Hello there! I am moving from yaml based k8s configurations to pulumi. Right now I have a google cloud managed k8s fleet using its managed gateway API (multicluster global external LB) to load balance between many clusters, one for each region we need to be deployed. Given my fleet master holds configurations for my production environment routing, I want to be sure adding more clusters to the fleet will not harm the production environment. So: 1. have yout tried to manage GKE Gateway API with pulumi? 2. and what are the best practices to make sure one pulumi stack doesn't interfere in other environments given we have shared infrastructure between them?

re: 1, the gateway API isn’t currently part of the provider SDK (https://github.com/pulumi/pulumi-kubernetes/issues/2854), but you should be able to use CustomResources to work with it. you can also look into crd2pulumi. re: 2, you could compose your shared infrastructure into a stack that the others reference.

@hallowed-photographer-31251 Thank you for the reference! This generation tool looks very good. When I tried importing the master cluster from our current infrastructure to reuse it, I got some warnings:

Type                      Name           Plan       Info
     pulumi:pulumi:Stack       verisoul-main
 =   └─ gcp:container:Cluster  master         import     17 warnings

Diagnostics:
  gcp:container:Cluster (master):
    warning: One or more imported inputs failed to validate. This is almost certainly a bug in the `gcp` provider. The import will still proceed, but you will need to edit the generated code after copying it into your program.
    warning: gcp:container/cluster:Cluster resource 'master' has a problem: Conflicting configuration arguments: "network_policy": conflicts with enable_autopilot. Examine values at 'master.networkPolicy'.
    warning: gcp:container/cluster:Cluster resource 'master' has a problem: Conflicting configuration arguments: "default_max_pods_per_node": conflicts with enable_autopilot. Examine values at 'master.defaultMaxPodsPerNode'.
    warning: gcp:container/cluster:Cluster resource 'master' has a problem: Conflicting configuration arguments: "workload_identity_config": conflicts with enable_autopilot. Examine values at 'master.workloadIdentityConfig'.
    warning: gcp:container/cluster:Cluster resource 'master' has a problem:
...

Do you think applying the code generated with all this warnings is risky? Also, using Get is probably a better option, right?

i would always recommend trying migrations like this in a test environment before going to prod! re: get, that depends on whether or not you want pulumi to “take over” the thing’s lifecycle. if you want pulumi to “own” the thing, then importing makes sense.

Right. It would be good to have everything managed by pulumi, but in this case it will be good to get started having a readonly external resource. Thank you @hallowed-photographer-31251