11/13/2022, 5:51 PM
This video helps shed some light on the biggest question I have with Pulumi: how do infrastructure deployments relate to application/code deployments? The two scenarios (deploying infrastructure in the same or different lifecycle as application code) and scenario implementation options helps illuminates what is feasible, but I’m still left wondering what the different considerations pros/cons would be of each different scenario and implementation options. Is there any written guidance or other resources that would help further illuminate this?



11/22/2022, 10:19 PM
I don't know of any resources that talk about it. From my personal experience, it's primarily a balance of ease of updates versus safety.
If everything is together, then updates are easy no matter what kind they are - changes get merged, deploy runs. This makes it a lot easier to do things like roll out infrastructure changes across a large fleet, because you can just make the change and it gets picked up in each service the next time they deploy. For this to work though, you need to have good enough automatic monitoring that if it breaks something, the people deploying it will know and be able to roll back, whether or not they have the full context (usually they are either ops folks who don't have the app's context, or devs who don't have the context of the infra change).
Separating the two is safer if you don't have those guard rails yet, because it ensures that when a junior developer is deploying a small change to their app, there's no chance it's going to also like, delete the cluster. People who own the infra do infra deployments, people who own the app do app deployments.
That does require some coordination, and especially it can be hard when you have dependencies between them.