if it was me, and i was writing from scratch, and I use Salt to manage the cluster itself--it handles very well configuring and managing long-lived VMs, and even provides building blocks for automation, monitoring etc. I would then use pulumi to deploy applications to that fabric--it handles cloud-native service configuration very well, were you need to say "make sure this service exists" and things like on-going operational concerns are completely handled for you. That said, neither of those assumptions apply to you (you are not me, and you are not starting from scratch), and tbh I'm not sure how to get pulumi to do salt's/ansible's/puppet's job.

We use Salt pretty affectively to do this, works really well.

i love salt to bits and I think it's an excellent compliment to pulumi