You can create a service instance with service-gateway access. You can activate and deactivate service-gateway access on an existing service instance.
For general information about service-gateway access, including about architecture and use cases, see About Service-Gateway access.
If service-gateway access is activated for the foundation, the external components that are outside the foundation can connect to MySQL service instances. These external components are also referred to as off-platform components.
These components are typically:
Note Apps that are deployed in the same foundation as the service instance, can connect to the service instance directly without going through the service-gateway.
The procedures in this topic assume:
You meet the prerequisites for using VMware SQL with MySQL for Tanzu Application Service. For more information, see Prerequisites in Using VMware SQL with MySQL for Tanzu Application Service.
Your operator has activated service-gateway access. If you do not know if the foundation is activated for service-gateway access, contact your operator.
The following procedure describes how to create a new MySQL service instance that can be accessed by external components.
To create a service instance that enables service-gateway access:
Run:
cf create-service p.mysql PLAN SERVICE-INSTANCE-NAME -c '{"enable_external_access": true}'
Where:
PLAN
is the name of the VMware SQL with MySQL for TAS plan you want to use.SERVICE-INSTANCE-NAME
is a name you choose for the service instance. This name appears under service
in the output from cf services
.Obtain credentials by creating a service key. Run:
cf create-service-key SERVICE-INSTANCE-NAME SERVICE-KEY
Where:
SERVICE-INSTANCE-NAME
is the name of the instance you created above.SERVICE-KEY
is a name you choose for the service key. Choose a name that indicates that the key contains credentials for off-platform access.Note If you deactivate and then activate service-gateway access again on the foundation, you must create new service keys to obtain a new set of credentials for service-gateway access.
Use the keys in the service key to access the service instance from outside the foundation.
This is an example of a service key:
{
"hostname": "tcp.turtlegreen.cf-app.com",
"jdbcUrl": "jdbc:mysql://tcp.turtlegreen.cf-app.com:1035/service_instance_db?user=4801b239ba514be0be393cb33a0f3431\u0026password=g3mfwbz00byl6s5a\u0026sslMode=VERIFY_IDENTITY\u0026useSSL=true\u0026requireSSL=true\u0026enabledTLSProtocols=TLSv1.2\u0026serverSslCert=/etc/ssl/certs/ca-certificates.crt",
"name": "service_instance_db",
"password": "g3mfwbz00byl6s5a",
"port": 1035,
"tls": {
"cert": {
"ca": "-----BEGIN CERTIFICATE-----\nMIIDLTCCAhWgAwIBAgIUTgFaBwCzHAZfdQ5gHtol0IjMUXIwDQYJKoZIhvcNAQEL\nBQAwJjEkMCIGA1UEAxMbZG0tcm9vdC5kZWRpY2F0ZWQtbXlzcWwuY29tMB4XDTIw\nMTEwMjE0MDUyNloXDTIxMTEwMjE0MDUyNlowJjEkMCIGA1UEAxMbZG0tcm9vdC5k\nZWRpY2F0ZWQtbXlzcWwuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEArLEuvd6HKVEgIs+SeZBMVVT7UafRQp2NWNV1mYS4zthXzP3q7MNPQr3Hr+qp\nANO95Mnq5bCxXAIHFIOUS4nHkSYPSNkaGmkRrUiDLkEH+xGodAKnmshPcfuhW8gO\nc5RTrqgCsNEzpAask7MQoj9njp8oQyNQ2qS7zm9t91XYiLc1RstKc9jnyU3xzJDr\n6+FBqC9uwyJIhV9fGsmUxnB7OMS8kx/uYmOPeNL6ywIAypQBaIIPs7THzqDPe+Qi\nY8o2J5ylFWXasz3tGjtTCetSmrfyBzZFNc1EmqzABkNTXi/qfRs5KtS+UtRqtIsF\nTgL/F0bBlZe15bv7MahMVRqeOwIDAQABo1MwUTAdBgNVHQ4EFgQUNdcf3u9oTtLl\noQ3Y7J5wCCtNKLAwHwYDVR0jBBgwFoAUNdcf3u9oTtLloQ3Y7J5wCCtNKLAwDwYD\nVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAFEkmfosL5eLIri6Wi2dQ\nva5olI5xMwaHAp7gaqp9rxPUlugMgSsiNqzS5fL/682HbsqLVQijEg4tbX5VeA/6\ndztZE58DUjXam1YOU6THUt8oeK6NtUJ3TmjTttFWB+x2yvQefJoldGslBh06HzBr\nY5CrlkVsiLek2JKmU9LQ2XQ7CIZEzz20MJp8CrDDsn1U3BjUrUVmlLdgAtIuWgJ7\nufmYar41bWcMjsNvETrOxWtY5uvErmP+Z+0GGdYEUimLgxCc6WfBWdhMbEygOS4G\n6amSkb/rZTHWr0z4swHdrNtP627jhtcdjlh5QFQYYxc8O/jeAehUdS06JjG9qUzP\nFQ==\n-----END CERTIFICATE-----\n"
}
},
"uri": "mysql://4801b239ba514be0be393cb33a0f3431:[email protected]:1035/service_instance_db?reconnect=true",
"username": "4801b239ba514be0be393cb33a0f3431"
}
The four keys that change to include the TCP domain and TCP port are hostname
, jdbcUrl
, port
, and uri
. The keys that you need depend on the type of component that you are accessing the service instance from.
If you already have a MySQL service instance, you can make it accessible to external components by activating service-gateway access.
To activate service-gateway access on an existing MySQL service instance:
Run:
cf update-service SERVICE-INSTANCE-NAME -c '{"enable_external_access": true}'
Where SERVICE-INSTANCE-NAME
is the name of the service instance that you want to make available for off-platform access. This name appears under service
in the output from cf services
.
Obtain credentials by creating a service key. Follow steps 2 and 3 in Create a service instance that allows off-platform access.
If you have a MySQL service instance that no longer needs to be accessed from outside the foundation, deactivate service-gateway access for that service instance.
To deactivate service-gateway access on a MySQL service instance:
Run:
cf update-service SERVICE-INSTANCE-NAME -c '{"enable_external_access": false}'
Where SERVICE-INSTANCE-NAME
is the name of the service instance for which you want to deactivate service-gateway access.