You requested and we listened — as a customer of IBM Cloud, you can now use Virtual Private Endpoints to connect from your VPC network to IBM Cloud Code Engine applications.
You can do so by using IP addresses of your choosing, which are allocated from a subnet within your VPC.
Why does it matter to you?
Clients that run applications within their own VPC often want to leverage the benefits of serverless scalability by running parts of the application in a serverless platform without leaving the boundary of their VPC network.
Imagine, for example, an application that is running on an IBM Cloud Kubernetes Service cluster in your VPC and requires some heavy background processing of a large chunk of data in IBM Cloud Object Storage. Another example could be a component of your application that needs to scale very dynamically and might not even need to run for some period of time (scale to zero). Or, you need the application to react to unpredictable events very dynamically.
Instead of scaling the cluster and buying the capacity yourself, you could run the processing on IBM Cloud Code Engine (as an application or as batch jobs). In this case, you would only pay for what you actually use in terms of vCPU and memory, without the need to deal with any capacity provisioning.
The new feature of Virtual Private Endpoints allows you to do this without leaving the boundaries of your VPC. That means you can connect to IBM Cloud Code Engine just like it would be part of your VPC from a network connectivity and security perspective.
About IBM Cloud Code Engine
IBM Cloud Code Engine is a fully managed, serverless platform that runs your containerized workloads, including web apps, microservices, event-driven functions and batch jobs with run-to-completion characteristics. Code Engine even builds container images for you from your source code. Because these workloads are all hosted within the same Code Engine project, all of them can seamlessly work together. The Code Engine experience is designed so that you can focus on writing code and not on the infrastructure that is needed to host it.
About Virtual Private Endpoints (VPE)
Virtual Private Endpoints provide a connection to your project resources and applications on the IBM Cloud Private network. When you connect through a Virtual Private Endpoint, all traffic is routed to hardware that is dedicated to Code Engine applications and remains on the IBM Cloud Private network.
With Code Engine, you can use the following types of VPEs:
- Virtual Private Endpoints to manage project resources: There is one static VPE per region.
- Virtual Private Endpoints to access applications: There is one VPE per Code Engine project. All apps within the project can be accessed by using this VPE.
From now on, Code Engine projects are automatically configured with both a public and a Virtual Private Endpoint. You can control the visibility of Code Engine applications and specify whether to expose the application to public or private endpoints. An application that is configured for the private network can be accessed via the VPE or by other Code Engine apps. Applications accessed via the VPE do not leave the IBM network and stay within the IBM Cloud network.
Visit the step-by-step documentation to learn about Using Virtual Private Endpoints with Code Engine.