vhdirk
vhdirk3mo ago

Crossplane provider

I'm building a crossplane provider for Zitadel: https://github.com/vhdirk/crossplane-provider-zitadel. It reuses the terraform provider through Upjet. Currently, I cannot create any resource; the internal terraform client is not able to reach the zitadel API. As with the terraform provider, you need to provide: - domain - port - insecure (true/false) - credentials of the service account I'd like to verify some things first: - credentials: I'm using the helm chart to deploy zitadel. Using the FirstInstance config entries, it creates a Secret with the same name as the machine user name. This contains a single json with some certificates. I'm using this as the jwt_profile_json. Is that correct? - domain: My zitadel instance is deployed with ingress auth.my-domain.com. However, in my cluster, I can reach it at just zitadel. I would like it if the provider would reach zitadel in-cluster. Is that possible? If not, what do I enter as domain? org-name.auth.my-domain.com as generated by default, does not exist as dns rule, nor do I want that. If I enter auth.my-domain.com as domain, with the credentials as mentioned before, I always get 404 errors, though it is pretty hard to know what endpoint that is on, since it goes through upjet and the terraform provider. Can someone with experience with the terraform provider chime in? Also, you're free to try the crossplane provider, too.
2 Replies
fcoppede
fcoppede2mo ago
👋 hello @vhdirk thanks for the clear description, I will review this with my team and get back to you shortly, thanks!
Elio
Elio2mo ago
I like the project ❤ - The secret value as jwt_profile_json should be correct - For internal API access, you can either make sure the client sends all requests with the Host: auth.my-domain.com (or similar) header or you can add the internal k8s service domain to your Zitadel instance via API or by rerunning the setup job with the interal service domain at zitadel.configmapConfig.ExternalDomain. I'd use the debug replicaset for this (see troubleshooting section in the charts readme.md) Let me know if you find out more about the 404 errors.

Did you find this page helpful?