At KubeCon Salt Lake City 2024, Pulumi announced significant enhancements to the Kubernetes ecosystem. Key improvements include major updates to the EKS provider supporting Amazon Linux 2023 and Security Groups for pods, the release of Pulumi Kubernetes Operator 2.0 with dedicated workspace pods, Pulumi ESC integration with External Secrets Operator, and a new Kubernetes-native deployment agent for enhanced security and scalability. These updates, alongside improvements to Helm Chart resources, enhanced await logic, and better CustomResource support through
crd2pulumi, strengthens Pulumi's commitment to providing developers
with robust, enterprise-grade tools for managing Kubernetes
infrastructure.
"Pulumi's deep integration with the CNCF ecosystem underscores our commitment to modern cloud infrastructure management," says Eric Rudder,
co-founder of Pulumi. "Our approach of embracing the great work done by
open-source communities, using the most popular programming languages
and enhancing these efforts with enterprise-grade security and
scalability features, enables organizations to manage infrastructure at
incredible scale. Working closely with the CNCF and supporting the
entire cloud-native stack, we're not just building tools - we're
advancing the entire community towards a more efficient, secure, and
collaborative future."
Managing
Kubernetes workloads are increasingly complex because they rely on
numerous different CNCF products and span multiple clouds. This
complexity creates significant challenges for managing infrastructure,
securing cloud workloads, and gaining visibility across all Kubernetes
resources and infrastructure.
Managing
infrastructure has become progressively more time consuming and
complicated, especially with legacy tools that weren't designed to
handle hundreds or thousands of Kubernetes resources spread across
multiple clusters. Teams often struggle with large, complex YAML
configurations and domain-specific languages (DSLs) that are restrictive
and fail to scale effectively.
Pulumi
Infrastructure as Code (IaC) offers a modern solution to these
challenges. Instead of specialized languages, teams can program both
their cloud infrastructure and Kubernetes resources using familiar,
general-purpose programming languages, enhanced by generative AI
capabilities. For instance, setting up managed Kubernetes services like
Amazon EKS can be accomplished with just a single line of code: cluster =
eks.Cluster("my-cluster").
The
latest Pulumi EKS v3 provider brings several important improvements. It
now supports Amazon Linux 2023 and Bottlerocket Operating Systems,
while adding enhanced security features including EKS Security Groups
for Pods and Network Policies. The provider also streamlines various
Kubernetes networking features by integrating them directly with EKS.
For
teams looking to implement GitOps workflows, the Pulumi Kubernetes
Operator has been updated to version 2. This new version introduces
dedicated "workspace" pods for each stack, providing teams with greater
isolation between workloads, improved scalability, and more granular
access control over their infrastructure resources.
Poor
secrets management creates critical security risks through static and
sprawling secrets and configurations. Pulumi Environments, Secrets, and
Configuration (ESC) solves this by centralizing secrets management and
orchestration. Through native integration with Kubernetes' External
Secrets Operator (ESO), Pulumi ESC now securely injects secrets directly
as environment variables into Kubernetes applications, making secure
secrets management seamless and foolproof.
"ESC is very practical for centralizing configuration or secrets in environments that can inherit from each other," says Alexandre Nedelec,
a software engineer at Avanade. "It is very convenient to use it to get
secrets from other stores like Azure Key Vault or 1Password, and the
integration with OIDC allows easy retrieval of short term cloud access
tokens, following security best practices."
Organizations
today face a massive challenge: making sense of millions of cloud
resources spread across hundreds of Kubernetes clusters, clouds,
regions, and accounts. Pulumi Insights tackles this complexity by
providing unified search, compliance remediation, and visualization
capabilities for all infrastructure resources - whether they were
provisioned through Pulumi, Kubernetes YAML, Terraform, or cloud
consoles. With the AI-powered Pulumi Copilot, teams can now discover
cost savings, run compliance checks, and debug deployments across their
entire infrastructure simply by asking questions in natural language.