You can create a Redis for VMware Tanzu Application Service service instance with service-gateway access. Service-gateway access enables a Redis for VMware Tanzu Application Service on-demand service instance to connect to external components that are not on the same foundation as the service instance.

The following information assumes that you meet the prerequisites for using on-demand Redis for VMware Tanzu Application Service. For more information, see Prerequisites.

If you have enabled a service-gateway plan, you can create a service instance that can connect to components outside the your foundation. Contact your operator if you are unsure which plans are enabled for service-gateway access. For information about the architecture and use cases, see Service-Gateway access.

To create a service instance that enables service-gateway access:

1. Create a service instance with the service-gateway plan by running:

   cf create-service p.redis SERVICE-GATEWAY-PLAN SERVICE-INSTANCE-NAME
   

2. Obtain credentials by creating a service key:

   cf create-service-key SERVICE-INSTANCE-NAME SERVICE-KEY-NAME
   

   The service key looks similar to the following:

   # service-key for non-ha instances
   {
    "credentials": {
      "host": "q-s0.redis-instance.mediumcandyapplered-services-subnet.service-instance-0133e917-5cbf-432d-bab3-f4db5c603539.bosh",
      "password": "apassword",
      "port": 6379,
      "service_gateway_access_port": 1100,
      "service_gateway_enabled": true,
      "tls_port": 16379,
      "tls_versions": [
        "tlsv1.2",
        "tlsv1.3"
      ]
    }
   }
   
   # service-key for ha instances
   {
     "master_name": "redis-master",
     "password": "verysecret",
     "port": 6379,
     "sentinel_password": "verysecretsentinel",
     "sentinels":[
       {"host": "instance-host-1", "port": 26379, "tls_port": 26380},
       {"host": "instance-host-2", "port": 26379, "tls_port": 26380},
       {"host": "instance-host-3", "port": 26379, "tls_port": 26380}
     ],
     "service_gateway_access_port": 1100,
     "service_gateway_enabled": true,
     "tls_port": 16379,
     "tls_versions": ["tlsv1.2","tlsv1.3"]
   }
   

   The service_gateway_access_port field informs you of the port that was reserved for the created service instance. You can use this port to connect to Redis from outside your foundation.

   If you deactivate and then re-activate service gateway access on a plan, you must create new service keys to obtain a new set of credentials for service gateway access.