aad-pod-identity VS Pulumi

Can someone please help me with a step by step guide to perform this. https://github.com/Azure/aad-pod-identity Blog I am referring: https://trstringer.com/connect-k8s-apps-msi/

Link to my direct issue on the GitHub site: https://github.com/Azure/aad-pod-identity/discussions/1320

Q: So how am I supposed to log in to Azure so that my app can obtain tokens? A: I tell devs: For local development log in to Azure CLI with your normal user account. It has Contributor over your Dev/Test subscription and you can access secrets and configuration from their Dev/Test Key Vaults. For staging and production running in Azure (in our case Docker containers running on AKS) we use User-Assigned Managed Identity and aad-pod-identity project. This managed identity has least-privilege permissions over staging and production environments to do it's job at runtime.

The existing Azure AD Pod Identity project addresses this need. However, the Azure AD workload identity approach is simpler to use and deploy, and overcomes several limitations in Azure AD Pod Identity:

As described on the documentation, azwi is the suggested approach from now on since Azure AD Pod Identity has been (somehow) deprecated as you can read on the github repo and on the blog post here.

Unfortunately, password maintenance and rotation is a chore and has to be done in both places. There are however other things that you might want to try. 1. Kerberos authentication in pure container environments. This is something you can do on any Linux environment that is connected to AD. 2. Use AAD pod identity (https://github.com/Azure/aad-pod-identity) if running from AKS, but it is still in preview.

If you are following this blog series, you should already know the benefits of using Terraform to define and deploy your AWS resources and configuration. Other IaC solutions such as AWS CloudFormation, AWS CDK, and Pulumi work the same way but differs in the programming or configuration language.

Infrastructure as Code (IaC) is an important part of any true hosting operation in the public cloud. Each of these platforms has their own IaC solution, e.g. AWS CloudFormation. But they also support popular open-source IaC tools like Pulumi or Terraform. A category of tools that also needs to be discussed is API gateways and other app-specific load balancers. There are applications for internal consumption, which can be called microservices if you have a lot of them. And often microservices use advanced networking options such as a service mesh instead of just the native private network offered by a VPC.

funny, to me systemd == no docker, no containers, just a VM.

it's my goto way to keep my programming running and have it be restarted if the vm reboots. I use VMs like "pods". I deploy code directly to the VM and run it there along with other programs. I scale up an scale down with: https://www.pulumi.com/

Pulumi — Modern infrastructure as a code platform that allows you to use familiar programming languages and tools to build, deploy, and manage cloud infrastructure.

A move like this may have an impact in other open source projects. Take Pulumi, for instance, people might avoid choosing it now that the Linux Foundation have its own IaC tool, and for newer, smaller projects it will probably be impossible to compete with a project under the Linux name.

Another alternative to writing an operator would be to rely on kustomize or https://www.pulumi.com/.

Pulumi

Would it make sense to say Dagger is to Pulumi [1], as Terraform is to Togomak?

[1]: https://www.pulumi.com/

Infrastructure as Code (IaC): Define your infrastructure using code (IaC) to automate the provisioning of resources such as virtual machines, load balancers, and databases. Tools like Terraform, Pulumi, and AWS CloudFormation can help.