vhdirkV
ZITADEL7mo ago
2 replies
vhdirk

Crossplane provider

I'm building a crossplane provider for Zitadel: https://github.com/vhdirk/crossplane-provider-zitadel. It reuses the terraform provider through Upjet.

Currently, I cannot create any resource; the internal terraform client is not able to reach the zitadel API. As with the terraform provider, you need to provide:
- domain
- port
- insecure (true/false)
- credentials of the service account

I'd like to verify some things first:
- credentials: I'm using the helm chart to deploy zitadel. Using the FirstInstance config entries, it creates a Secret with the same name as the machine user name. This contains a single json with some certificates.
I'm using this as the jwt_profile_json. Is that correct?
- domain: My zitadel instance is deployed with ingress auth.my-domain.com. However, in my cluster, I can reach it at just zitadel. I would like it if the provider would reach zitadel in-cluster. Is that possible?
If not, what do I enter as domain? org-name.auth.my-domain.com as generated by default, does not exist as dns rule, nor do I want that.

If I enter auth.my-domain.com as domain, with the credentials as mentioned before, I always get 404 errors, though it is pretty hard to know what endpoint that is on, since it goes through upjet and the terraform provider.

Can someone with experience with the terraform provider chime in?
Also, you're free to try the crossplane provider, too.
Was this page helpful?