Kubernetes
Manage Kubernetes clusters, deploy application workloads, and drive in-cluster automation with Pulumi. This page links to every Pulumi capability for Kubernetes: Infrastructure as Code, the Pulumi Kubernetes Operator, and ESC integrations.
To start from scratch, follow the Kubernetes get-started guide.
Infrastructure as Code
Pulumi IaC lets you define cloud infrastructure using TypeScript, Python, Go, C#, Java, or YAML — with deterministic deployments, a state backend, and a rich ecosystem of packages.
- Kubernetes provider — provision any resource available in the Kubernetes API.
- Helm charts — deploy Helm charts via the Kubernetes provider, with full lifecycle management and value inputs as typed Pulumi resources.
- Kubernetes YAML manifests — apply existing YAML manifests (single file or a whole directory) through the Kubernetes provider without rewriting them.
- Kubernetes Cert Manager — higher-level component for installing cert-manager.
- Kubernetes CoreDNS — higher-level component for installing CoreDNS.
- Docker — build and push Docker images to any registry.
- crd2pulumi — generate typed SDKs for Kubernetes Custom Resource Definitions.
Cluster management packages
Use a cloud provider package to create and manage Kubernetes clusters on your preferred infrastructure:
- Amazon EKS — high-level EKS component.
- AWS provider — lower-level EKS resources.
- Azure Native provider — for AKS.
- Google Cloud provider — for GKE.
- DigitalOcean provider — for DigitalOcean Kubernetes.
Pulumi Kubernetes Operator
The Pulumi Kubernetes Operator enables Kubernetes users to create a Pulumi Stack as a first-class API resource, with a controller that drives updates to success. This lets you build CI/CD and automation into your clusters and manage infrastructure alongside your Kubernetes workloads. See the GitHub repository for source and releases.
Architecture templates
Pulumi templates are ready-to-deploy starting points for common architectures. Run pulumi new <template> to bootstrap a new project.
Start new Kubernetes projects from a pre-built template:
- Kubernetes cluster on AWS
- Kubernetes cluster on Azure
- Kubernetes cluster on Google Cloud
- Helm chart on Kubernetes
- Web application on Kubernetes
Secrets & configuration (ESC)
Pulumi ESC (Environments, Secrets, and Configuration) is a centralized service for managing secrets, configuration, and short-lived credentials. It integrates with Kubernetes to deliver ESC-managed values into cluster workloads.
- Kubernetes cluster access — centrally manage kubeconfig files and cluster credentials for
kubectl,helm, and Pulumi programs. - Kubernetes External Secrets Operator integration — sync Pulumi ESC values into Kubernetes secrets via External Secrets Operator.
- Kubernetes Secret Store CSI driver integration — mount ESC values into pods via the Secret Store CSI driver.
Policy packs
Pulumi Policies lets you enforce rules on infrastructure at preview and update time, rejecting stacks that violate security, cost, or compliance standards. Pre-built policy packs are maintained by Pulumi and cover common regulatory and best-practice frameworks.
For Kubernetes:
- CIS Kubernetes Benchmark on AWS — for EKS.
- CIS Kubernetes Benchmark on Azure — for AKS.
- CIS Kubernetes Benchmark on Google Cloud — for GKE.
Migration
Migrate existing Kubernetes infrastructure from another IaC tool to Pulumi.
- From Kubernetes YAML — convert YAML manifests to Pulumi programs in your preferred language.
- From Terraform — convert Terraform HCL and state to Pulumi.
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.