IBM · smoser-ibm · Dec 18, 2025 · Dec 15, 2025 · Dec 15, 2025 · Dec 17, 2025
diff --git a/private-path-to-vpc-vsi/README.md b/private-path-to-vpc-vsi/README.md
@@ -55,3 +55,9 @@ In order to connect to the VSI via ssh, you can specify the name of an VPC SSH k
 ```
 VPC_SSH_KEY=<name-of-ssh-key> DEBUG=true CLEANUP_ON_SUCCESS=false ./run
 ```
+
+## Noteworthy
+
+Connecting a Private Path service with a Code Engine project opens up a wide variety of integration scenarios, including connecting to on-premise infrastructure.
+
+![](./docs/code-engine-private-path---component-diagram.all-integrations.png)
diff --git a/private-path-to-vpc-vsi/ce-job/Dockerfile b/private-path-to-vpc-vsi/ce-job/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.access.redhat.com/ubi9/nodejs-22:latest AS build-env
+FROM registry.access.redhat.com/ubi9/nodejs-24:latest AS build-env
 WORKDIR /job
 
 # Define which files should be copied into the container image
@@ -8,7 +8,7 @@ COPY --chown=default:root *.mjs *.json .
 RUN npm install
 
 # Use a small distroless image for as runtime image
-FROM gcr.io/distroless/nodejs22
+FROM gcr.io/distroless/nodejs24
 COPY --from=build-env /job /job
 WORKDIR /job
 CMD ["job.mjs"]
diff --git a/...-vpc-vsi/docs/code-engine-private-path---component-diagram.all-integrations.png b/...-vpc-vsi/docs/code-engine-private-path---component-diagram.all-integrations.png
diff --git a/private-path-to-vpc-vsi/docs/code-engine-private-path---component-diagram.drawio b/private-path-to-vpc-vsi/docs/code-engine-private-path---component-diagram.drawio
diff --git a/private-path-to-vpc-vsi/docs/code-engine-private-path---component-diagram.png b/private-path-to-vpc-vsi/docs/code-engine-private-path---component-diagram.png
diff --git a/private-path-to-vpc-vsi/run b/private-path-to-vpc-vsi/run
@@ -46,6 +46,12 @@ function check_prerequisites {
         print_error "'jq' tool is not installed"
         exit 1
     fi
+
+    # Ensure that openssl tool is installed
+    if ! command -v openssl &>/dev/null; then
+        print_error "'openssl' tool is not installed"
+        exit 1
+    fi
 }
 
 # helper function to check whether IBM Cloud CLI plugins should get updated, or not
@@ -239,7 +245,7 @@ ibmcloud is security-group $vpc_name-group
 # Create the origin server VSI
 print_msg "\nCreating the VPC VSI '$vsi_originserver_name', which acts as the origin server ..."
 ibmcloud is instance-create $vsi_originserver_name $vpc_name $REGION-1 cx2-2x4 $vpc_name-subnet \
-    --image ibm-centos-stream-9-amd64-6 \
+    --image ibm-centos-stream-10-amd64-5 \
     --boot-volume "{\"name\": \"boot-vol-attachment-name\", \"volume\": {\"name\": \"$vsi_originserver_name-boot-vol\", \"capacity\": 100, \"profile\": {\"name\": \"general-purpose\"}}, \"delete_volume_on_instance_delete\": true}" \
     --resource-group-name $resource_group_name \
     --host-failure-policy restart \
@@ -315,15 +321,15 @@ fi
 
 # Create a LB pool 
 print_msg "\nCreating the VPC Network load balancer pool '$vpc_name-ppnlb-pg-pool' ..."
-ibmcloud is load-balancer-pool-create $vpc_name-ppnlb-pg-pool $vpc_name-ppnlb weighted_round_robin tcp 10 2 5 tcp
+ibmcloud is load-balancer-pool-create $vpc_name-ppnlb-pg-pool $vpc_name-ppnlb weighted_round_robin tcp 10 2 5 tcp --health-monitor-port 80
 if [ $? -ne 0 ]; then
     print_error "VPC Network load balancer pool creation failed!"
     abortScript
 fi
 
 # Create a LB member
 print_msg "\nAdd the VSI '$vsi_originserver_name' as a member to the load balancer pool '$vpc_name-ppnlb-pg-pool' ..."
-ibmcloud is load-balancer-pool-member-create $vpc_name-ppnlb $vpc_name-ppnlb-pg-pool 5432 $vsi_originserver_name --weight 70
+ibmcloud is load-balancer-pool-member-create $vpc_name-ppnlb $vpc_name-ppnlb-pg-pool 5432 $vsi_originserver_name
 if [ $? -ne 0 ]; then
     print_error "Adding the VSI '$vsi_originserver_name' as a member to the load balancer pool failed!"
     abortScript
@@ -380,33 +386,27 @@ if [ $? -ne 0 ]; then
 fi
 project_guid=$(ibmcloud ce project current --output json | jq -r '.guid')
 
-#
-# Obtain the kube context of the current project
-print_msg "\nObtain the kube context of the Code Engine project '$ce_project_name' ..."
-ibmcloud ce project select --name $ce_project_name --kubecfg
-
 #
 # Create the private path integration
+
 ce_vpegatewayconnection_name=guestbook-integration
-kubectl apply -f - <<EOF
-apiVersion: codeengine.cloud.ibm.com/v1beta1
-kind: VpeGatewayConnection
-metadata:
-  name: $ce_vpegatewayconnection_name
-spec:
-  target:
-    crn: $pps_instance_crn
-    resourceType: private_path_service_gateway
-EOF
+ibmcloud ce connectivity outbound create \
+    --name $ce_vpegatewayconnection_name \
+    --format private_path_service_gateway \
+    --pps-crn $pps_instance_crn
+if [ $? -ne 0 ]; then
+    print_error "Failed to create the private path gateway!"
+    abortScript
+fi
 
 print_msg "\nWaiting for the Private Path integration '$ce_vpegatewayconnection_name' to become ready ..."
 COUNTER=0
-while ! [[ $(kubectl get vpegatewayconnection $ce_vpegatewayconnection_name -o JSON|jq -r '.status|.conditions|.[]|select(.type=="Ready")|.status') == "True" ]]; do
+while ! [[ $(ibmcloud ce connectivity outbound get -n $ce_vpegatewayconnection_name -o json|jq -r '.status') == "ready" ]]; do
     sleep 5
     COUNTER=$((COUNTER + 1))
     if ((COUNTER > 30)); then
-        kubectl get vpegatewayconnection $ce_vpegatewayconnection_name -o YAML
-        print_error "The Private Path integration does not became ready as expected. Perform 'kubectl get vpegatewayconnection $ce_vpegatewayconnection_name -o yaml' for further details."
+        ibmcloud ce connectivity outbound get -n $ce_vpegatewayconnection_name -o json
+        print_error "The Private Path integration does not became ready as expected. Perform 'ibmcloud ce connectivity outbound get -n $ce_vpegatewayconnection_name -o json' for further details."
         abortScript
     fi
 done

diff --git a/private-path-to-vpc-vsi/userdata-vsi-originserver.sh b/private-path-to-vpc-vsi/userdata-vsi-originserver.sh
@@ -1,9 +1,21 @@
 #!/bin/bash
 touch /tmp/init_started
+
+# ==========================
+# nginx installation
+# ==========================
+dnf -y install nginx
+rm -f /usr/share/nginx/html/index.html
+echo "Hello world from `hostname`" > /usr/share/nginx/html/index.html
+chmod go+r /usr/share/nginx/html/index.html
+systemctl enable nginx
+systemctl start nginx
+systemctl status nginx
+touch /tmp/nginx_done
+
 # ==========================
 # PostgreSQL installation
 # ==========================
-yum update -y
 yum install postgresql-server postgresql-contrib -y
 postgresql-setup initdb
 systemctl start postgresql
@@ -22,17 +34,5 @@ psql -c "ALTER USER dbuser PASSWORD 'myPassw0rd!';"
 EOF
 touch /tmp/postgresql_done
 
-# ==========================
-# nginx installation
-# ==========================
-dnf -y update
-dnf -y install nginx
-rm -f /usr/share/nginx/html/index.html
-echo "Hello world from `hostname`" > /usr/share/nginx/html/index.html
-chmod go+r /usr/share/nginx/html/index.html
-systemctl enable nginx
-systemctl start nginx
-systemctl status nginx
-touch /tmp/nginx_done
 
-touch /tmp/init_done
+touch /tmp/init_done
diff --git a/satellite-connector-to-vpc-vsi/run b/satellite-connector-to-vpc-vsi/run
@@ -354,7 +354,7 @@ echo "Done"
 # Create the connector VSI
 print_msg "\nCreating the VPC VSI '$vsi_agent_name', which runs the Satellite Connector agent ..."
 ibmcloud is instance-create $vsi_agent_name $vpc_name $REGION-1 cx2-2x4 $vpc_name-subnet \
-    --image ibm-centos-stream-9-amd64-6 \
+    --image ibm-centos-stream-10-amd64-5 \
     --boot-volume '{"name": "boot-vol-attachment-name", "volume": {"name": "my-boot-vol", "capacity": 100, "profile": {"name": "general-purpose"}}, "delete_volume_on_instance_delete": true}' \
     --resource-group-name $resource_group_name \
     --host-failure-policy restart \