Skip to content

About this Workshop


  • IBM Cloud Pay-as-You-Go account,
  • IBM Cloud Shell,
  • VPC infrastructure service plug-in,


This tutorial explains how to start to air-gap and secure an OpenShift or Kubernetes cluster and physically isolate your cluster using a Virtual Private Cloud (VPC). Using an air gapped cluster is one of the first things you will do to secure your container deployments. For more information about air-gap, go here.

The first step to secure your cluster is to create a Virtual Private Cloud (VPC) and add rules to a Security Group of an Application Load Balancer (ALB) to allow certain inbound traffic. You can add a gateway like API Connect to the VPC and expose the gateway to manage traffic, for instance by using OAuth, rate limiting and API key access control.

With Red Hat OpenShift Kubernetes (ROKS) or IBM Cloud Kubernetes Service (IKS) on VPC Generation 2 Computeon IBM Cloud, you can create an OpenShift or Kubernetes cluster in Virtual Private Cloud (VPC) infrastructure in a matter of minutes. OpenShift is a more enterprise-ready secure Container Orchestration (CO) platform, but in this tutorial I use a plain managed Kubernetes service because it is more accessible and affordable. If you want however, you can choose to use OpenShift instead.

This tutorial uses a free IBM Cloud account, a free Pay-As-You-Go account, the IBM Cloud Shell, and a free Virtual Private Cloud (VPC) service.

This tutorial is based on the official documentation for Using the IBM Cloud console to create VPC resources. Read more About networking for VPC.


  1. Setup,
  2. About,
  3. Create a VPC,
  4. Create a Subnet,
  5. Review the Security Group,
  6. Create a Public Gateway with Floating IP,
  7. Review the VPC.


Next, Setup.