How to implement a Private Endpoint (only) OpenShift cluster on a VPC using a VPN on IBM Cloud! Official support implemented!

Alain Airom (Ayrom)
2 min readAug 25, 2021


High-level architecture

In June this year, with my colleague Philippe THOMAS we published an article regarding how to put in place a configuration using a WireGaurd VPN in order to connect, from a workstation, to an OpenShift cluster with no public internet address inside a VPC on IBM Cloud (

This was done for one of our customers and we figured out that this question/requirement/functionality was asked also by other customers of IBM Cloud, as the article wrote here: “Setting Up a VPN Between IBM Cloud VPC and Your Home Office” ( by Todd Johnson, Nina Goradia and Neela Shah.

During the time we were building this solution, we were in contact with our offering manager team for IKS on IBM Cloud (IBM Kubernetes Services) and we are happy to find out that based on our joint efforts, this solution was tested, enhanced and is now referenced on official documentation on IBM Cloud site as you can find it here:

So, enjoy (more) secure connections with your OpenShift clusters! 😉