Configure your Spring applications for application management in Tanzu Platform

Before attaching a TAS foundation or Kubernetes cluster as a data source in the Tanzu Platform hub, configure your Spring applications for application management in Tanzu Platform. After that, when you attach the TAS foundation or Kubernetes cluster as a data source in the hub, the corresponding hub collector discovers your Spring applications and groups them into unique business applications, which are mappings to the TAS spaces or Kubernetes namespaces within the data source. These applications, with their dependencies discovered from actuator responses, are used to form business application level application topology views in the hub. In addition, the hub provides Spring application dashboards with JVM metrics and tracing data based RED metrics.

This procedure applies to Spring applications running on:

• a VMware Tanzu Platform for Cloud Foundry or Tanzu Application Service (TAS) foundation
• a Kubernetes cluster

You can also configure Git repositories for discovery and monitoring. See Manage and secure Git code repositories for more information.

Verify the Spring application name

Note

This procedure applies only to Spring applications on Kubernetes. For Spring applications on TAS, the hub uses the Cloud Foundry application name.

Verify that you set a value for the spring.application.name or app.name property in the application.properties file of your Spring application.

During the Spring application discovery, the Kubernetes hub collector fetches the application name from the spring.application.name property, if available. If the spring.application.name property is not available, the hub collector fetches the application name from the app.name property.

Important

If a Spring application on Kubernetes is not configured with any of these properties (spring.application.name or app.name), the Kubernetes hub collector does not create this application in the hub.

Enable Actuator in your Spring applications

If the applications discovered are Spring-based Java applications, the hub collector can collect and enrich with more Spring-specific application dependencies (database, 3rd party service, etc) and properties from actuator responses. The actuator endpoint responses are also used to collect SBOM payload for further library security analysis and recommendations for fixes for CVEs. This is accomplished using the hub collector communicating to the Spring applications running in application instances within the application platform.

1. Add the Spring application Actuator.

   • For Spring applications running in a Kubernetes cluster, follow the instructions for a Maven-based project in this guide.

   • For Spring applications running in a TAS foundation, add the following to your project if you use Maven.

     <dependencies>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
         </dependency>
     </dependencies>
     

2. Enable the actuator endpoints by adding the management and endpoint sections into your application.yml file.

   1. Enable the info endpoint.

      management:
          endpoints:
              web:
                  exposure:
                      include: "info"
      

   2. (Optional) Enable the health endpoint to collect application health information.

      management:
          endpoints:
              web:
                  exposure:
                      include: "info,health"
          endpoint:
              health:
                  show-details: ALWAYS
      

   3. (Optional) Enable the env endpoint to collect configuration properties, such as env:systemProperties#os:name, env:systemProperties#os:version, etc.

      Note

      The hub does not collect sensitive data, such as secrets and passwords. For Spring applications on Kubernetes, connections to Spring apps and services are formed only if URLs of those apps are present in application.properties section of /env endpoint.

      management:
          endpoints:
              web:
                  exposure:
                      include: "info,env"
          endpoint:
              env:
                  show-values: ALWAYS
      

(Optional) Add Git info, Spring Boot version, and application version for your Spring applications

If you want the application discovery collection to also collect Git repository data, so that the application views in the hub show the Git properties of the applications, add the git commit id plugin. The Git properties in the hub help you to correlate your application runtime to commits and understand what level of security (library CVE) compliance your Spring applications in your runtime environments have. In addition, you can also expose information about the Spring Boot and application versions.

Note

Without adding this plugin, we don’t collect any Git properties and don’t show Git information for the application in the hub.

1. Add the git commit id plugin into your plugins section of your pom.xml file:

   • For a Spring application 3.x:

     <plugin>
         <groupId>io.github.git-commit-id</groupId>
         <artifactId>git-commit-id-maven-plugin</artifactId>
         <configuration>
             <verbose>true</verbose>
         </configuration>
     </plugin>
     

   • For a Spring application 2.x:

     <plugin>
         <groupId>pl.project13.maven</groupId>
         <artifactId>git-commit-id-plugin</artifactId>
     </plugin>
     

2. Add the following section in your application.yml file to set up the actuator info endpoint for collecting Git related information.

   management:
       info:
           git:
               mode: full
   

3. Add the following section in your application.yml file to set up the actuator info endpoint for collecting Spring Boot version, application version, and Java related information.

   management:
       info:
           env:
               enabled: true
           java:
               enabled: true
   info:
       app:
           version: "@project.version@"
       spring:
           boot:
               version: "@project.parent.version@"
   

(Optional) Add SBOM info for your Spring applications

If you want the application discovery collection to also collect SBOM data and enable CVE on library analysis, so that the application views in the hub show security libraries governance dashboards, add the CycloneDX plugin.

Note

Without adding this plugin, we don’t collect any SBOM data and don’t show security libraries governance dashboards for the applications in the hub.

1. Add the CycloneDX plugin into your plugins section of your pom.xml file:

   <plugin>
       <groupId>org.cyclonedx</groupId>
       <artifactId>cyclonedx-maven-plugin</artifactId>
       <version>2.7.1</version>
       <executions>
           <execution>
               <phase>validate</phase>
               <goals>
                   <goal>makeAggregateBom</goal>
               </goals>
           </execution>
       </executions>
       <configuration>
           <outputFormat>json</outputFormat>
           <outputName>classes/bom</outputName>
       </configuration>
   </plugin>
   

2. Implement the following class required by the CycloneDX plugin.

   import java.io.InputStream;
   
   import org.springframework.beans.factory.InitializingBean;
   import org.springframework.beans.factory.annotation.Value;
   import org.springframework.boot.actuate.info.Info;
   import org.springframework.boot.actuate.info.InfoContributor;
   import org.springframework.core.io.Resource;
   import org.springframework.stereotype.Component;
   
   import com.fasterxml.jackson.databind.JsonNode;
   import com.fasterxml.jackson.databind.ObjectMapper;
   
   import brave.internal.Nullable;
   
   @Component
   class CycloneDxInfoContributor implements InfoContributor, InitializingBean {
       private final Resource bomFile;
       private final ObjectMapper objectMapper = new ObjectMapper();
       private @Nullable JsonNode bom;
   
       CycloneDxInfoContributor(@Value("classpath:bom.json") Resource bomFile) {
           this.bomFile = bomFile;
       }
   
       @Override
       public void contribute(Info.Builder builder) {
           if (bom != null) {
               builder.withDetail("bom", bom);
           }
       }
   
       @Override
       public void afterPropertiesSet() throws Exception {
           if (bomFile.exists()) {
               try (InputStream is = bomFile.getInputStream()) {
                   this.bom = objectMapper.readTree(is);
               }
           }
       }
   }
   

Add Micrometer and Wavefront tracing libraries

Adding a micrometer library enables Spring Performance dashboards with JVM metrics and tracing data based RED metrics. When you enable micrometer library on your Spring applications binding to micrometer Wavefront registry, the hub uses Wavefront SDK format for spans for exporting from Spring applications.

Note

Without enabling micrometer monitoring data, enabling only actuator in your Spring applications still helps the hub to discover application dependencies and properties but cannot ingest and populate Spring performance dashboards. The Performance charts on the application dashboards will be empty.

1. Import the Wavefront for Spring Boot Bill of Materials (BOM) to your project replacing VERSION with the current version.

   <dependencyManagement>
       <dependencies>
           <dependency>
               <groupId>com.wavefront</groupId>
               <artifactId>wavefront-spring-boot-bom</artifactId>
               <version>VERSION</version>
               <type>pom</type>
               <scope>import</scope>
           </dependency>
       </dependencies>
   </dependencyManagement>
   

2. Add the wavefront-spring-boot-starter and micrometer-registry-wavefront dependencies.

   <dependency>
       <groupId>com.wavefront</groupId>
       <artifactId>wavefront-spring-boot-starter</artifactId>
   </dependency>
   <dependency>
       <groupId>io.micrometer</groupId>
       <artifactId>micrometer-registry-wavefront</artifactId>
       <scope>runtime</scope>
   </dependency>
   

3. Add the micrometer-tracing-bridge-brave and micrometer-tracing-reporter-wavefront dependencies to send trace data to our service.

   <dependency>
       <groupId>io.micrometer</groupId>
       <artifactId>micrometer-tracing-bridge-brave</artifactId>
   </dependency>
   <dependency>
       <groupId>io.micrometer</groupId>
       <artifactId>micrometer-tracing-reporter-wavefront</artifactId>
       <scope>runtime</scope>
   </dependency>
   

4. Configure Micrometer to send data to metrics collector.

   • For Spring applications running in a TAS foundation, add the following sections to your application.yml:

     management:
         endpoints:
             web:
                 exposure:
                     include: "info,...,metrics"
         tracing:
             sampling:
                 probability: 0.5 # NOTE: keep to less than 0.5
         wavefront:
             application:
                 name: my-application
                 service-name: my-service
                 custom-tags:
                     instance_guid: ${CF_INSTANCE_GUID}
             api-token: 1111-23this-45is-678a-faketoken # this is a fake token since wavefront lib expects a token, though this is not used for authentication to collector for ingestion
             uri: http://telegraf.hub-collector.service.internal:8765
     

   • For Spring applications running in a Kubernetes cluster, add the following section to your application.yml:

     wavefront:
         application:
             name: my-application
             service-name: my-service
         uri: ${TELEGRAF_URL:http://localhost:2878/}