Verifying connectivity to a Private Path service
After you create a Private Path service, the service's status is Stable. At this time, it's a good idea to test the connection to your service by creating a VPE gateway with the cloud resource name (CRN) associated with your Private
Path service.
To verify that the Private Path service is fully functional before publishing it for consumer use, you must use the same account to create the VPE gateway as the account used to create the Private Path service. After you publish your Private Path service, any account can be used to create the VPE gateway.
You can verify connectivity to a Private Path service by using SSH to log into a virtual server instance running in the VPC containing the endpoint gateway. Then, initiate traffic to the VPE service endpoint or private IP.
Verifying connectivity to a Private Path service in the UI
To verify connectivity to a Private Path service from the IBM Cloud console, follow these steps:
-
From your browser, open the IBM Cloud console and log in to your account.
-
Select the Navigation Menu
, then click Infrastructure > Network > Private Path services. -
Locate your new Private Path in the table and click the name of the service to show its Details page.
-
Copy the CRN to your clipboard.
-
Click the Infrastructure breadcrumb at the top of the page, then click Virtual private endpoint gateways in the Network section.
-
Create a VPE gateway to connect to your Private Path service using your Private Path CRN. For instructions, see Creating a VPE gateway.
-
Navigate back to the Private Path services for VPC list page and click the name of your Private Path service in the table.
-
In the Connections section:
- If your default policy is set to Permit all requests, your request shows in the Permitted view.
- If your default policy is set to Review all requests, your request shows in the Requests to review view. Permit your connection request.
-
Connect to your service.
Verifying connectivity to a Private Path service from the CLI
The following example shows how to use the CLI to verify connectivity to a Private Path service.
Before you begin, make sure to set up your CLI environment.
You must first export the feature flag to use the CLI for Private Path beta release offerings.
To export the feature flag, enter the following commands:
export IBMCLOUD_IS_FEATURE_PRIVATE_PATH_SERVICE_GATEWAY=true
export IBMCLOUD_IS_FEATURE_PP_NLB_SUPPORT=true
To verify connectivity to a Private Path service from the CLI, follow these steps:
- Create a VPE gateway to connect to your Private Path service using your Private Path CRN. For instructions, see Creating a VPE gateway from the CLI.
- Connect to your service.
Verifying connectivity to a Private Path service with the API
To verify connectivity to a Private Path service with the API, follow these steps:
- Follow these instructions to create a VPE with
TargetCrnspecified with your Private Path service CRN. - Ensure that at least one of your load balancer's members health is shown as
ok. - From a VSI in the same VPE's VPC, initiate a request to the VPE's
private IPorservice_endpointand expect to get a reply. For example, SSH into a VSI in the same VPE's VPC with imageibm-ubuntu-18-04-6-minimal-s390x-3. Then run this command:
export ip=<VPE-private-ip>
export port=<load-balancer-listener-port>
wget http://$ip:$port
Verifying connectivity to a Private Path service with Terraform
Terraform will support this feature after it reaches General Availability (GA) and is officially released.
The following example verifies connectivity to a Private Path network by using Terraform:
resource "ibm_is_virtual_endpoint_gateway" "endpoint_gateway" {
name = "my-example-egw"
target {
crn = ibm_is_private_path_service_gateway.ppsg.crn
resource_type = "private_path_service_gateway"
}
vpc = ibm_is_vpc.vpc.id
}