling micrometer monitoring data, enabling only actuator in your Spring applications still helps the hub to discover application dependencies and properties but cannot ingest and populate Spring performance dashboards. The Performance charts on the application dashboards will be empty.
Import the Wavefront for Spring Boot Bill of Materials (BOM) to your project replacing VERSION
with the current version.
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.wavefront</groupId>
<artifactId>wavefront-spring-boot-bom</artifactId>
<version>VERSION</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
Add the wavefront-spring-boot-starter
and micrometer-registry-wavefront
dependencies.
<dependency>
<groupId>com.wavefront</groupId>
<artifactId>wavefront-spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-wavefront</artifactId>
<scope>runtime</scope>
</dependency>
Add the micrometer-tracing-bridge-brave
and micrometer-tracing-reporter-wavefront
dependencies to send trace data to our service.
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-tracing-bridge-brave</artifactId>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-tracing-reporter-wavefront</artifactId>
<scope>runtime</scope>
</dependency>
Configure Micrometer to send data to metrics collector.
For Spring applications running in a TAS foundation, add the following sections to your application.yml
:
management:
endpoints:
web:
exposure:
include: "info,...,metrics"
tracing:
sampling:
probability: 0.5 # NOTE: keep to less than 0.5
wavefront:
application:
name: my-application
service-name: my-service
custom-tags:
instance_guid: ${CF_INSTANCE_GUID}
api-token: 1111-23this-45is-678a-faketoken # this is a fake token since wavefront lib expects a token, though this is not used for authentication to collector for ingestion
uri: http://telegraf.hub-collector.service.internal:8765
For Spring applications running in a Kubernetes cluster, add the following section to your application.yml
:
wavefront:
application:
name: my-application
service-name: my-service
uri: ${TELEGRAF_URL:http://localhost:2878/}