As we celebrate another incredible year in the books here at Pulumi, I wanted to share some reflections about our most exciting milestones over the past twelve months. The best part has been connecting with more customers worldwide, as we saw more than a 15x growth in our customer base, surely a sign of big things to come in 2020. We couldn’t have done it without our amazing community; thank you deeply for your continued support and passion around Pulumi’s bold mission to empower every engineer to program the cloud — you make it all worthwhile.
It’s impossible to highlight everything, but here are some of our favorite milestones:
Global community. Our community of end users grew significantly during 2019, with thousands of end users sharing best practices on our Community Slack, and we expanded our physical presence globally. This included over two dozen events from big to small, including AWS re:Invent, Microsoft Build, Google Cloud Next, KubeCon EU and NA, and many DevOpsDays, as well as several community workshops. We’ve also seen an uptick in community-led user groups and presentations, consulting and integration partnerships, and look forward to expanding our efforts here even more significantly next year. (If you ever need support/swag for your event, please contact us!)
Pulumi 2.0 roadmap. After 1.0, we published a roadmap to our next major release, Pulumi 2.0. The two themes for this release are to continue pushing the boundaries of productivity, while also giving you “belts and suspenders” for teams and enterprises. We feel this is the magic of Pulumi: the ability to simultaneously run fast and build out infrastructure productively and using the latest and greatest features in AWS, Azure, GCP, and Kubernetes … while still ensuring that security, compliance, and cost-related requirements and best practices are adhered to.
Simpler, per-user pricing. When we launched, our pricing was based on the number of stacks you have. Although our hearts were in the right place with this approach, we realized after working with customers that this could force architectural choices based on price, not what was in the best interest of teams and their projects. This didn’t feel right — we don’t want to penalize teams for doing the right thing! We rolled out per-user pricing in response and have had success with teams of all sizes — from teams of less than 5 engineers all the way up to teams of hundreds.
Pulumi Crosswalk. We introduced the Pulumi Crosswalk brand for our collection of cloud-specific higher level frameworks that simplify many common infrastructure patterns, while also including built-in best practices. Throughout the year, we’ve rounded out that support, starting with AWS, then Kubernetes, as well as some initial steps towards frameworks for Azure and GCP:
Pulumi Crosswalk for AWS simplifies common AWS patterns, including creating VPCs, ECS, EKS, and Fargate clusters, building and publishing Docker images to ECR registries, and more.
Pulumi Crosswalk for Kubernetes encapsulates battle-tested approaches to running Kubernetes clusters and related infrastructure in production. This includes playbooks for running Kubernetes in AWS, Azure, or GCP, as well as kx, a highly productive library that eliminates the “walls of YAML” boilerplate from your Kubernetes applications configurations.
Although still works in progress, Pulumi Crosswalk for Azure will include simple Azure Functions callbacks and globally distributed applications that auto-scale alongside Cosmos DB, and Pulumi Crosswalk for GCP will include simplified Google Functions.
Policy as Code (“CrossGuard”). We shipped a preview of our new policy as code support, code-named CrossGuard, which allows you to enforce policies at deployment time. CrossGuard brings the same “real language” approach we’ve used for infrastructure as code, and applies it to policy as code, enabling you to author your own rich rules to enforce security, compliance, cost, and team best practices. We open sourced previews of out-of-the-box rules by way of AWSGuard and OPA integration. CrossGuard is open source and Pulumi’s Team Pro and Enterprise tiers support advanced organization-wide controls.
.NET. We have added initial preview support for writing your infrastructure as code in any .NET Core language, including C#, F#, and VB. This covers any existing Pulumi resource provider, including AWS, Azure, GCP, as well as support for the entire Kubernetes object model. .NET, along with Go, will transition out of preview into being generally available as part of the 2.0 release.
More identity options. Out of the gate, we supported GitHub as an identity provider when authenticating with the Pulumi service. Since then, we added GitLab, Atlassian, Email, and SAML/SSO, with user guides for Azure ActiveDirectory, Google GSuite, and Okta. These all integrate with features like history/auditing, RBAC, and policy as code.
Enhanced, pluggable secrets. We heard that keeping secrets from leaking in plaintext to your start files is a challenge with current infrastructure as code tools. So, we deepend the way secrets integrate with Pulumi’s engine, including transitive encryption so that, no matter where your secret goes in your program, it won’t leak in plaintext. In addition, we added the ability to use your own secrets provider for encryption, including AWS KMS, Azure KeyVault, Google Cloud KMS, and HashiCorp Vault. This ensures you get great ease-of-use — falling into the “pit of success” with secrets — while still leveraging your existing organization’s approach.
More state storage options. Although the hosted Pulumi SaaS works great for most end users, offering the right mix of convenience and control, we understand it doesn’t work for everyone. It is now possible to store state locally using the
pulumi login --local command, or to configure Pulumi to store state in AWS S3, Azure Blob Storage, or Google Cloud Storage. Additionally, Pulumi Enterprise offers a self-hosted option, so that you can still benefit from the Pulumi SaaS’s features around identity, policies, and controls, while hosting it in your own cloud account or behind your firewall.
More CI/CD integrations. In partnership with customers, and in some cases the CI/CD vendors themselves, we have continued adding more CI/CD integrations, to enable automated delivery of your infrastructure. This includes Jenkins, Azure DevOps Pipelines, Octopus Deploy, Codefresh, and revised support for GitHub Actions.
Coexistence and conversion tools. We know that many teams have existing infrastructure in place. We want to make it a easy as possible to choose Pulumi and, as we’ve worked with major customers to transition away from existing infrastructure tools, we’ve built tools to help ease the adoption process. This includes the following approaches:
Coexist with existing infrastructure, including referencing existing Terraform remote state, deploying Kubernetes YAML as-is, deploying Kubernetes Helm charts, deploying AWS CloudFormation stacks, or deploying Azure Resource Manager (ARM) templates — in each case, enabling you to consume output properties from infrastructure deployed via other tools, for either temporary or permanent coexistence of Pulumi with these other tools.
Convert your existing infrastructure so that it comes under the control of Pulumi. This includes adopting existing cloud resources, no matter how they were provisioned (even if done manually by pointing and clicking in your cloud’s UI), as well as the tf2pulumi tool, which converts existing HCL programs to Pulumi, preserving your existing Terraform project and code structure.
Support for large-scale projects. As we’ve seen bigger and bigger Pulumi projects, we have put together guidance for multi-project approaches. This includes adding the ability for stacks to reference one another, an essential building block when, for instance, one project depends on a piece of infrastructure provisioned by another project.
Lots of providers! We’ve added more than 20 new providers for managing resources across many cloud and service providers. This includes the existing core cloud providers for AWS, Azure, GCP, and Kubernetes, in addition to newly added providers DigitalOcean, Linode, OpenStack, Packet, and vSphere. Modern cloud infrastructures include components managed by SaaS or other service providers alongside and connected to your core cloud infrastructure, and for those, we have added support for Aiven, CloudAMQP, Cloudflare, Consul, Datadog, DNSimple, Docker, Fastly, F5 BigIP, GitLab, Kafka, MySQL, New Relic, Okta, PostgreSQL, RabbitMQ, SignalFX, Spotinst, and Vault.
It’s impossible to overstate how big an impact you, the community, have had on Pulumi. In fact, every feature on this list was delivered in response to a real community, customer, or partner need.
2019 has been a major year for the Pulumi community by any measure. As we look forward, we anticipate even more accelerated growth and capabilities. We wish you all a wonderful New Year, and want to again thank you for the love and support — here’s to an incredible 2020!