LATEST VERSION: 2.1 - CHANGELOG

Creating Application Security Groups for MySQL

This topic describes how to create Application Security Groups (ASGs) for MySQL for Pivotal Cloud Foundry (PCF).

To allow smoke tests to run when you install the MySQL for PCF service and allow apps to access MySQL for PCF after it is installed, you must create an appropriate ASG and bind it to the service.

Note: Without an ASG, the service is not installable or usable.

In addition, application containers that access instances of this service require an outbound network connection to the load balancer configured for the MySQL for PCF service.

To create ASGs for the MySQL for PCF service, perform the following steps:

  1. Create a JSON file with the following contents called p-mysql-security-group.json:

    [
      {
         "ports": "3306",
         "protocol": "tcp",
         "destination": "REPLACE WITH THE P-MYSQL LOAD BALANCER IP, RANGE OR CIDR"
      }
    ]
    

    In the destination field, add the IP address, range, or CIDR of the load balancer that you configured for the MySQL for PCF service.

  2. Log in to your PCF deployment as an administrator, and create an ASG named p-mysql-service.

    # after logging in as an administrator
    $ cf create-security-group p-mysql-service p-mysql-security-group.json
    
  3. Bind the new ASG to the default-running ASG set to allow all applications to access the service.

    $ cf bind-running-security-group p-mysql-service
    

    If the service should only be made available to specific spaces, bind the ASG directly to those spaces.

    $ cf bind-security-group p-mysql-service ORGANIZATION_NAME SPACE_NAME
    
Create a pull request or raise an issue on the source for this page in GitHub