No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

I would say using port forward is the best way if you're running inside the cluster. Just set the environment variable `PGHOST` to localhost and it should work

I'd explore setting up an IngressController to provide access to the underlying Pod that contains your Postgres container.

I'm not sure I'd advocate exposing databases via an ingress!

yah. that would be the simplest option, but in general is not a good practice for security reasons to expose services like databases to the outside.

i think port forward is the best option but my issue is that if the cluster and the databases are created in the same pulumi run, I cant port-forward before running pulumi because the cluster doesnt exist yet and AFAIK there is no way to run single commands on pulumi after some resource is created? may be I can wrap around some dynamic providers in a similar way to this: <https://github.com/pulumi/examples/tree/master/aws-ts-ec2-provisioners>

I'm not certain what the postgres provider is, but in my cluster, I installed postgres and pgadmin4, leave the db to be accessed directly by all the apps, which included pgAdmin4, and I created an IngressController for pgAdmin4 to do db administration from outside of the cluster

<@UV0T46FV2> I’m hitting the same issue here. What did you end up with to fix it on your end ?

<@UEG5UEQ4U> I would expect that you'd need to expose your postgres db to the outside world if you want CI/CD to do the work, or port-forward to the postgres instance if you want to do the work with a local pulumi app.

<@UMW5G5Z6D> exposing the DB to the outside world is not an option and a security issue for us.
The question is more related on how to do so in one pulumi run (though that seems impossible, maybe someone from the <@UB8C33JJG> knows the trick).
If not doable, indeed that means to deploy the raw DB service from one pulumi project, and manage it from another one with some “magic” in between to access the DB (as you suggested either a trigger port-forward or open a VPN)

<@UEG5UEQ4U> In this case, outside world meant outside of the cluster but not necessarily public. If your CI/CD has access to the same internal network as your kubernetes is on, I simple meant exposing your Postgres DB on a NodePort or LoadBalancer. Currently, our Postgres DB is exposed only as a ClusterIP and is only accessible via portforwarding or pods that are internal to the cluster, which means Pulumi cannot access it. I am curious though if the new<https://github.com/pulumi/pulumi-kubernetes-operator| pulumi kubernetes operator> is an option for you. That looks to be like having a little pulumi CLI in your k8s cluster.

<@UMW5G5Z6D> thanks for clarifying. I ended up provisioning the database in one project and managing resources in another one, using a postgresql provider and spawning a port-forwarding before running the `pulumi` command, maybe not perfect but works both locally and in a pipeline.