Introduction for App Developers

Redis for PCF Services
Related Software
Use TLS

Page last updated:

This section introduces Redis for Pivotal Cloud Foundry (PCF) services for developers and links to more information.

For instructions on creating, binding to, and deleting an instance of the On-Demand, or Shared-VM plan, see Using Redis for PCF.

Redis for PCF Services

Redis for PCF v2.0 and later offers On-Demand and Shared-VM services.

On-Demand Service—Provides a dedicated VM running a Redis instance. The operator can configure up to three plans with different configurations, memory sizes, and quotas. App developers can provision an instance for any of the On-Demand plans offered and configure certain Redis settings.
Shared-VM Service—Provides support for a number of Redis instances running in a single VM. It is designed for testing and development purposes only, do not use the Shared-VM service in production environments. The Shared-VM instances are pre-provisioned by the operator with a fixed number of instances and memory size. App developers can then use one of these pre-provisioned instances.

For more information about the plans, see the On-Demand Service Offering and the Shared-VM Service Offering.

Below are descriptions of software frequently used with Redis.

Redis for PCF with Spring

Spring Cloud Spring Service Connectors connect to Redis for PCF. For more information, see the Redis section in the Spring Cloud Spring Service Connector documentation.

Spring Cloud Cloud Foundry connectors automatically connect to Redis for PCF. For more information, see the Redis section in the Spring Cloud Cloud Foundry Connector documentation.

To view an example Spring app using Redis as a cache with failover, see the Redis Reference Architectures GitHub repository.

Redis for PCF with Steeltoe

Steeltoe Cloud Connectors can connect to Redis for PCF. See the Steeltoe Cloud Connectors documentation.

To view examples of Steeltoe apps using Redis as a cache with failover, see the Example Steeltoe App repository in GitHub.

Warning: The Steeltoe connector for Redis requires Redis for PCF to support Lua scripting. Check whether the language you are using requires Lua scripting. If it does, contact your operator. By default, Lua scripting is disabled for Redis for PCF, but a PCF operator can change the setting to enable it by selecting the Lua Scripting checkbox in each service plan’s On-Demand Plan configuration pane.

Other Software

PCF Dev is a version of PCF that is small enough to run on a local machine. For more information, see https://pivotal.io/pcf-dev.
Sample Ruby code that uses PCF can be found in the CF Redis Example App GitHub repository.
Redis is an open-source in-memory datastore. To learn more about Redis itself, see redis.io.

Use TLS

Follow the steps below to securely bind your apps to a Redis instance with TLS.

Spring and Steeltoe apps use TLS by default when available.

Check Availability

You can check if TLS has been enabled on the on-demand Redis service by inspecting the service key. To do so, do the following:

Create a service key by running the following command:
```
cf create-service-key MY-INSTANCE MY-KEY
```

Display the service key by running the following command:

cf service-key MY-INSTANCE MY-KEY

This returns a JSON response in this format:

{
            "host": "q-s0.redis-instance.ENVIRONMENT-NAME-services-subnet.service-instance-GUID.bosh",
            "password": YOUR-PASSWORD,
            "port": INSECURE-PORT-NUMBER,
            "tls_port": SECURE-PORT-NUMBER
        }

If you do not see the tls_port field, TLS has not been enabled on your Redis service.

Bind New Apps with TLS

Follow the steps below to securely bind new apps to a Redis instance.

For new apps, cf bind-service exposes both TLS ports and non-secure ports. Custom connectors also make both ports available. To support secure service bindings, you must specify the TLS port in your app code.

Below is an example of manually selecting the TLS port for a redis_client in Ruby:

require 'redis'
require 'cf-app-utils'

def redis_credentials
  service_name = ENV['service_name'] || "redis"
  if ENV['VCAP_SERVICES']
      all_pivotal_redis_credentials = CF::App::Credentials.find_all_by_all_service_tags(['redis', 'pivotal'])
      if all_pivotal_redis_credentials && all_pivotal_redis_credentials.first
          all_pivotal_redis_credentials.first
      else
          redis_service_credentials = CF::App::Credentials.find_by_service_name(service_name)
          redis_service_credentials
      end
  end
end

def redis_client
   @client ||= Redis.new(
     host: redis_credentials.fetch('host'),
     port: redis_credentials.fetch('tls_port'),
     password: redis_credentials.fetch('password'),
     ssl: true,
     timeout: 30
end

For Spring apps, use Java CFEnv v1.1.0 or later. See Redis Spring Boot Reference Architecture in GitHub.

For Steeltoe apps, use Steeltoe 2.3.0 or later. See Redis Steeltoe Reference Architecture in GitHub.

Bind Existing Apps with TLS

For each app using the Redis service with a non-TLS binding, do the following:

Remove the current binding by running the following command:
```
cf unbind-service APP-NAME SERVICE-INSTANCE
```
Re-bind to the Redis instance by running the following command:
```
cf bind-service APP-NAME SERVICE-INSTANCE
```
Restage the app by running the following command:
```
cf restage-app APP-NAME
```

Your app now communicates securely with the Redis on-demand service instance.

Create a pull request or raise an issue on the source for this page in GitHub