This Terraform configuration creates the foundational VPC infrastructure needed for IBM Cloud Red Hat OpenShift Kubernetes Service (ROKS) clusters.
The configuration creates:
- 1 VPC with auto-assigned address prefix management
- 3 Availability Zones (based on region)
- 5 Subnets per zone (15 subnets total)
- 1 Public Gateway per zone (3 total)
- Basic security group rules (ROKS will create its own security groups)
- IBM Resource Group module for resource organization
With auto-assigned VPC address prefixes:
- IBM Cloud automatically assigns address prefixes per zone
- Each subnet gets a
/25CIDR (128 usable IPs) - 5 subnets per zone carved from the zone's address prefix
- Total: 1,920 usable IP addresses across all subnets (128 × 15)
-
Copy the example variables file:
cp terraform.tfvars.example terraform.tfvars
-
Edit terraform.tfvars with your values:
region = "us-south" # or us-east, eu-gb, etc. vpc_name = "your-vpc-name" resource_group = "your-resource-group"
-
Initialize Terraform:
terraform init
-
Plan the deployment:
terraform plan
-
Apply the configuration:
terraform apply
| Variable | Description | Default | Required |
|---|---|---|---|
region |
IBM Cloud region | us-south |
Yes |
vpc_name |
Name of the VPC | roks-vpc |
No |
resource_group |
Resource group name | default |
No |
subnet_count_per_zone |
Subnets per zone | 5 |
No |
subnet_prefix |
Subnet name prefix | roks-subnet |
No |
public_gateway_prefix |
Public gateway prefix | roks-pgw |
No |
tags |
Resource tags | ["terraform", "roks", "vpc"] |
No |
us-south(Dallas)us-east(Washington DC)eu-gb(London)eu-de(Frankfurt)jp-tok(Tokyo)au-syd(Sydney)
The configuration provides several outputs useful for ROKS cluster creation:
vpc_id- VPC ID for cluster creationsubnet_ids- List of all subnet IDssubnets_by_zone- Subnets organized by zonezones- List of availability zonesresource_group_id- Resource group IDvpc_address_prefixes- Auto-assigned address prefixes by zone
The subnet IDs can be used directly in ROKS cluster creation:
# Example: Create ROKS cluster using the subnets
ibmcloud ks cluster create vpc-gen2 \
--name my-roks-cluster \
--version 4.14_openshift \
--zone us-south-1 \
--subnet-id $(terraform output -json subnet_ids | jq -r '.[0]') \
--workers 3 \
--flavor bx2.4x16 \
--vpc-id $(terraform output -raw vpc_id)To destroy all resources:
terraform destroy├── main.tf # Main VPC, subnets, and gateway resources
├── variables.tf # Input variable definitions
├── locals.tf # Local values and computed data
├── outputs.tf # Output definitions
├── versions.tf # Provider requirements
├── terraform.tfvars.example # Example variable values
└── README.md # This file
- The configuration uses auto-assigned address prefix management for simplicity
- Public gateways are created for all zones to ensure outbound internet connectivity
- Default security group rules allow internal VPC communication
- ROKS clusters will create their own security groups with appropriate rules
- All resources are tagged for easier management and cost tracking