bright-vase-36130
06/18/2018, 4:26 PMsparse-helmet-62296
06/19/2018, 7:54 AMsparse-helmet-62296
06/19/2018, 7:54 AMquick-football-95839
06/19/2018, 10:07 AMstocky-spoon-28903
06/19/2018, 2:11 PMgreen-pager-56999
06/19/2018, 7:16 PMblue-answer-29496
06/20/2018, 4:01 AMwhite-balloon-205
.getXYZ
function available in the libraries which can be used to lookup existing resources. See for example https://pulumi.io/reference/pkg/nodejs/@pulumi/aws/ecs/#getCluster. You can see an example of using this sort of API here: https://github.com/pulumi/pulumi-aws-infra/blob/master/nodejs/aws-infra/network.ts#L94.blue-answer-29496
06/20/2018, 4:08 AMblue-answer-29496
06/20/2018, 4:10 AMwhite-balloon-205
pulumi update
soon. Once you have that, you can deploy any Kubernetes services you want onto it easily by using @pulumi/kubernetes
.blue-answer-29496
06/20/2018, 4:15 AMwhite-balloon-205
@pulumi/cloud
library in particular is designed to be high-level abstractions which could be created on multiple different cloud platforms. But that's just one kind of library that can be built. Things like @pulumi/aws-serverlesss
and @pulumi/aws-infra
provide helpful higher level abstractions that are still specific to AWS but making common patterns much easier to use.white-balloon-205
@pulumi/cloud
for AWS currently, and are starting to work on Azure and GCP. If others are interested in helping there - let us know!blue-answer-29496
06/20/2018, 4:35 AMwhite-balloon-205
import * as pulumi from "@pulumi/pulumi";
import * as jenkins from "./jenkins";
const config = new pulumi.Config("jenkins");
const instance = new jenkins.Instance("jenkins", {
name: "jenkins",
credentials: {
username: config.require("username"),
password: config.require("password"),
},
resources: {
memory: "512Mi",
cpu: "100m",
}
});
/cc also @creamy-potato-29402 who has been doing a bunch of work in this area and probably has more thoughts as well.blue-answer-29496
06/20/2018, 4:45 AMstocky-spoon-28903
06/20/2018, 4:47 AMbig-soccer-75859
06/20/2018, 2:19 PMbig-soccer-75859
06/20/2018, 2:21 PMbig-soccer-75859
06/20/2018, 2:22 PMbig-soccer-75859
06/20/2018, 2:24 PMbig-piano-35669
pulumi config set ... --secret
, we will encrypt that config value using KMS, and a stack-specific application key, and store the encrypted result instead of plaintext. This is clearly weaker than storing in one of the above systems and doing decryption as late as possible at runtime, with full auditing of all accesses, but it is good enough for some users and some classes of passwords, tokens, and the like.
I couldn't find the work item on our side to make this pluggable, so just filed https://github.com/pulumi/pulumi/issues/1547. This has come up twice in the past 24 hours, so I suspect we'll want to get this on the roadmap (...which we'll be publishing next week, by the way.)white-balloon-205
config
settings. And in fact this is a place where you can really benefit from infra + code being managed together to provision and configure the Secrets Manager along with the code that uses secrets from it. The work @big-piano-35669 is referring to is to make this sort of workflow something you can use directly from the Pulumi config system, which will make it easier - but it's absolutely possible to use any of these systems with Pulumi today.stocky-spoon-28903
06/20/2018, 3:57 PMbig-soccer-75859
06/20/2018, 3:58 PMbitter-oil-46081
06/20/2018, 3:58 PMbitter-oil-46081
06/20/2018, 4:00 PM