Infrastructure CI/CD

Shifting left infrastructure

Infrastructure CI/CD (aka Infrastructure Shift Left or GitOps) is the process of automating the testing, provisioning, and management of infrastructure through a software delivery pipeline. This starts with Infrastructure as Code (IaC), which is provisioning and managing infrastructure through definition files (e.g. templates or code) and stored in version control systems. IaC provides automation to provision infrastructure and increases delivery velocity by removing the risk of human errors. Infrastructure CI/CD further automates infrastructure provisioning and management by building the entire IaC process into a CI/CD pipeline. All infrastructure updates run through a standard set of unit and integration tests, allowing reduced errors, greater security, and increased delivery velocity.

Reference Architecture

Why Infrastructure CI/CD?


Increase release velocity

Application changes with their corresponding infrastructure changes can all share one automated pipeline, reducing complexity and increasing release velocity.

Increase reliability

Every infrastructure update is run through a standard set of unit and integration tests, identifying and addressing bugs earlier and increasing reliability.

Reduce mean time to resolution

Small code changes are encouraged which reduces the scale of infrastructure changes and isolates faults, which reduces the mean time to resolution.

How Pulumi helps

Unified delivery pipeline

Pulumi allows the same programming languages used for application code to be used for infrastructure. This allows teams to leverage the same testing frameworks and same delivery process for both.

Shareable infrastructure components

Pulumi provides a shared way for teams to collaborate with each other on infrastructure through modular and reusable components that can easily be built and shared across the entire organization.

Higher order automation

You can increase automation across the entire lifecycle of your cloud infrastructure. You can program logic that orchestrates complex workflows during infrastructure provisioning instead of needing to use Bash scripts or glue code. In addition to its CLI, Pulumi provides the Automation API, a programmatic interface for IaC, so you can build applications that dynamically manage infrastructure.

GitOps Workflow Reference Architecture

1. Pick an execution platform

There are many methods by which you can execute a Pulumi program. You need to pick a platform from which Pulumi programs will execute.

2. Define the environment/branching strategy

Define whether you want one git repo to represent your entire infrastructure or whether you want a stack per branch. The advantage of the former is simplicity while the advantage of the latter is more granularity in control over stack deployments.

3. Build the pipelines

Based on the branching strategy you chose, you can configure a pipeline per stack or a single pipeline that chooses stacks based on deployment flags.

4. Incorporate software development best practices

Legacy IaC tools can run in CI/CD, however with Pulumi, you can incorporate in all the best practice software development practices such as testing. You can design what you want to test in terms of quality issues, deployment issues, and/or code quality checks.

5. Define higher-level workflows

With Automation API, you can build higher-order orchestration type workflows across all your infrastructure deployments. You can build in serial or branching dependencies that are connected together via StackReferences.

Organizations practicing infrastructure CI/CD with Pulumi

Getting started

Talk with solution engineering

Schedule some time with our solution engineering team, and we will help you automate your entire infrastructure provisioning and management through a CI/CD pipeline.

Schedule now