Creating Service Policies for OpenZiti via Kubernetes Manifests

Hi OpenZiti Community,

I have successfully set up OpenZiti in an EKS Cluster and created an edge router. My edge device (an EC2 instance) is connected using ziti-edge-tunnel, and everything is functioning as expected.

I am now looking to create service policies for my setup. Specifically, I want to know if it is possible to create these service policies using Kubernetes manifests (YAML files), or if this must be done exclusively via the OpenZiti console or API.

Here are the steps I've followed so far:

  1. Deployed the OpenZiti controller and edge router in the EKS cluster.
  2. Connected my edge device (EC2 instance) using ziti-edge-tunnel.

I have explored the following resources:

Despite these resources, I am still unclear on whether service policies can be managed directly through Kubernetes manifests. If anyone has experience or examples of managing OpenZiti service policies using Kubernetes YAML files, I would greatly appreciate your guidance.

Thank you in advance for your help!

Hi :wave: Welcome. You and I want the same thing! It will take the form of an Operator that reconciles Kubernetes manifests with the Ziti mgmt API.

You're right, it's necessary to use the Ziti mgmt API directly, but there's one alternative, in case you use Terraform, a thin REST wrapper as a Terraform provider translating TF resource declarations to mgmt API CRUD.

EDIT: Here's a link to the restapi provider I forked for Ziti in the Terraform Registry, and here's a sample TF module using the provider.

Hiii.. Thanks a lot for the warm welcome and the info! I’ll definitely check out the Terraform provider and sample module you shared. Appreciate your guidance!