Terraform automation on IBM Cloud (#½): Provisioning a Kubernetes Cluster on IBM Cloud using Terraform

IBM Cloud goes with a user friendly interface for either provisioning new services or managing them. However sometime (very often actually :D) automation is needed.

In one of my recent assignments, I was asked to provide a Terraform code which is to be used inside a DevSecOps toolchain on IBM Cloud, so that users can provision automatically an IBM Kubernetes Service (a.k.a IKS: managed Kubernetes cluster on IBM Cloud).

What is going to be described below, is the code I wrote to test the automatic provisioning locally (from my laptop), before putting everything in the DevSecOps toolchain.

First of all, the variables should be set, either locally for the test purpose, or on the server side. The example below is to set the variables locally;



export TF_VAR_ibmcloud_api_key=”ibmcloud_api_key_xxxxxxx”

export TF_VAR_iaas_classic_username=”the_account_name_xxxxxxx”

export TF_VAR_iaas_classic_api_key=”ibmcloud_iaas_api_key_xxxxxxx”

export TF_VAR_ibmcloud_region=”ibmcloud_region_xxxxxxx”


A list of IBM cloud regions to be found here: https://cloud.ibm.com/docs/containers?topic=containers-regions-and-zones

Otherwise it could retrieved on command line (assuming the ibmcloud CLI is present);

ibmcloud regions

Note: In order to initialize the variables with the script above on your local machine, it should be run with “source” option instead of execution of a standard bash file.

On server side though, the variables are set in the “providers.tf” file.

provider "ibm" {
ibmcloud_api_key = var.ibmcloud_api_key
resource_group = var.resource_group
region = var.ibmcloud_region


The variables on local machine or server side could be set by the “variable.tf” file as shown below.


variable "ibmcloud_api_key" {}

variable "resource_group" {
default = "the_ressource_group_name"

variable "ibmcloud_region" {
default = "ibmcloud_reguin"

variable "cluster_name" {
description = "Name of the cluster"
type = string
default = "the_cluster_name"

variable "zone" {
default = "xxxxx"

variable "public_vlan_id" {
default = "xxxxxx"

variable "private_vlan_id" {
default = "xxxxxx"


For IKS, if your target is the classic infrastructure (as in my case), retrieve the zones with the following ibmcloud CLI;

ibmcloud ks zone ls --provider classic

Once the zone is known, we need to have the vlans information so the “private_vlan_id” and the “private_vlan_id” could be set;

ibmcloud ks vlan ls --zone <xxx>

The example expected output is something like:

ID        Name   Number   Type      Router
1519999 vlan 1355 private bcr02a.dal10
1519898 vlan 1357 private bcr02a.dal10
1518787 vlan 1252 public fcr02a.dal10
1518888 vlan 1254 public fcr02a.dal10

Versions file

The “versions.tf” file should be something like the example below.


terraform {
required_providers {
ibm = {
source = "IBM-Cloud/ibm"
version = "1.23.0"


Main Script

After the steps above, the cluster creation is very straight forward (and the case shown here is quite simple).

All is done through the main Terraform script as provided below;

data "ibm_resource_group" "cluster_group" {
name = var.resource_group

resource ibm_container_cluster "xxxx" {
name = var.cluster_name
datacenter = var.zone
machine_type = "b3c.4x16"
hardware = "shared"
public_vlan_id = var.public_vlan_id
private_vlan_id = var.private_vlan_id

kube_version = "1.20.10"

default_pool_size = 2

public_service_endpoint = "true"
private_service_endpoint = "true"

resource_group_id = data.ibm_resource_group.cluster_group.id


As you see, some parameters are hard coded, because it was intended to be this way. They could easily be set as parameters as well;

    machine_type    = "b3c.4x16" 

kube_version = "1.20.10"

default_pool_size = 2

The Terraform script execution is done through the classic steps of;

terraform init
terraform plan
terraform apply

To set the cluster parameters;

terraform plan -target="ibm_container_cluster.xxx"
terraform apply -target="ibm_container_cluster.xxxx"

Useful information on IBM Cloud Terraform for clusters could be fined here: https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs/resources/container_cluster




IT guy for a long time, looking for technical challenges everyday!

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Complex? Complicated? Who knows … Who cares ?

Learn API Testing with Postman in 1h

鬼灭之刃剧场版:无限列车篇2020 在线流高清[1080P]

mSpy Review https://t.co/1R5Bbx1iiG https://t.co/f5iV2JQIxG

Spring Boot: Application.Properties

CS 373: Week 8

Ludo Game — Systems Design

Eight things you need to know about ISO 20022 XML Messages

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alain Airom (Ayrom)

Alain Airom (Ayrom)

IT guy for a long time, looking for technical challenges everyday!

More from Medium

Security — A first principles based analysis

Why Businesses are Moving to Cloud and How it’s Helping them Leverage in the Post-Pandemic World?

Asian man in red shirt working on laptop

How to choose NodeJS plugins and Security Scans

The Push for Two-Factor Authentication