Terraform automation on IBM Cloud (#½): Provisioning a Kubernetes Cluster on IBM Cloud using Terraform

IBM Cloud goes with a user friendly interface for either provisioning new services or managing them. However sometime (very often actually :D) automation is needed.

In one of my recent assignments, I was asked to provide a Terraform code which is to be used inside a DevSecOps toolchain on IBM Cloud, so that users can provision automatically an IBM Kubernetes Service (a.k.a IKS: managed Kubernetes cluster on IBM Cloud).

What is going to be described below, is the code I wrote to test the automatic provisioning locally (from my laptop), before putting everything in the DevSecOps toolchain.

First of all, the variables should be set, either locally for the test purpose, or on the server side. The example below is to set the variables locally;

===========================

##!/bin/bash

export TF_VAR_ibmcloud_api_key=”ibmcloud_api_key_xxxxxxx”

export TF_VAR_iaas_classic_username=”the_account_name_xxxxxxx”

export TF_VAR_iaas_classic_api_key=”ibmcloud_iaas_api_key_xxxxxxx”

export TF_VAR_ibmcloud_region=”ibmcloud_region_xxxxxxx”

===========================

A list of IBM cloud regions to be found here: https://cloud.ibm.com/docs/containers?topic=containers-regions-and-zones

Otherwise it could retrieved on command line (assuming the ibmcloud CLI is present);

ibmcloud regions

Note: In order to initialize the variables with the script above on your local machine, it should be run with “source” option instead of execution of a standard bash file.

On server side though, the variables are set in the “providers.tf” file.

provider "ibm" {
    ibmcloud_api_key = var.ibmcloud_api_key
    resource_group = var.resource_group
    region = var.ibmcloud_region
}

Variables

The variables on local machine or server side could be set by the “variable.tf” file as shown below.

===========================

variable "ibmcloud_api_key" {}

variable "resource_group" {
  default = "the_ressource_group_name"
}

variable "ibmcloud_region" {
  default = "ibmcloud_reguin"
}

variable "cluster_name" {
  description = "Name of the cluster"
  type        = string
  default     = "the_cluster_name"
}

variable "zone" {
  default = "xxxxx"
}

variable "public_vlan_id" {
  default = "xxxxxx"
}

variable "private_vlan_id" {
  default = "xxxxxx"
}

===========================

For IKS, if your target is the classic infrastructure (as in my case), retrieve the zones with the following ibmcloud CLI;

ibmcloud ks zone ls --provider classic

Once the zone is known, we need to have the vlans information so the “private_vlan_id” and the “private_vlan_id” could be set;

ibmcloud ks vlan ls --zone <xxx>

The example expected output is something like:

ID        Name   Number   Type      Router
1519999   vlan   1355     private   bcr02a.dal10
1519898   vlan   1357     private   bcr02a.dal10
1518787   vlan   1252     public    fcr02a.dal10
1518888   vlan   1254     public    fcr02a.dal10

Versions file

The “versions.tf” file should be something like the example below.

============================

terraform {
    required_providers {
        ibm = {
            source = "IBM-Cloud/ibm"
            version = "1.23.0"
        }
    }
}

===============================

Main Script

After the steps above, the cluster creation is very straight forward (and the case shown here is quite simple).

All is done through the main Terraform script as provided below;

data "ibm_resource_group" "cluster_group" {
  name = var.resource_group
}

resource ibm_container_cluster "xxxx" {
    name            = var.cluster_name
    datacenter      = var.zone
    machine_type    = "b3c.4x16" 
    hardware        = "shared"
    public_vlan_id  = var.public_vlan_id
    private_vlan_id = var.private_vlan_id

    kube_version = "1.20.10"

    default_pool_size = 2

    public_service_endpoint  = "true"
    private_service_endpoint = "true"

    resource_group_id = data.ibm_resource_group.cluster_group.id

}

As you see, some parameters are hard coded, because it was intended to be this way. They could easily be set as parameters as well;

    machine_type    = "b3c.4x16" 
    
    kube_version = "1.20.10"

    default_pool_size = 2

The Terraform script execution is done through the classic steps of;

terraform init
terraform plan
terraform apply

To set the cluster parameters;

terraform plan -target="ibm_container_cluster.xxx"
terraform apply -target="ibm_container_cluster.xxxx"

Useful information on IBM Cloud Terraform for clusters could be fined here: https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/container_cluster