meshPlatform configuration via API
in progress
Y
Young-Hwan Kim
As a Cloud Platform Owner I want to be able to setup my meshPlatform via an API endpoint. I also want to keep my configuration up-to-date using automation e.g. for secret rotation.
The endpoint should also allow me to change just a single config item as well as all items.
Also for automating my own DR it would be good to have as much configuration automated as possible
J
Johannes Rudolph
Hi I want to give you all an update on our progress.
Last updated: 2025-11-05
The first API preview has initially shipped in meshStack v2025.34.0 and is currently considered in preview. Please review the meshPlatform API documentation for more details. The current latest version is
meshplatform.v2-preview
What is already available
- replication configuration of meshPlatforms for common platform types (AWS, GCP, Azure, OpenShift and Kubernetes).
- meshstack_platform resource in our terraform provider
What is currently underway
- integrating the meshstack_platform resource in our reference modules for setting up meshStack integration like https://github.com/meshcloud/terraform-azure-meshplatform
- secret management: the API does accept plaintext secret values over encrypted over SSL, but masks them in API responses usingmesh/hidden-secret. We will be replacing this with more information about the secret to enable terraform drift detection against the secret while keeping it secure. We have not received any feedback that customers place value on exposing the e2e crypto we use internally over the API, so this is out of scope for the first version of the API
Future work
- deletion behavior: resolve issue regarding identifier reuse and clarify deletion/purge/deprecation semantics (see comment below)
- workload identity issuer discovery: at the moment it's not possible to retrieve the workload identity issuer and access_subject values via the API and you still need to retrieve them via meshPanel. We want to remove this restriction so you can apply the meshPlatform terraform modules in one go without looking up information in meshPanel.
- metering configuration: we plan to expose basic metering configuration for platforms. This will include the metering service principals first, before we look into product catalog configuration which is a more generally missing API.
J
Johannes Rudolph
Hello everyone,
Thank you all for the continued engagement on this feature, and special thanks to our early adopters who have been providing detailed feedback on the new
meshPlatform
API preview.We are writing to share an important update based on this recent feedback.
Known Issue: Re-creating platforms after deletion from IaC
We have identified a significant issue in the current preview version of the API, particularly for users leveraging Terraform/OpenTofu
*
The Problem:
When a platform is deleted via the API (e.g., using terraform destroy
), it is marked as "deleted" but not fully purged from the system. Specifically the identifier in metadata.name cannot be reused to create a new platform.*
The Impact:
This blocks a critical IaC workflow: testing, destroying, and repeatedly re-provisioning resources. As correctly pointed out, this limitation makes it very difficult to automate deployment pipelines and test changes effectively in QA environments.Please note that deleting platforms has severe side effects like orphaning any existing tenants that reference it, so please exercise great care.
Our Plan & Timeline
We are treating this as a
known issue for the API preview
and are committed to have this resolved for the General Availability (GA) release of the meshPlatform API, which we are targeting for the End of Year (EoY)
.The final solution will likely involve either enabling the reuse of identifiers or changing the deletion semantics via API to behave more like "deprecation" available via meshPanel. We will have to align this behavior consistently to other resources, like landing zones, as well as they are affected by similar problems.
Temporary Workaround
For other users testing the API preview who may encounter this, the only (and admittedly cumbersome) workaround at this moment is to add a random suffix to your platform identifiers for each new deployment. We recognize this is not ideal.
We will post further updates here as we get closer to the release..
X
Xavier Aznar
Using GCP here. At the moment, we rely on "credentials" to connect Cloud Portal to GCP, but willing to migrate to WIF at some point in the future.
For us, it would be nice to be configure metering automatically. As we don't create Platforms too often, it's not critical, but "nice to have" at some point, just to have the end to end process automated and not having to configure metering by hand.
J
Johannes Rudolph
Hi I want to give you all an update on our progress.
Last updated: 2025-11-05
The first API preview has initially shipped in meshStack v2025.34.0 and is currently considered in preview. Please review the meshPlatform API documentation for more details. The current latest version is
meshplatform.v2-preview
What is already available
- replication configuration of meshPlatforms for common platform types (AWS, GCP, Azure, OpenShift and Kubernetes).
- meshstack_platform resource in our terraform provider
What is currently underway
- integrating the meshstack_platform resource in our reference modules for setting up meshStack integration like https://github.com/meshcloud/terraform-azure-meshplatform
- secret management: the API does accept plaintext secret values over encrypted over SSL, but masks them in API responses usingmesh/hidden-secret. We will be replacing this with more information about the secret to enable terraform drift detection against the secret while keeping it secure. We have not received any feedback that customers place value on exposing the e2e crypto we use internally over the API, so this is out of scope for the first version of the API
Future work
- deletion behavior: resolve issue regarding identifier reuse and clarify deletion/purge/deprecation semantics (see comment below)
- workload identity issuer discovery: at the moment it's not possible to retrieve the workload identity issuer and access_subject values via the API and you still need to retrieve them via meshPanel. We want to remove this restriction so you can apply the meshPlatform terraform modules in one go without looking up information in meshPanel.
- metering configuration: we plan to expose basic metering configuration for platforms. This will include the metering service principals first, before we look into product catalog configuration which is a more generally missing API.
Jelle den Burger
marked this post as
in progress
We are working on a first version of this. We will start with the Azure Kubernetes Service platform as a first and will continue to add support for more platform types
Jelle den Burger
marked this post as
planned
We aim to implement this in the next 8 weeks.
Jelle den Burger
marked this post as
open
We still have this on the radar but for now it is not on our short-term roadmap. We will keep you updated when something changes!
Jelle den Burger
marked this post as
planned
It's not on the roadmap yet but we plan to enable this + potentially creating a Terraform provider too.