https://pulumi.com logo
Join Slack
Powered by
Hello, How do you use Pulumi, in a pipeline (for ...
# general
w
Hello, How do you use Pulumi, in a pipeline (for example GitLab), from terminal, or may be from some GUI tool? I want to know best practice.
l
All cases are different. There's isn't a best, just a best for you. (And sometimes, not even that.. there may be trade-offs.)
Putting Pulumi in a regularly-triggered pipeline is a goal. Your ways of working would have to be quite mature to support that. Most orgs demand gate controls in front of most environments, so manual (or at least, manually-triggered) deployments are more common.
I've been using Pulumi for years, and Terraform before that, and still haven't managed to convince anyone to put a prod env into a fully automatic pipeline. True CD is still a (pipe)drream.
d
We have production in a pipeline here, however it's comment controlled instead of merge based
l
Very mature. And shows great trust in users with the power to comment! (And in the tests that have passed to get the PR to a state that a deployment is kicked off.)
d
Pipelines won't run until the PR is "mergeable", so still goes through the standard review + testing processes. We just recognise that things can go wrong, and it's easier to fix a PR than 
main
+ let's us deal with state moves or destroying resources with comments
We do it this way because we have different types of users. IAM can't be controlled by users, it has to follow review processes so only an SA is allowed control. Then there's the infra admins, who can do local IaC applies for testing purposes, or clickops for experiments. Then app engineers, who sometimes need to configure things in IaC. They'll have enough perms to plan locally, but not apply
11 Views
Open in Slack
PreviousNext
Powered by