Pulumi Crosswalk for Kubernetes

Production-Ready Kubernetes for Teams

Work as a team to deliver Kubernetes to any cloud, AWS, Azure, Google Cloud, or private.

Pulumi Crosswalk for Kubernetes Architecture

Create, deploy, and manage clusters in any cloud, including Amazon EKS, Azure AKS, and Google Cloud GKE. Leverage built-in security, scale, and manageability.

Easy Development

Eliminate walls of YAML and mountains of Bash, using real programming languages and world class tools. Share and reuse patterns with a growing community of practitioners.

Operational Insights

Continuously deliver your applications and infrastructure, and tackle Day Two and beyond challenges. Gain operational insights in realtime using Cloud Query Language (CQL).

Playbooks for Infrastructure

Create, deploy, and manage production-ready infrastructure leveraging hosted Kubernetes offerings such as Amazon Elastic Kubernetes Service (EKS), Azure Kubernetes Service (AKS), or Google Kubernetes Engine (GKE). Benefit from tried-and-true Day Two and beyond integrations and playbooks, improving your organization's security, manageability, and cost effectiveness.

With Pulumi's unique approach to infrastructure as code, you'll focus more on code and business logic, and less on YAML or DSL configuration languages.

Get Started

import * as gcp from "@pulumi/gcp";
import * as k8s from "@pulumi/kubernetes";

// Create a GKE cluster.
const cluster = new gcp.container.Cluster("gke-cluster");

// Create a performant node pool in the cluster.
const performantNodes = new gcp.container.NodePool("performant-nodes", {
    cluster: cluster.name,
    nodeConfig: {
        machineType: "n1-standard-16"

// Create an Apps namespace.
const appsNamespace = new k8s.core.v1.Namespace("apps");

// Create a quota.
const quotaAppNamespace = new k8s.core.v1.ResourceQuota("apps", {
    spec: {
        hard: {
            cpu: "200",
            memory: "1Gi",
            pods: "10"

// Create a restrictive PodSecurityPolicy.
const restrictivePSP = new k8s.policy.v1beta1.PodSecurityPolicy("restrictive", {
    spec: {
        privileged: false,
        runAsUser: {
            rule: "RunAsAny"
        fsGroup: {
            rule: "RunAsAny"
        seLinux: {
            rule: "RunAsAny"
        supplementalGroups: {
            rule: "RunAsAny"

Simplified Application Configuration

Using libraries, you can focus on the most important parts of your application configuration, eliminating toil and boilerplate. Instead of walls of YAML and mountains of Bash, you can write infrastructure as code in a general purpose language, benefiting from world class tools and ecosystems.

Pulumi's unique approach to infrastructure as code means you can also leverage highly configurable and extensible components to enforce best practices within your team.

Get Started

import * as kx from "@pulumi/kubernetesx";

// Define a Pod.
const pb = new kx.PodBuilder({
    containers: [{
        image: "nginx"

// Create a Kubernetes Deployment using the previous Pod definition.
const deployment = new kx.Deployment("nginx", {
    spec: pb.asDeploymentSpec()

// Expose the Deployment using a load balanced Kubernetes Service.
const service = deployment.createService({
    type: kx.types.ServiceType.LoadBalancer,

Pulumi enables our teams to deploy, scale and manage Kubernetes clusters in a fraction of the time that it took them previously, by giving them the ability to work with the languages they already know, bypassing YAML and unwieldy DSLs. It helps bring together application and infrastructure developers by eliminating silos and reducing friction in their workflows and interactions. We're excited that Pulumi Crosswalk for Kubernetes will simplify our infrastructure provisioning even further, advancing application lifecycle management throughout our organization.

Fernando Carletti

Head of DevOps