Working with apps in Code Engine

How do I make my code run as a Code Engine application component?

Whether your code exists as source in a local file or in a Git repository, or your code is a container image that exists in a public or private registry, Code Engine provides you with a streamlined way to run your code as an app.

• If you have a container image, per the Open Container Initiative (OCI) standard, then you need to provide only a reference to the image, which points to the location of your container registry when you create and deploy your app. You can deploy your app with an image in a public registry or private registry.

• If you are starting with source code that resides in a Git repository, you can choose to let Code Engine take care of building the image from your source and deploying the app with a single operation. In this scenario, Code Engine uploads your image to IBM Cloud® Container Registry. To learn more, see Deploying your app from repository source code. If you want more control over the build of your image, then you can choose to build the image with Code Engine before you create and deploy your app.

• If you are starting with source code that resides on a local workstation, you can choose to let Code Engine take care of building the image from your source and deploying the app with a single CLI command. In this scenario, Code Engine uploads your image to IBM Cloud® Container Registry. To learn more, see Deploying your app from local source code with the CLI. If you want more control over the build of your image, then you can choose to build the image with Code Engine before you create and deploy your app.

After your app is deployed, you can also update your deployed app by using any of the preceding ways, independent of how you created or previously updated your app.

When you deploy your application, the latest version of your referenced container image is downloaded and deployed, unless a tag is specified for the image. If a tag is specified for the image, then the tagged image is used for the deployment.

The image that is associated with your specific application revision has a unique container registry digest, and Code Engine uses this digest for the life of your application revision. If you create a newer version of an image with the same tag as the original image, the original image is overwritten in the container registry and becomes untagged. The newer image is tagged, and this newer image has a different digest. Your Code Engine application does not use this newer image, because the newer image has a different digest than the image that is referenced by the application revision. Code Engine can still create new instances of the application revision as long as the untagged image, which was referenced originally, still exists. For more information, see Why can't Code Engine pull an image?

The default URL for applications is of the format https://<appname>.<uuid>.<region>.codeengine.appdomain.cloud where appname is the name of your app, uuid is the automatically generated unique identifier, and region is the region in which your Code Engine project resides. The UUID portion of the URL of an application is of the format aaaabbbbccc. The automatically generated application URL persists for the lifecycle of the project for your application.

For more information about endpoints to access applications by region, see Code Engine endpoints for accessing applications.

What do I need to know about ports for apps in Code Engine?

By default, Code Engine assumes that apps listen for incoming connections on port 8080. In addition, Code Engine sets the PORT environment variable to the port value that the application is expected to be listening on. If your app needs to listen on a port other than port 8080, either deploy your app from the console and specify the correct port or use the --port option on the app create command. For more information about environment variables that are set by Code Engine, see Automatically injected environment variables. The following ports are reserved by Code Engine: 8022, 8008, 8012, 9090, 9091, and 15090. Only one port can be exposed as the listening port.

Inbound connections to Code Engine over HTTP on the Internet use port 80. Inbound connections to Code Engine over HTTPS on the Internet use port 443

If a port scan shows more open ports, see Why does my port scan show more open ports than expected?

Considerations for HTTP handling

When you are working with applications (or jobs), it is helpful to be aware of basic HTTP handling in Code Engine.

• For incoming application connections that use HTTP, the transport layer security (TLS) aspects are managed automatically by Code Engine outside of the application code. The HTTP Server for the application needs to be concerned about only HTTP connectivity and not HTTPS connectivity. In particular, Code Engine uses Cloud Internet Services (CIS) in IBM Cloud, which is based on CloudFlare, as the intrusion prevention system (IPS) for DNS and DDOS protection on layer 4. In other words, the TCP/IP connection that is established on the IPS is owned and managed by Cloudflare. For more information, see Cloudflare documentation.

• Internet connections that are bound for Code Engine applications are automatically redirected to use HTTPS.

• Outbound connections from applications to other Code Engine applications are automatically protected by TLS. Code Engine automatically manages this connectivity, so the protocol (or URL) that is used is HTTP and not HTTPS.

• Outbound connections from applications to non-Code Engine applications, such as the internet, use HTTP or HTTPS depending on the protocol that is specified in the app code or URL.

• Outbound connections from batch jobs use the HTTP or HTTPS protocol that is specified in the job code or URL. This behavior includes connections from batch jobs to Code Engine apps.

Options for visibility for a Code Engine application

With Code Engine, you can determine the right level of visibility for your application by defining the endpoints, or system domain mappings that are available for receiving requests.

Every application has an internal system domain mapping that is visible to all components within the same Code Engine project, but not outside of the project. In addition to the internal system domain mapping, you choose to make the application visible to either the public internet or the IBM Cloud private network.

You can deploy your application with the following visibility levels:

You can set the endpoint settings for visibility of an application from the console or with the CLI when you create and deploy, or update your app.

Options for deploying a Code Engine application

Learn about the options that you can specify when you deploy your app. Note that options can vary between the console and the CLI.

ibmcloud ce app create --name myapp --image icr.io/codeengine/hello --cmd /myapp --arg --debug

Considerations for application quotas

When you work with applications, functions, and batch jobs, these resources run within the context of a Code Engine project. Resource quotas are defined on a per project basis, and limits apply for applications, functions, and batch jobs.

For more information about Code Engine limits, see Limits and quotas for Code Engine.

Next steps

Now that you are familiar with key concepts of working with Code Engine applications, are you ready to deploy and work with apps? See

• Deploying app workloads from images in a public registry.
• Deploying app workloads from images in IBM Cloud Container Registry.
• Deploying app workloads from images in a private registry.
• Deploying your app from repository source code.
• Deploying your app from local source code.

For more information about working with apps, see

• Application workloads.
• Configuring application scaling.
• Configuring custom domain mappings for your app.
• Integrating IBM Cloud services with service bindings.
• Working with environment variables, configmaps, and secrets.
• Subscribing to event producers.
• Troubleshooting apps.