Hello all (<@U05QU9RNUN9>),
The deprecation of th...
# kubernetesj
jolly-area-80497
05/30/2025, 5:55 PMHello all (@damp-airline-38442),
The deprecation of the Env selector in the Kubernetes Operator is going to break my current Stack deployments. Currently I use Azure Workload Identity to run the pods as a particular identity, and the AWI admission controller populates various AZURE_ environment variables (AZURE_CLIENT_ID, AZURE_TENANT_ID, etc.). However, the azure-native Pulumi provider wants variables called ARM_* not AZURE_*, so I'm using Env selectors to map the AZURE_ variables to their ARM_ equivalents. The removal of these selectors will completely break this process, and because AZURE_ variables are injected via AWI, I can't set them as literals.
Any ideas?
d
damp-airline-38442
05/30/2025, 5:57 PMHi! Thanks for quickly engaging on this issue. I'd like to find an alternative solution, maybe a new feature, etc. But I need to better understand things.
damp-airline-38442
05/30/2025, 5:58 PMLet's jump to one possible fix, which is that the
Envj
jolly-area-80497
05/30/2025, 5:59 PMThat would work perfectly.
d
damp-airline-38442
05/30/2025, 5:59 PMAre you basically trying to rename these environment variables?
j
jolly-area-80497
05/30/2025, 6:00 PMExactly. I've submitted a request to the azure-native project that they also pick up the AZURE_ variables for configuration, but I don't know when/if it will be picked up
h
hallowed-photographer-31251
05/30/2025, 6:01 PMj
jolly-area-80497
05/30/2025, 6:02 PMSetting the environment variables within my Pulumi code also doesn't work because the provider is running in a different process and I have no way of setting them before pulumi is invoked
d
damp-airline-38442
05/30/2025, 6:04 PMWhat version of azure-native are you using? If we were to make the fix to 4172, would that be a reasonable alternative?
j
jolly-area-80497
05/30/2025, 6:06 PMI'm on 3.4.0, but it would be trivial to upgrade. That fix would actually be preferred, as it would allow me to get rid of any need to map env vars at all.
d
damp-airline-38442
05/30/2025, 6:07 PMGreat, I think I have a mild preference for that solution, and will investigate further, but either way we'll have a fix for you ASAP. For now, please hold off on upgrading to 2.1, and we'll talk next week. Thanks again for your contributions and feedback!
j
jolly-area-80497
05/30/2025, 6:08 PMMuch appreciated! Thank you!
jolly-area-80497
05/30/2025, 6:10 PMBTW, while you're making the change to azure-native, I also discovered that there's no way to pass the oidcTokenFilePath into the provider constructor, at least not in TypeScript. I'm happy to submit a separate ticket for that if you'd like
d
damp-airline-38442
05/30/2025, 6:10 PM(please do file a separate ticket)
j
jolly-area-80497
05/30/2025, 6:15 PMd
damp-airline-38442
05/30/2025, 6:47 PMI filed a possible enhancement, complimentary to what we discussed: https://github.com/pulumi/pulumi-kubernetes-operator/issues/937
j
jolly-area-80497
05/30/2025, 6:53 PMInteresting... I could see that being a pretty flexible solution, particularly combined with https://github.com/pulumi/pulumi-kubernetes-operator/issues/797
d
damp-airline-38442
05/30/2025, 8:36 PMPlease upvote your favorites and have a nice weekend.
damp-airline-38442
06/01/2025, 9:11 PMI'm thinking about making it possible to use the "DefaultAzureCredential", WDYT.
https://github.com/pulumi/pulumi-azure-native/pull/4174
j
jolly-area-80497
06/03/2025, 5:41 PMSorry... just saw this. Big fan of using DefaultAzureCredential. That's what I use in all of my code. No need to reinvent the wheel.