Please excuse the length of this post, but I'm trying to better understand what approach to take when using Pulumi. Although I'm very familiar with cloud architecture, I'm not usually the one setting up IaC configurations. I'm looking at Pulumi's concept of Project and Stack and it seems that one rough parallel might be App and Environment. So I might have a project for the SuperCool app and I deploy that to several different environments (stacks), like PROD, DEV, STAGING, etc. This seems pretty straight forward if I assume that all the infrastructure is roughly the same across stacks, although I may omit/add certain components depending on the environment. But what about aspects of the architecture that are shared across environments? For example a container registry that all environments need to be able to pull from? Or a database cluster that is shared amongst several non-production environments? What is the approach there? Do we just create a stack (ex. "shared") that houses those components?

i think that is the recommended approach, and then use a stack reference

OK, thanks for the response. It seemed like the way to go, but wanted to be certain before I got too far into it!

Yes, you have the basic idea right. If you're a sufficiently large org, you might have your IaC architected like this: • network project (dev/stage/prod stacks) • K8s cluster project (dev/stage/prod stacks) • 1 project per K8s workload (dev/stage/prod stacks) k8s workloads would have a stackref to k8s clusters to get the kubeconfig, k8s cluster would have a stackref to the network project to get the vpc and subnet ids.