Following on from the recent announcement of IBM Cloud Container Service (Kubernetes) support in IBM Cloud Dedicated, we are going to describe the details of integration between Kubernetes and Cloud Foundry in IBM Cloud Dedicated here. As announced there, the IBM Cloud Dedicated customers can now use Kubernetes runtime in their secure Dedicated environment along with their Cloud Foundry application workload and services. We will describe how you can request it, highlight the main features and specifics about the IBM Cloud Container Service in the Dedicated environment.

Getting started

As an IBM Cloud Dedicated client, you can request the IBM Cloud Container Service (Kubernetes offering) by contacting IBM Support via your administrator. IBM would do the enablement of the Kubernetes service in your environment in a matter of short, few days, and once enabled, the full set of ever expanding capabilities are described here. This will ensure that the Kubernetes worker nodes you create will be deployed in the same single-tenant environment as the rest of your IBM Cloud Dedicated apps and services. Additionally, the worker nodes are deployed on hypervisors dedicated for your account and are secured behind the firewall.

All dedicated deployments of IBM Cloud include the following benefits and features at no additional cost: VPN, private virtual local area network (VLAN), firewall, ability to leverage existing on-premises databases and apps, 24/7 on-site security, dedicated hardware, and standard support.

IBM would configure the following as part of the enablement process:

  • Create dedicated VLANs for the Kubernetes worker nodes.
  • Configure routing and firewall rules based on your corporate connectivity requirements.
  • Enable integration between Kubernetes worker nodes and Cloud Foundry workloads in your IBM Cloud Dedicated.
  • Configure your public corporate account for the Dedicated environment so that you can self-serve the Kubernetes clusters in your IBM Cloud Dedicated environment. This enables you to deploy and manage clusters as well as configure access-control for them using the IBM Cloud Identity and Access Management (IAM) features.

Working with Kubernetes Clusters

Firstly, you’ll need your IBMid to access IBM Cloud Container Service in IBM Cloud Dedicated. Your administrator will need to invite your IBMid to the public corporate account for the IBM Cloud Dedicated environment, which is described here in detail. This will give you Editor role by default, which can be changed as described here.

IBM Cloud Dedicated Console

Now, you’ll be able to login to IBM Cloud Dedicated Console via your browser, as you do for any of your Cloud Foundry access, and be able to access your IBM Cloud Container Service in your Dedicated console.

There is a new dual-login option to select on the login page, as shown below in screenshot, so that you can access IBM Cloud Container Service from your Dedicated console. Login using your IBMid, detailed login steps are explained here.


On login, you see the dashboard with your Cloud Foundry applications, services and (new!) Kubernetes clusters as shown in screenshot below.


Now you can go to Catalog, select Containers and you’ll see Containers in Kubernetes Clusters and Containers Registry items.


Clicking the Containers in Kubernetes Clusters item will allow you to create the cluster in your IBM Cloud Dedicated environment, as shown in screenshot below.

Here we should highlight a few specific features of the Create new cluster page which have been customised for your Dedicated environment:

  • Free is disabled. Only Standard cluster can be deployed.
  • Location is disabled, and is preset to your Dedicated environment already.
  • Private VLAN and Public VLAN are disabled, and are preset to the VLANs that were created during the enablement.
  • Hardware Isolation is disabled, and is set to Dedicated by default as only Dedicated hosts are permitted in a Dedicated environment.


Also from the Catalog page, it is possible to view and manage your Container Registry images, as shown here.

The Vulnerability Advisor feature of the Container Registry is also available in the console, it automatically scans customer images and containers for best practice violations and package vulnerabilities. Vulnerability Advisor generates a security status report, suggests fixes and best practices, and provides management to restrict non-secure images from running.

IBM Cloud Command-Line Interface

With this update, for the first time you can use IBM Cloud command-line interface (CLI) bx with the Dedicated environment API endpoint and access Kubernetes clusters as well as Cloud Foundry apps and services.

First, login to your Dedicated environment endpoint using bx. Note that you will login using your IBMid, and will be asked to authenticate using your Dedicated user-id and password as well during the process. If the Dedicated environment uses IBMid already, then you’ll not be asked to enter IBMid and password again.

$ bx login -a -u -p password
API endpoint:

Public IAM token service is available in the dedicated environment.
Login with your public IBMid, or use '--no-iam' to login as a dedicated user only.


Connected to dedicated user
Select an account (or press enter to skip):
1. My Dedicated Account (e97a8c01ac694e308ef3ad7795e20d7e)
Enter a number> 1
Targeted account My Dedicated Account (e97a8c01ac694e308ef3ad7795e20d7e)

API endpoint: (API version: 2.54.0) 
Region: dedicated:prod:us-south 
User: (public IBMid) <-> (dedicated) 
Account: My Dedicated Account (e97a8c01ac694e308ef3ad7795e20d7e) 

Tip: If you are managing Cloud Foundry applications and services
- Use 'bx target --cf' to target Cloud Foundry org/space interactively, or use 'bx target -o ORG -s SPACE' to target the org/space.
- Use 'bx cf' if you want to run the Cloud Foundry CLI with current Bluemix CLI context.

Note that you are given the option to select only your Dedicated account, and since the above example is for a Dedicated environment that uses IBMid authentication itself, the public user id is linked to the dedicated user id automatically since both are IBMids. See Connecting a Dedicated ID to your public IBMid for more information.

Next, install the container-service plugin using these instructions, and login to the region in which your Dedicated environment’s datacenter is.

$ bx plugin install container-service -r Bluemix

$ bx cs region-set us-south


Now, you should be able to see the Kubernetes clusters in your Dedicated environment, as such:

$ bx cs clusters
Name                     ID                                 State     Created        Workers   Location   Version   
Mobile@IBM-kube-test-d   a3a0b93c1d5943e3b2ed325d0860e4af   normal    6 months ago   4         dal12      1.7.4_1509*   
Ops-cluster              70b1038c766648eba410d00069f27538   normal    5 months ago   3         dal12      1.5.6_1507*   
audio-analytics          b7eb58aacb5d4f31a6d20db58797dd76   normal    4 months ago   3         dal12      1.7.4_1509*   
cedp-bi-zone-d           bfdb054f4dfc4c19bc73057744dd622a   warning   6 months ago   3         dal12      1.5.6_1507*   
dedicated-demo           e45cf53ff43b4074b62d97c8e64ba599   warning   1 month ago    3         dal12      1.7.4_1509*   
first-team               840c05b57c0f420a9ea79e7166baf1e3   normal    1 month ago    3         dal12      1.8.8_1507   
ibm-monitoring           bf780cfceac14a32bbdc7013183e44c5   normal    2 weeks ago    1         dal12      1.8.8_1507   
mobile-ibm-d2            3d9c3ae2169c482babc13b027c6a65b5   normal    5 months ago   3         dal12      1.7.4_1509*   
state-test               165052b9085348248e6f3563f14fc7ff   normal    2 weeks ago    1         dal12      1.8.8_1507   
tamercluster             54d8dd968d9546319f97313d2f137b00   normal    6 months ago   2         dal12      1.5.6_1507*   


Note that you can also review your datacenter location and Kubernetes worker VLANs using the following commands:

$ bx cs locations

$ bx cs vlans
ID        Name                Number   Type      Router         Supports Virtual Workers   
2079349   421436 DAL12 KB01   995      private   bcr01a.dal12   true   
2079345   421436 DAL09 KF01   934      public    fcr01a.dal12   true   


To create a cluster, check the list of machine-types as follows:

$ bx cs machine-types 
Name         Cores   Memory   Network Speed   OS             Server Type   Storage   Secondary Storage   
u2c.2x4      2       4GB      1000Mbps        UBUNTU_16_64   virtual       25GB      100GB   
b2c.4x16     4       16GB     1000Mbps        UBUNTU_16_64   virtual       25GB      100GB   
b2c.16x64    16      64GB     1000Mbps        UBUNTU_16_64   virtual       25GB      100GB   
b2c.32x128   32      128GB    1000Mbps        UBUNTU_16_64   virtual       25GB      100GB   
b2c.56x242   56      242GB    1000Mbps        UBUNTU_16_64   virtual       25GB      100GB   


You can create a cluster of any machine-type using this command as follows:

$ bx cs cluster-create --name demo --workers 3 --machine-type u2c.2x4


This will create a cluster with worker-nodes which are Dedicated VSIs. Note that you don’t need to specify the location or VLAN parameters to the cluster-create command.

You can also see your Cloud Foundry apps and services by targeting an org and space, and using bx cf commands.

$ bx target -o my-org -s dev
Targeted org my-org
Targeted space dev

API endpoint: (API version: 2.54.0)   
Region:         dedicated:prod:us-south   
User:  (public IBMid) <-> (dedicated)   
Account:        My Dedicated Account (e97a8c01ac694e308ef3ad7795e20d7e)   
Org:            my-org   
Space:          dev   

$ bx cf apps 
Invoking 'cf apps'...
Getting apps in org my-org / space dev as

name               requested state   instances   memory   disk   urls
epms-account-dev   stopped           0/1         1G       1G

$ bx cf services
Invoking 'cf services'...
Getting services in org my-org / space dev as

name                   service                   plan                            bound apps         last operation
Db2 on Cloud-uq        dashDB For Transactions   EnterpriseForTransactionsFlex                      create failed
mydb                   dashDB                    SMP Small                                          create failed
Retrieve and Rank-3m   retrieve_and_rank         standard                                           create succeeded
testService            user-provided                                             epms-account-dev

K8S apps with Dedicated Cloud Foundry Services

As mentioned in the Getting Started section above, the Kubernetes cluster worker nodes in the Dedicated environment will have connectivity to all your Dedicated Cloud Foundry applications and services. So you can bind your Cloud Foundry service to your Kubernetes cluster by using the following command:
$ bx cs cluster-service-bind mycluster mynamespace cleardb
Binding service instance to namespace...
Namespace: mynamespace
Secret name: binding-

See Adding services to clusters and Adding services to apps for more details.

IBM Cloud Container Registry

You can also access IBM Cloud Container Registry using the bx command-line while targeting your Dedicated environment.

$ bx plugin install container-registry -r Bluemix

$ bx cr login
Logging in to ''...
Logged in to ''.

$ bx cr namespace-list
Listing namespaces...


$ bx cr images --restrict audio_analytics
Listing images...

REPOSITORY                                                       NAMESPACE         TAG    DIGEST         CREATED       SIZE     VULNERABILITY STATUS   audio_analytics   0.10   de312abbe643   1 day ago     699 MB   OK   audio_analytics   0.7    b0d88d0f9d1c   1 month ago   501 MB   OK    audio_analytics   0.10   b5ca8acc4de2   1 day ago     937 MB   OK    audio_analytics   0.6    d7b32dcf2788   1 month ago   739 MB   OK    audio_analytics   0.9    79f4dce82998   2 days ago    937 MB   OK   



We hope that our IBM Cloud Dedicated customers find this information exciting and useful. And look out for more articles to take a deep-dive on other aspects of Kubernetes in IBM Cloud Dedicated. We will update this article with links to subsequent articles as they are published.

1 comment on"Kubernetes and Cloud Foundry integration in IBM Cloud Dedicated"

  1. Shinji Kanai March 08, 2018

    Great article, thank you Sanjay and Ruairi!!!

Join The Discussion

Your email address will not be published. Required fields are marked *