Hey guys, I'm using pulumi pretty heavily, but I think I'm missing a point in one case. Let's say I have pulumi stack that I run from my local computer. I deploy, let's say, MinIO operator to kubernetes cluster. Operator is deployed and ready to be used. Later in a script, I would like to use this operator, so I import minioProvider from pulumi/minio package. How can I connect to minio operator, or use it, without manually enabling port-forwarding? Another case, I deployed docker-registry to kubernetes cluster. Then I want to build images and push it to this registry. How can It be done without enabling port-forwarding again? What If I can't do it, let's say I build images on CI?

Access from the public internet (your local computer) to private subnets is something you need to design for. Port forwarding via a load balancer is a good way to do that. Or you could put the services in public subnets. Or you could move your build to somewhere that does have access to the private services.

Hey Tenwit, thanks for answer. I'm trying to avoid any vendor locks so AWS is off the table. However this git-thing looks interesting. Did you suggest to use https://www.pulumi.com/docs/using-pulumi/continuous-delivery/pulumi-kubernetes-operator/ ?

I'm afraid I don't know what the kubernetes operator is. But if it is something that runs inside your private subnets, then I'm sure it'll do the job. Code Star / Code Pipeline is just a CI platform, like GitHub or Jenkins. There's no substantial lock-in: it applies only to your build, not your app. The only thing special about it is that it can make use of VPC endpoints in your VPC, essentially making it look like it's inside your private subnets, allowing you to access your private resources from your build / deployment. Maybe the Pulumi Deployment operator can also do that, I don't know.