Tutorial: Deploy a Spring Boot application on AKS cluster with Azure Database for MySQL - Flexible Server in a VNet

APPLIES TO: Azure Database for MySQL - Flexible Server

In this tutorial, you'll learn how to deploy a Spring Boot application on Azure Kubernetes Service (AKS) cluster with Azure Database for MySQL flexible server in the backend, securely communicating with each other within an Azure virtual network.


This tutorial assumes a basic understanding of Kubernetes concepts, Java Spring Boot and MySQL. For Spring Boot applications, we recommend using Azure Spring Apps. However, you can still use Azure Kubernetes Services as a destination. See Java Workload Destination Guidance for advice.


Create an Azure Database for MySQL flexible server

Create a resource group

An Azure resource group is a logical group in which Azure resources are deployed and managed. Let's create a resource group rg-mysqlaksdemo using the az group create command in the eastus location.

  1. Open command prompt.
  2. Sign in to your Azure account.
    az login
  3. Choose your Azure subscription.
    az account set -s <your-subscription-ID>
  4. Create the resource group.
    az group create --name rg-mysqlaksdemo --location eastus

Create an Azure Database for MySQL flexible server instance

We'll now create an Azure Database for MySQL flexible server instance in a virtual network (private access connectivity method).

  1. Create an Azure virtual network vnet-mysqlaksdemo for all the resources in this tutorial, and a subnet subnet-mysql for the Azure Database for MySQL flexible server instance.

    az network vnet create \
    --resource-group rg-mysqlaksdemo \
    --name vnet-mysqlaksdemo \
    --address-prefixes \
    --subnet-name subnet-mysql \
  2. Create an Azure Database for MySQL flexible server instance mysql-mysqlaksdemo in the above created subnet, using the az mysql flexible-server create command. Replace your values for admin username and password.

    az mysql flexible-server create \
    --name mysql-mysqlaksdemo \
    --resource-group rg-mysqlaksdemo \
    --location eastus \
    --admin-user <your-admin-username> \
    --admin-password <your-admin-password> \
    --vnet vnet-mysqlaksdemo \
    --subnet subnet-mysql

    You have now created an Azure Database for MySQL flexible server instance in the eastus region with Burstable B1MS compute, 32 GB storage, 7 days backup retention period, and in the provided subnet subnet-mysql. This subnet should not have any other resource deployed in it and will be delegated to Microsoft.DBforMySQL/flexibleServers.

  3. Configure a new Azure Database for MySQL flexible server database demo to be used with the Spring Boot Application.

    az mysql flexible-server db create \
    --resource-group rg-mysqlaksdemo \
    --server-name mysql-mysqlaksdemo \
    --database-name demo

Create an Azure container registry

Create a private Azure container registry in the resource group. This tutorial pushes the sample app as a Docker image to this registry in later steps. Replace mysqlaksdemoregistry with a unique name for your registry.

az acr create --resource-group rg-mysqlaksdemo \
--location eastus \
--name mysqlaksdemoregistry \
--sku Basic

Code the application

In this section, we'll code the demo application. If you want to go faster, you can download the coded application available at https://github.com/Azure-Samples/tutorial-springboot-mysql-aks and skip to the next section - Build the image and push to ACR.

  1. Generate the application using Spring Initializr.

    curl https://start.spring.io/starter.tgz \
    -d dependencies=web,data-jdbc,mysql \
    -d baseDir=springboot-mysql-aks \
    -d bootVersion=2.5.6.RELEASE \
    -d artifactId=springboot-mysql-aks \
    -d description="Spring Boot on AKS connecting to Azure DB for MySQL" \
    -d javaVersion=1.8 | tar -xzvf -

    A base Spring Boot application will be generated inside the springboot-mysql-aks folder.

    Use your favorite text editor like VSCode or any IDE for the following steps.

  2. Configure Spring Boot to use Azure Database for MySQL flexible server.

    Open the src/main/resources/application.properties file, and add the below snippet. This code is reading the database host, database name, username, and password from the Kubernetes manifest file.



    The configuration property spring.datasource.initialization-mode=always means that Spring Boot will automatically generate a database schema, using the schema.sql file that we will create later, each time the server is started. This is great for testing, but remember this will delete your data at each restart, so this shouldn't be used in production!


    We append ?serverTimezone=UTC to the configuration property spring.datasource.url, to tell the JDBC driver to use the UTC date format (or Coordinated Universal Time) when connecting to the database. Otherwise, our Java server would not use the same date format as the database, which would result in an error.

  3. Create the database schema.

    Spring Boot will automatically execute src/main/resources/schema.sql to create a database schema. Create that file, with the following content:

    CREATE TABLE todo (id SERIAL PRIMARY KEY, description VARCHAR(255), details VARCHAR(4096), done BOOLEAN);
  4. Code the Java Spring Boot application.

    Add the Java code that will use JDBC to store and retrieve data from your MySQL server. Create a new Todo Java class, next to the DemoApplication class, and add the following code:

    package com.example.springbootmysqlaks;
    import org.springframework.data.annotation.Id;
    public class Todo {
        public Todo() {
        public Todo(String description, String details, boolean done) {
            this.description = description;
            this.details = details;
            this.done = done;
        private Long id;
        private String description;
        private String details;
        private boolean done;
        public Long getId() {
            return id;
        public void setId(Long id) {
            this.id = id;
        public String getDescription() {
            return description;
        public void setDescription(String description) {
            this.description = description;
        public String getDetails() {
            return details;
        public void setDetails(String details) {
            this.details = details;
        public boolean isDone() {
            return done;
        public void setDone(boolean done) {
            this.done = done;

    This class is a domain model mapped on the todo table that you created before.

    To manage that class, you'll need a repository. Define a new TodoRepository interface in the same package:

    package com.example.springbootmysqlaks;
    import org.springframework.data.repository.CrudRepository;
    public interface TodoRepository extends CrudRepository<Todo, Long> {

    This repository is a repository that Spring Data JDBC manages.

    Finish the application by creating a controller that can store and retrieve data. Implement a TodoController class in the same package, and add the following code:

    package com.example.springbootmysqlaks;
    import org.springframework.http.HttpStatus;
    import org.springframework.web.bind.annotation.*;
    public class TodoController {
        private final TodoRepository todoRepository;
        public TodoController(TodoRepository todoRepository) {
            this.todoRepository = todoRepository;
        public Todo createTodo(@RequestBody Todo todo) {
            return todoRepository.save(todo);
        public Iterable<Todo> getTodos() {
            return todoRepository.findAll();
  5. Create a new Dockerfile in the base directory springboot-mysql-aks and copy this code snippet.

    FROM openjdk:8-jdk-alpine
    RUN addgroup -S spring && adduser -S spring -G spring
    USER spring:spring
    ARG DEPENDENCY=target/dependency
    COPY ${DEPENDENCY}/BOOT-INF/lib /app/lib
    COPY ${DEPENDENCY}/BOOT-INF/classes /app
    ENTRYPOINT ["java","-cp","app:app/lib/*","com.example.springbootmysqlaks.DemoApplication"]
  6. Go to the pom.xml file and update the <properties> collection in the pom.xml file with the registry name for your Azure Container Registry and the latest version of jib-maven-plugin. Note: If your ACR name contains upper case characters, be sure to convert them to lower case characters.

  7. Update the <plugins> collection in the pom.xml file so that there is a <plugin> element containing an entry for the jib-maven-plugin, as shown below. Note that we are using a base image from the Microsoft Container Registry (MCR): mcr.microsoft.com/java/jdk:8-zulu-alpine, which contains an officially supported JDK for Azure. For other MCR base images with officially supported JDKs, see the docker hub.


Build the image and push to ACR

In the command prompt, navigate to springboot-mysql-aks folder and run the following commands to first set the default name for Azure Container Registry (otherwise you'll need to specify the name in az acr login), build the image and then push the image to the registry.

Ensure that your docker daemon is running while executing this step.

az config set defaults.acr=mysqlaksdemoregistry
az acr login && mvn compile jib:build

Create a Kubernetes cluster on AKS

We'll now create an AKS cluster in the virtual network vnet-mysqlaksdemo.

In this tutorial, we'll use Azure CNI networking in AKS. If you'd like to configure kubenet networking instead, see Use kubenet networking in AKS.

  1. Create a subnet subnet-aks for the AKS cluster to use.

    az network vnet subnet create \
    --resource-group rg-mysqlaksdemo \
    --vnet-name vnet-mysqlaksdemo \
    --name subnet-aks \
  2. Get the subnet resource ID.

    SUBNET_ID=$(az network vnet subnet show --resource-group rg-mysqlaksdemo --vnet-name vnet-mysqlaksdemo --name subnet-aks --query id -o tsv)
  3. Create an AKS cluster in the virtual network, with Azure Container Registry (ACR) mysqlaksdemoregistry attached.

        az aks create \
        --resource-group rg-mysqlaksdemo \
        --name aks-mysqlaksdemo \
        --network-plugin azure \
        --service-cidr \
        --dns-service-ip \
        --docker-bridge-address \
        --vnet-subnet-id $SUBNET_ID \
        --attach-acr mysqlaksdemoregistry \
        --dns-name-prefix aks-mysqlaksdemo \

    The following IP address ranges are also defined as part of the cluster create process:

    • The --service-cidr is used to assign internal services in the AKS cluster an IP address. You can use any private address range that satisfies the following requirements:

      • Must not be within the virtual network IP address range of your cluster
      • Must not overlap with any other virtual networks with which the cluster virtual network peers
      • Must not overlap with any on-premises IPs
      • Must not be within the ranges,,, or
    • The --dns-service-ip address is the IP address for the cluster's DNS service. This address must be within the Kubernetes service address range. Don't use the first IP address in your address range. The first address in your subnet range is used for the kubernetes.default.svc.cluster.local address.

    • The --docker-bridge-address is the Docker bridge network address which represents the default docker0 bridge network address present in all Docker installations. You must pick an address space that does not collide with the rest of the CIDRs on your networks, including the cluster's service CIDR and pod CIDR.

Deploy the application to AKS cluster

  1. Go to your AKS cluster resource on the Azure portal.

  2. Select Add and Add with YAML from any of the resource views (Namespace, Workloads, Services and ingresses, Storage, or Configuration).

    Screenshot that shows Azure Kubernetes Service resource view on Azure portal.

  3. Paste in the following YAML. Replace your values for Azure Database for MySQL flexible server admin username and password.

    apiVersion: apps/v1
    kind: Deployment
      name: springboot-mysql-aks
      replicas: 1
          app: springboot-mysql-aks
            app: springboot-mysql-aks
          - name: springboot-mysql-aks
            image: mysqlaksdemoregistry.azurecr.io/springboot-mysql-aks:latest
            - name: DATABASE_HOST
              value: "mysql-mysqlaksdemo.mysql.database.azure.com"
            - name: DATABASE_USERNAME
              value: "<your-admin-username>"
            - name: DATABASE_PASSWORD
              value: "<your-admin-password>"
            - name: DATABASE_NAME    
              value: "demo"     
    apiVersion: v1
    kind: Service
      name: springboot-mysql-aks
      type: LoadBalancer
      - port: 80
        targetPort: 8080
        app: springboot-mysql-aks
  4. Select Add at the bottom of the YAML editor to deploy the application.

    Screenshot that shows Add with YAML editor.

  5. Once the YAML file is added, the resource viewer shows your Spring Boot application. Make a note of the linked external IP address included in the external service.

    Screenshot that shows Azure portal view of Azure Kubernetes cluster service external IP.

Test the application

To test the application, you can use cURL.

First, create a new "todo" item in the database using the following command.

curl --header "Content-Type: application/json" \
--request POST \
--data '{"description":"configuration","details":"congratulations, you have deployed your application correctly!","done": "true"}' \

Next, retrieve the data by using a new cURL request, or by entering the cluster External IP in your browser.

curl http://<AKS-service-external-ip>

This command will return the list of "todo" items, including the item you've created.

[{"id":1,"description":"configuration","details":"congratulations, you have deployed your application correctly!","done":true}]

Here's a screenshot of these cURL requests: Screenshot that shows command line output of cURL requests.

You can see a similar output through your browser: Screenshot that shows browser request output.

Congratulations! You've successfully deployed a Spring Boot application on Azure Kubernetes Service (AKS) cluster with Azure Database for MySQL flexible server in the backend!

Clean up the resources

To avoid Azure charges, you should clean up unneeded resources. When the cluster is no longer needed, use the az group delete command to remove the resource group, container service, and all related resources.

az group delete --name rg-mysqlaksdemo


When you delete the cluster, the Microsoft Entra service principal used by the AKS cluster is not removed. For steps on how to remove the service principal, see AKS service principal considerations and deletion. If you used a managed identity, the identity is managed by the platform and does not require removal.

Next steps