IBM Cloud Docs
Working with subnet pool connectivity in Code Engine

Working with subnet pool connectivity in Code Engine

The IBM Cloud® Code Engine subnet pool connections feature supports to manage VPC subnet pool references, including security groups. You create a subnet pool to specify the VPC subnets and availability zones where your workload will be processed. For example, you can create a subnet pool with a single subnet in zone eu-de-1 or a subnet pool with multiple subnets to span all 3 zones in eu-de. In addition, you can specify the security group that your workload should be attached to. A subnet pool can be referenced when creating a fleet to specify into which network zone the Code Engine fleet workers get deployed.

IBM Cloud® Virtual Private Cloud (VPC) is a virtual network that is linked to your customer account. It gives you cloud security, with the ability to scale dynamically, by providing fine-grained control over your virtual infrastructure and your network traffic segmentation. Subnets in your VPC offer private connectivity. Subnets in your VPC can connect to the public internet through an optional public gateway. You can keep your VPC and workloads secure by controlling network traffic using security groups. See About networking and Security in your VPC for further reading.

You can manage subnet pools by using the CLI.

Managing subnet pools by using the CLI

To work with subnet pools by using CLI commands, log in to your IBM Cloud account and select the Code Engine account and resource group.

Adding a subnet pool

For Code Engine connectivity subnetpool CLI commands, you can specify the --name, --subnet-crn, and optionally --security-group-crn options to configure subnet pools. Follow these guidelines:

  • Do not use duplicate --name values within a project.
  • Do not use duplicate --subnet-crn values within one subnet pool.

  1. Select your Code Engine project. For example:

    ibmcloud ce project select --name myproject

  2. Create a subnet pool by specifying the --name, --subnet-crn, and optionally --security-group-crn options. The --subnet-crn and --security-group-crn options can be specified multiple times. To correlate --security-group-crn values with their --subnet-crn value, use an arbitrary identifier as key. Refer to this example, which uses keys S1 and IDx:

    ibmcloud ce connectivity outbound subnetpool create --name my-other-pool \
    --subnet-crn S1=crn:v1:bluemix:public:is:eu-de-3:a/abcdefabcdefabcdefabcd1234567890::subnet:1a1a-2b2b2b2b-3c3c-4d4d-5e5e-6f6f6f6f6f21 \
    --security-group-crn S1=crn:v1:bluemix:public:is:eu-de:a/abcdefabcdefabcdefabcd1234567890::security-group:2b2b-3c3c3c3c-4d4d-5e5e-6f6f-7g7g7g7g7g7g \
    --subnet-crn IDx=crn:v1:bluemix:public:is:eu-de-3:a/abcdefabcdefabcdefabcd1234567890::subnet:1a1a-2b2b2b2b-3c3c-4d4d-5e5e-6f6f6f6f6f22 \
    --security-group-crn IDx=crn:v1:bluemix:public:is:eu-de:a/abcdefabcdefabcdefabcd1234567890::security-group:2b2b-3c3c3c3c-4d4d-5e5e-6f6f-7g7g7g7g7g7g \
    --security-group-crn IDx=crn:v1:bluemix:public:is:eu-de:a/abcdefabcdefabcdefabcd1234567890::security-group:2b2b-3c3c3c3c-4d4d-5e5e-6f6f-7g7g7g7g7g8h

Showing existing subnet pools

To show a specific subnet pool, specify the name or ID. For example:

ibmcloud ce connectivity subnetpool get --name my-other-pool

To show all subnet pools, run:

ibmcloud ce connectivity subnetpool list

Deleting a subnet pool

You can delete previously defined subnet pools if you no longer use them.

To run a fleet, you need at least one subnet pool configured within a project.

To delete a subnet pool with confirmation, specify the name or ID. For example:

ibmcloud ce connectivity subnetpool delete --name my-other-pool

To delete a subnet pool forcefully (that is, without confirmation), run:

ibmcloud ce connectivity subnetpool delete --name my-other-pool --force