You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -37,7 +37,7 @@ Review the capabilities that {{site.data.keyword.codeengineshort}} provides to r
37
37
| Control access | Assign platform and services access permissions to your projects in IBM Cloud Identity and Access Management to control who can provision and manage resources in your IBM Cloud account. |
38
38
| Based on open source | {{site.data.keyword.codeengineshort}} is built on a set of open source technologies such as Kubernetes, Knative, Istio, and Tekton, keeping your apps and jobs portable. |
39
39
| DDoS protection | {{site.data.keyword.codeengineshort}} provides immediate DDoS protection for your application. {{site.data.keyword.codeengineshort}}'s DDoS protection is provided by {{site.data.keyword.cis_short}} at no additional cost to you. DDoS protection covers System Interconnection (OSI) Layer 3 and Layer 4 (TCP/IP) protocol attacks, but not Layer 7 (HTTP) attacks. See [DDoS protection](/docs/codeengine?topic=codeengine-secure#secure-ddos). |
@@ -60,4 +60,4 @@ Learn the basics about {{site.data.keyword.codeengineshort}} by reviewing the fo
60
60
| Secret | A secret provides a method to include sensitive configuration information, such as passwords or SSH keys, to your deployment. By referencing values from your secret, you can decouple sensitive information from your deployment to keep your app, function, or job portable. Anyone who is authorized to your project can also view your secrets; be sure that you know that the secret information can be shared with those users. Secrets contain information in key-value pairs. |
61
61
| Service binding | Service bindings provide applications, jobs, and functions access to {{site.data.keyword.cloud_notm}} services. |
62
62
| Subscription | A subscription provides a way of signing up to receive events from a particular event producer. For more information about the different types of event producers and how to subscribe to them, see [Subscribing to event producers](/docs/codeengine?topic=codeengine-subscribing-events). |
@@ -42,7 +42,7 @@ Public registries, such as public Docker Hub, can be used to get started with Do
42
42
|[{{site.data.keyword.registrylong_notm}}](/docs/Registry?topic=Registry-getting-started#getting-started)| With this type of registry, you can set up your own secured image repository in {{site.data.keyword.registrylong_notm}} where you can safely store and share images between users. \n With {{site.data.keyword.registrylong_notm}}, you can \n - Manage access to images in your account. \n - Use {{site.data.keyword.IBM_notm}} provided images and sample apps, such as {{site.data.keyword.IBM_notm}} Liberty, as a base image and add your own app code to it. |
43
43
|Any other private registry | Connect any existing private registry to {{site.data.keyword.codeengineshort}} by adding access. Adding access securely saves your registry URL and credentials in a Kubernetes secret. \n With private registries, you can: \n - Use existing private registries independent of their source (Docker Hub, organization-owned registries, or other private Cloud registries). |
44
44
| [Public Docker Hub](https://hub.docker.com/){: external}{: #dockerhub} | Use this type of registry to pull existing public images from Docker Hub directly in your {{site.data.keyword.codeengineshort}} applications or jobs. \n \n **Important** \n - This registry type might not meet your organization's security requirements such as access management, vulnerability scanning, or app privacy. \n - When you pull an image from Docker Hub to use with apps or jobs in {{site.data.keyword.codeengineshort}}, be aware of [Docker rate limits](https://docs.docker.com/docker-hub/download-rate-limit){: external} for free plan (anonymous) users. You might experience pull limits if you receive a `429` error which indicates that you have reached your pull rate limit. To [increase rate limits](https://www.docker.com/increase-rate-limits){: external}, you can upgrade your account to a Docker `Pro` or `Team` subscription. \n \n With public Docker Hub, you can: \n - These images can be referred to directly when you create an app or job, no additional setup is required. \n - Includes various open source applications. |
45
-
{: caption="Table 1. Public and private image registry types" caption-side="bottom"}
45
+
{: caption="Public and private image registry types" caption-side="bottom"}
46
46
47
47
## Types of registry secrets
48
48
{: #types-registryaccesssecrets}
@@ -80,7 +80,7 @@ To determine the authorities that you need, consider the following cases:
80
80
| Push images |`Reader` and `Writer` service access | When you build source code, you must push the image to a registry. To push images to your registry, you must have read and write access, and you must have a registry secret. |
81
81
| Create a namespace |`Reader`, `Writer`, and `Manager` service access | This action is only supported for {{site.data.keyword.registrylong_notm}}. |
82
82
| {{site.data.keyword.codeengineshort}} automatically created registry secret |`Administrator` platform access \n `Reader`, `Writer`, and `Manager` service access| This action is only supported for {{site.data.keyword.registrylong_notm}}. |
83
-
{: caption="Table 2. Access authorities for image registry" caption-side="bottom"}
83
+
{: caption="Access authorities for image registry" caption-side="bottom"}
84
84
85
85
### Can I use a service ID?
86
86
{: #authorities-registry-service-id}
@@ -241,7 +241,7 @@ The following table summarizes the options that are used with the **`secret crea
241
241
|`--server`| Enter the URL of the registry server. For {{site.data.keyword.registryshort}}, the server name is `<region>.icr.io`. For example, `us.icr.io`. For [Docker Hub](https://hub.docker.com/), the value is `https://index.docker.io/v1/`.|
242
242
|`--username`| Enter the username to access the registry server. For {{site.data.keyword.registryshort}}, it is `iamapikey`. For Docker Hub, it is your Docker ID. |
243
243
|`--password`| Enter the password. For {{site.data.keyword.registryshort}}, the password is your API key. For Docker Hub, you can use your Docker Hub password or an [access token](#access-private-docker-hub). |
## Authorizing access to {{site.data.keyword.registryshort}} with service ID
247
247
{: #authorize-cr-service-id}
@@ -327,7 +327,7 @@ To pull images from {{site.data.keyword.registryfull_notm}} in a different accou
327
327
| `<service_ID>` | Required. Replace with the `codeengine-<project_name>-id` service ID that you previously created. |
328
328
| `--roles <service_access_role>` | Required. Enter the [service access role for {{site.data.keyword.registrylong_notm}}](/docs/Registry?topic=Registry-iam#service_access_roles) that you want to scope the service ID access to. Possible values are `Reader`, `Writer`, and `Manager`. If you are pulling images, then `Reader` access is sufficient. For more information, see [Setting up authorities for image registries](#authorities-registry).|
329
329
| `--service-name <container-registry>` | Required. Enter `container-registry` to create an IAM policy for {{site.data.keyword.registrylong_notm}}.
330
-
{: caption="Table 4. iam service-policy-create command components" caption-side="bottom"}
3. Create a custom service policy to allow access to `iam-identity` service so that {{site.data.keyword.codeengineshort}} can retrieve the API key for your service ID with the **`iam service-policy-create`** command.
@@ -346,7 +346,7 @@ To pull images from {{site.data.keyword.registryfull_notm}} in a different accou
346
346
| `<service_ID>` | Required. Replace with the `codeengine-<project_name>-id` service ID that you previously created. |
347
347
| `--roles <platform_access_role>` | Required. Enter the platform access role that you want to scope the service ID access to. Possible values are `Administrator`, `Editor`, `Operator`, and `Viewer`. Your service ID requires `Operator` or higher. |
348
348
| `--service-name <iam-identity>` | Required. Enter `iam-identity` to create an IAM policy for IAM identify services. |
349
-
{: caption="Table 5. iam service-policy-create command components" caption-side="bottom"}
4. Create an API key for the service ID with the **`iam service-api-key-create`** command. For a complete listing of the **`iam service-api-key-create`** command and its options, see the [**`ibmcloud iam service-api-key-create`**](/docs/account?topic=account-ibmcloud_commands_iam#ibmcloud_iam_service_api_key_create) command. Name the API key similar to your service ID, and include the service ID that you previously created, `codeengine-<project_name>-id`. Be sure to give the API key a description that helps you retrieve the key later.
@@ -409,7 +409,7 @@ The name of your image that is used for your app or job must be in one of the fo
{: caption="Table 6. Rules for image name" caption-side="bottom"}
412
+
{: caption="Rules for image name" caption-side="bottom"}
413
413
414
414
The parts of the image name must meet the following criteria.
415
415
@@ -419,4 +419,3 @@ The parts of the image name must meet the following criteria.
419
419
- `REPOSITORY` must be between 2 and 255 characters and must begin and end with a lowercase letter or number. `REPOSITORY` can contain lowercase alphanumeric characters, forward slashes (/), periods (.), hyphens (-), and underscores (`_`).
420
420
- `TAG` must be between 0 and 128 characters and can contain lowercase or uppercase letters, numbers, periods (.), hyphens (-), and underscores (`_`). The `TAG` must not begin with a period or dash. If you do not include a `TAG`, do not include the colon either.
421
421
- `IMAGEID` is prefixed with `sha256:` and can contain lowercase letters and numbers.
Copy file name to clipboardExpand all lines: app-domainmapping.md
+2-5
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
3
3
copyright:
4
4
years: 2022, 2024
5
-
lastupdated: "2024-03-19"
5
+
lastupdated: "2024-10-09"
6
6
7
7
keywords: domain mapping, custom domain, applications in code engine, apps in code engine, http requests in code engine, deploy apps in code engine, app workloads in code engine, deploying workloads in code engine, application, domain mappings, custom domain mappings, CNAME, TLS, TLS secret, private key, certificate
8
8
@@ -154,7 +154,7 @@ The following table summarizes the options that are used with the **`domainmappi
154
154
| `--domain-name` | The name of the custom domain mapping. Specify the name of your custom domain, such as `www.example.com`. This value is required. |
155
155
| `--target` | The name of the target {{site.data.keyword.codeengineshort}} application. This value is required. |
156
156
| `--tls-secret` | The TLS secret for the domain mapping. This value is required. |
Now you have a custom domain mapping that is created in {{site.data.keyword.codeengineshort}}. However, requests that are sent to your application are not (yet) routed to your custom domain. Next, [complete the custom domain configuration with your domain registrar](#app-completing-custom-domain) (*outside of {{site.data.keyword.codeengineshort}}*).
@@ -213,6 +213,3 @@ The output of the call to the custom domain is mapped to the `myapp` application
213
213
{: note}
214
214
215
215
For more information about domain mappings in {{site.data.keyword.codeengineshort}}, see [Working with custom domain mappings](/docs/codeengine?topic=codeengine-domain-mappings).
Copy file name to clipboardExpand all lines: app-workloads.md
+1-1
Original file line number
Diff line number
Diff line change
@@ -37,7 +37,7 @@ An application, or app, runs your code to serve HTTP requests. In addition to tr
37
37
| Parallelism | Parallel execution, flexible | Low to medium parallel execution | High parallel execution |
38
38
| Scale-out | Based on number of requests | Based on job workload definition | Based on events or direct invocations |
39
39
| Optimized for | Long running, highly complex workload and on-demand scale-out | Scheduled or planned workloads with high resource demands | Startup time and rapid scale-out |
40
-
{: caption="Table 1. Comparing {{site.data.keyword.codeengineshort}} apps, jobs, and functions" caption-side="bottom"}
40
+
{: caption="Comparing {{site.data.keyword.codeengineshort}} apps, jobs, and functions" caption-side="bottom"}
41
41
42
42
For more information, see [Planning for {{site.data.keyword.codeengineshort}}](/docs/codeengine?topic=codeengine-plan-codeengine).
Copy file name to clipboardExpand all lines: appdeploy-access.md
+2-4
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
3
3
copyright:
4
4
years: 2020, 2024
5
-
lastupdated: "2024-03-22"
5
+
lastupdated: "2024-10-09"
6
6
7
7
keywords: applications in code engine, apps in code engine, http requests in code engine, deploy apps in code engine, app workloads in code engine, deploying workloads in code engine, application, app, memory, cpu, environment variables
8
8
@@ -125,6 +125,4 @@ The following table shows the possible status that your application might have.
125
125
| Ready (with warnings) | The deployment of a new application revision failed, but the original deployment is available. |
126
126
| Failed | The application deployment terminated, and at least one instance terminated in failure. The instance either exited with nonzero status or was terminated by the system.
127
127
| Unknown | For some reason, the state of the application cannot not be obtained, typically due to an error in communicating with the host. |
Copy file name to clipboardExpand all lines: appdeploy-localsource.md
+2-5
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
3
3
copyright:
4
4
years: 2020, 2024
5
-
lastupdated: "2024-03-22"
5
+
lastupdated: "2024-10-09"
6
6
7
7
keywords: applications in code engine, apps in code engine, http requests in code engine, deploy apps in code engine, app workloads in code engine, deploying workloads in code engine, application, app, memory, cpu, environment variables
8
8
@@ -90,7 +90,7 @@ This example uses the `https://github.com/IBM/CodeEngine` samples; in particular
90
90
| -------------- | -------------- |
91
91
| `--name` | The name of the application. Use a name that is unique within the project. This value is required. \n - The name must begin with a lowercase letter. \n - The name must end with a lowercase alphanumeric character. \n - The name must be 63 characters or fewer and can contain letters, numbers, and hyphens (-). |
92
92
| `--build-source` | The path to the local source. |
4. Use the **`application get`** command to display information about your app, including information about the build.
96
96
@@ -198,6 +198,3 @@ When you deploy your updated app, the latest version of your referenced containe
198
198
199
199
Looking for more code examples? Check out the [Samples for {{site.data.keyword.codeenginefull_notm}} GitHub repo](https://github.com/IBM/CodeEngine){: external}.
Copy file name to clipboardExpand all lines: appdeploy-plan.md
+2-5
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
3
3
copyright:
4
4
years: 2020, 2024
5
-
lastupdated: "2024-02-28"
5
+
lastupdated: "2024-10-09"
6
6
7
7
keywords: applications in code engine, apps in code engine, http requests in code engine, deploy apps in code engine, app workloads in code engine, deploying workloads in code engine, application, app, memory, cpu, environment variables
8
8
@@ -99,7 +99,7 @@ You can deploy your application with the following visibility levels:
99
99
|[internal (project)](#app-endpoint-projectonly)| An app with this setting can receive requests from components in the same {{site.data.keyword.codeengineshort}} project. Setting an internal (project) endpoint means that your app is not accessible from the public internet and network access is only possible from other {{site.data.keyword.codeengineshort}} components that are running within the same {{site.data.keyword.codeengineshort}} project. This endpoint is always enabled. |
100
100
|[public](#app-endpoint-public)| An app with this setting is exposed to the internet and your {{site.data.keyword.codeengineshort}} project. Setting a public endpoint means that your app can receive requests from the public internet or from components within your {{site.data.keyword.codeengineshort}} project. This setting is the default. |
101
101
|[private](#app-endpoint-private)| An app with this setting is exposed to the {{site.data.keyword.cloud_notm}} private network and your {{site.data.keyword.codeengineshort}} project. Setting a private endpoint means that your app is not accessible from the public internet and network access is only possible from other {{site.data.keyword.cloud_notm}} services by using Virtual Private Endpoints (VPE) or {{site.data.keyword.codeengineshort}} components that are running in the same project.|
102
-
{: caption="Table 1. Visibility for applications" caption-side="bottom"}
102
+
{: caption="Visibility for applications" caption-side="bottom"}
103
103
104
104
You can set the endpoint settings for visibility of an application from the console or with the CLI when you create and deploy, or update your app.
105
105
@@ -216,6 +216,3 @@ For more information about working with apps, see
216
216
* Working with [environment variables](/docs/codeengine?topic=codeengine-envvar), [configmaps](/docs/codeengine?topic=codeengine-configmap), and [secrets](/docs/codeengine?topic=codeengine-secret).
217
217
*[Subscribing to event producers](/docs/codeengine?topic=codeengine-subscribing-events).
0 commit comments