Pulumi Cloud self-hosted network requirements
Self-hosting is only available with Pulumi Business Critical. If you would like to evaluate the self-hosted Pulumi Cloud, sign up for the 30-day trial or contact us.
The containers running the self-hosted Pulumi Cloud require several kinds of incoming and outgoing network access as well as access to various services depending on where you’re deploying it to.
The self-hosted Pulumi Cloud comprises three containers, the API, the Console and the Migrations containers.
The self-hosted Pulumi Cloud can be hosted in an air-gapped environment.
Ingress
Source - CLI/end user
- 443: Access to the self-hosted Pulumi Cloud application (HTTPS)
- 80: Redirect to port 443 (HTTP to HTTPS)
Source - Console component
- 8080: Access to API component (HTTP)
Egress
Destination - state storage
- Relevant storage medium
- AWS S3 Service
- Azure Blob Storage Service
- Google Cloud Storage
- S3 compatible storage
Destination - MySQL Database
- 3306: MySQL database
- 25: SMTP for outgoing email (if used)
- 465: SMTP over TLS for outgoing email (if used)
- 587: SMTP over TLS for outgoing email (if used)
Destination - Docker Services
- hub.docker.com
- index.docker.io
- auth.docker.io
- registry-1.docker.io
- download.docker.com
- production.cloudflare.docker.com
Destination - Additional outbound targets
These depend on what services you are using:
- Login/Auth services if SAML is configured
Thank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.