We recently announced the 2.0 release of Pulumi which includes parity for Node.js (JavaScript, TypeScript), Python, .NET (C#, F#, etc) and Go, and improvements to Kubernetes and dozens of other supported cloud resource providers.

Kubernetes support in Pulumi spans orchestration of clusters and application workloads. Clusters can be managed by cloud providers or self-managed. Workloads use the same Kubernetes API to create and manage API resources in the supported Pulumi languages through packages directly generated from the OpenAPI specification.

Read more →

You’ve containerized your application, and it’s running great on your desktop using Docker Compose or Swarm. But now it’s time to test it locally with minikube and then put it into production with Kubernetes. Manifests are a bit like Compose files - it’s just YAML, right?

Read more →

Amazon EKS clusters can use IAM roles and policies for Pods to assign fine-grained access control of AWS services. The AWS IAM entities map into Kubernetes RBAC to configure the permissions of Pods that work with AWS services.

Together, AWS IAM and Kubernetes RBAC enable least-privileged access for your apps, scoped to the appropriate policies and user requirements.

Read more →

Guest Article: Dustin Farris is an experienced cloud engineering consultant. He’s currently building a new data lake for a large public university using Pulumi. The project handles sensitive student and research data and as a result, his team must meet stringent QA and security requirements. Dustin shows how resource mocking in Pulumi makes testing and verification faster than ever before.

Read more →

Pulumi is honored to be named as one of only three vendors in the 2020 Gartner Cool Vendor for Agile and DevOps report, published on May 28th, 2020. Being recognized in this way is a strong validation of Pulumi’s impact thanks to our more modern approach to Infrastructure as Code and approaches to building cloud software. Vendors can only be selected once and in only one category making this an exclusive award.

Read more →

Writing infrastructure policy in a high-level programming language helps automate and enforce best practices. When policies are written with code, you can apply software development practices such as testing, automated deployment, and version control. Cloud providers typically offer a GUI to create policies, but creating policies is not easily repeatable, nor can you version policies. Moreover, policies must be tested against a live system, which means using an existing system or configuring and deploying an ephemeral version.

While the benefits of writing policies as code are evident for developers and operators, the organizational benefits are even more significant. Organizations can realize cost savings, improved compliance, efficient deployments, fine-grained control over infrastructure, and better use of cloud provider native resources. Let’s take a look at these benefits in-depth.

Read more →

Because Pulumi uses general-purpose programming languages to provision cloud resources, you can take advantage of native tools and perform automated tests of your infrastructure. The full power of each language is available, including access to libraries and frameworks for testing.

This blog post takes a deeper dive into mock-based unit testing of Pulumi programs written in C# and F#.

Read more →

Over the last 10 years, Go has quickly become the “language of the cloud” for building application servers and services that run in and on today’s cloud platforms. With Pulumi 2.0, Go can also be used to manage and provision modern infrastructure as well. Across any cloud (AWS, Azure, GCP, Kubernetes and more than 50 others!) and across a variety of workloads (containers, serverless, kubernetes, core infrastructure and more), you can now use the rich software engineering strengths of the Go language and ecosystem to manage your cloud infrastructure. The Pulumi open source project itself has been built on Go from day 1, and so we’re really excited to bring full Go support for cloud infrastructure as code to the same language ecosystem that Pulumi itself has been part of.

Read more →

This article is the third part of a series on best practices for securely managing AWS credentials on CI/CD. In this article, we cover the last leg of the continuous delivery process to update your AWS resources and how to store sensitive data using Pulumi securely.

Read more →

This is the fifth and last installment of the Architecture as Code series. In previous articles, we examined how to create reusable components for the primary architectural patterns for cloud infrastructure. Starting with virtual machines, we examined how to create and configure VMs. In the follow-up article, we demonstrated how to create reusable components from resources that comprise a microservices architecture. After microservices, we looked at serverless architecture, which despite its name, also requires additional resources to deploy a function or application. In this article, we’ll look at deployment patterns for Kubernetes with a focus on multi-tenancy issues.

Read more →